[Samba] smbldap and samba as a PDC
LiPi -
lipixx at gmail.com
Fri Mar 20 17:49:46 GMT 2009
Hi people, first of all, thank you for the quick answers.
This morning I have been trying some things.
1. smbldap configure script: I remember that one week ago I installed
an old debian and I tried it but don't ask me for the results... I
will retry on monday.
2. The SID is obtained with "net get localsid" and is the same that
the one represented in sambaDomain=TESTING, it's also in all the
config files it must be.
3. smbldap-tools is installed from ubuntu sources. It install all the
required packages and dependencies and it works fine. Despite of these
I will revise if all the
dependencies are ok. I tried smbldap-tools from .tar.gz and gave the
same result.
4. I was thinking about a rights problem. I have a user called
"administrador" that have uid=0, "sambaSid"-0 and group "sambaSid"-512
and it's in the Users org. u. in Ldap.
When I try a net rpc join -U administrador, the error shown with
manual command is:
Error: modifications require authentication at /usr/share/perl5/
smbldap_tools.pm line 1083.
So I modified /etc/ldap/slapd.conf adding the following:
allow update_anon
Then it throws:
Error: Insufficient access at /usr/share/perl5/smbldap_tools.pm line
1083.
Is smbldap-tools trying an anonymous access?
Let's try one thing in slapd.conf:
access to *
by dn="cn=admin,dc=testing,dc=sistemas,dc=upc,dc=es" write
by * write
and then, manually smbldap-adduser -w machine$, and the machine
account is then created!!!
Problem1:
I can't give write acces to * as you can understand.
Problem2:
Althought the machine is created, it hasn't got the samba attributes
in Ldap, and then M$Windows nor linux recognize it.
Question1:
How can I know the user which smbldap is attempting to use to log in
ldap server?
I looked smbldap_bind.conf (both /etc/smbldap-tools and
/etc/opt/IDEALX/smbldap-tools/ .. the last doesn't exist) and there
are the correct
slaveMaster, master, and password settings.
Question2:
Do you think that smbldap-tools is not seeing correctly the samba
schema from ldap? or something similar?
Thank you all.
-----
If I can solve the problem I think it would be very useful for a lot
of people, look these:
http://lists.samba.org/archive/samba/2005-July/107814.html
http://linux.org.ar/pipermail/lugar-gral/2006-December/036667.html
https://lists.warp.es/pipermail/ebox-user/2007-February/000211.html
https://projects.warp.es/projects/ebox-platform/wiki/Document/FAQ/HowToSetPDCSupportOnEBox
<-- he solves it with giving rights to admin from ebox.
http://edin.no-ip.com/content/egroupware-ldap-debian-lenny-mini-howto
https://lists.warp.es/pipermail/ebox-user-es/2006-April/000037.html
2009/3/20 Wikked one <wikked1 at hotmail.com>:
>
> LiPi,
> I too have user smbldap-tools with good success.
> There is a nice little installer package (smbldap-configure)
> that simplifies this process a little bit...
> you can find a version that may be suitable for use here
> http://majen.net/smbldap/
>
> On another note this looks vaguely familiar and I think it's related to the SID in
> one of the smbldap.conf or the smbldap_bind.conf files...but that's pure guess on my part but it might be worth
> confirming your SID matches in all your config files.
>
>
>
>> Date: Fri, 20 Mar 2009 09:20:31 -0500
>> From: jht at samba.org
>> To: awilliam at mdah.state.ms.us
>> Subject: Re: [Samba] smbldap and samba as a PDC
>> CC: samba at lists.samba.org
>>
>> Adam Williams wrote:
>> > i never could get smbldaptools to work properly (on fedora and centos),
>> > i always got various perl errors. i just create the machine accounts by
>> > hand.
>>
>> LiPi/Adam,
>>
>> I have used smbldap-tools since the first version. This tool is your
>> friend so long as its dependencies are met. Where its dependencies are
>> not met it can be difficult to diagnose what is missing. Have you
>> checked the smbldap-tools documentation to see which perl modules are
>> required? Have you checked to ensure that these perl modules are
>> installed on your system?
>>
>> Did you install the appropriate Linux distro package, or did you install
>> it by hand?
>>
>> 1) If you elected to install by hand you will have to manually satisfy
>> all perl module dependencies. You may have to use: "perl -MCPAN -e
>> shell" as the means of installing the missing perl modules.
>>
>> 2) If you installed from the official distro packages, please contact
>> the package maintainer regarding correct procedures to ensure that all
>> dependencies are met.
>>
>> I used smbldap-tools in Samba3-ByExample. Have you checked how it is
>> used in this book? I used SUSE Linux in the book, but that is pretty
>> close to Fedora Core. Ubuntu can be a little more challenging, suggest
>> you ask on the ubuntu mailing list.
>>
>> Cheers,
>> John T.
>>
>> > LiPi - wrote:
>> >> Hi people, I have a problem with samba, openldap and the creation of
>> >> machine
>> >> accounts.
>> >> I don't know if here is a good place to ask but I don't receive help in
>> >> other places.. I read many guides, howto's, etc. but
>> >> I can't get around with the solution...
>> >>
>> >> I have seen an older message to another list (mail.gna.org) asking
>> >> for the
>> >> same problem that I have, it was:
>> >>
>> >> - [Smbldap-tools-tech] Problem creating machine
>> >> accounts<https://mail.gna.org/public/smbldap-tools-tech/2008-09/msg00001.html>,
>> >>
>> >> *Jonathan Warrington (September 24, 2008 - 19:24)*
>> >>
>> >> I didn't know if Jonathan received a response, but I have two
>> >> problems, one
>> >> is exactly the same that's described there, and the other is explained as
>> >> follows:
>> >>
>> >> I have samba + ldap PDC with smbldap-tools, and when I try to join the
>> >> domain I get these error:
>> >>
>> >> root at patata:/# net rpc join -U administrador
>> >> Password:
>> >> Creation of workstation account failed
>> >> Unable to join domain TESTING.
>> >>
>> >> If I take a look to the logs...:
>> >> 2009/03/19 20:18:42, 0] passdb/pdb_interface.c:pdb_
>> >> default_create_user(329)
>> >> _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
>> >> patata$' gave 127
>> >>
>> >> Then manually, smbldap-useradd -w patata$:
>> >> Error: modifications require authentication at /usr/share/perl5/
>> >> smbldap_tools.pm line 1083.
>> >>
>> >> And if I create the machine account from phpldapadmin, it works
>> >> perfectly.
>> >>
>> >> What can I do? I tried:
>> >> net -U administrador%XXXX rpc rights grant 'TESTING\smbadmins'
>> >> SeMachineAccountPrivilege,
>> >>
>> >> also tried to modify smbldap.conf and smbldap_bind.conf, and I got
>> >> nothing...
>> >>
>> >> I followed many howto's and surelly there is something that i'm not
>> >> understanding, but I don't know what. Any suggestion would surely be
>> >> helpful.
>> >>
>> >> getent passwd and getent group works well. If I try to add a machine
>> >> account
>> >> from phpldapadmin, all goes right.
>> >>
>> >> This is my smbldap config:
>> >> http://pastebin.ca/1365687
>> >>
>> >> And this my smb.conf:
>> >> http://pastebin.ca/1365698
>> >>
>> >>
>> >> Thank you all.
>> >>
>> >> LiPi
>> >>
>>
>>
>> --
>> John H Terpstra
>>
>> "If at first you don't succeed, don't go sky-diving!"
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>
> _________________________________________________________________
> Windows Live™ SkyDrive: Get 25 GB of free online storage.
> http://windowslive.com/online/skydrive?ocid=TXT_TAGLM_WL_skydrive_032009--
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list