[Samba] Adding users with ldif file

Rowland penny rpenny at samba.org
Sat Jul 18 13:53:26 UTC 2020 

On 18/07/2020 14:47, RhineDevil wrote:
> Sat, 18 Jul 2020 14:41:31 +0100 Rowland penny via samba <samba at lists.samba.org>:
>> On 18/07/2020 14:30, RhineDevil wrote:
>>> Sat, 18 Jul 2020 14:19:25 +0100 Rowland penny via samba <samba at lists.samba.org>:
>>>> On 18/07/2020 13:52, RhineDevil wrote:
>>>>> Fri, 17 Jul 2020 19:44:37 +0100 Rowland penny via samba <samba at lists.samba.org>:
>>>>>> On 17/07/2020 19:31, RhineDevil via samba wrote:
>>>>>>> And by that I mean, where are the dbs, what should I rm -rf?
>>>>>> On Debian just remove /var/lib/samba and /var/cache/samba
>>>>>>> By the way how do I obtain current machine netbios name?
>>>>>> Depends on which netbios name, if you are referring to the one that is
>>>>>> in smb.conf 'netbios name = ?????', that is just the short hostname in
>>>>>> uppercase. If you are referring to the netbios domain name (aka
>>>>>> workgroup) then you can find this with wbinfo:
>>>>>>
>>>>>> wbinfo --own-domain
>>>>>>
>>>>>> Rowland
>>>>>>
>>>>> I tried to add ypServ30 using ldapi socket "ldapi://%2Fvar%2Flib%2Fsamba%2Fprivate%2Fldap_priv%2Fldapi, it said
>>>>>
>>>>> `ERR: insufficient access rights : "LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS <acl: unable to get access to CN=ypServ30,CN=RpcServices,CN=System,DC=mydomain,DC=mytld> <>" on DN CN=ypServ30,CN=RpcServices,CN=System,DC=mydomain,DC=mytld at block before line 5`
>>>>>
>>>>> Shouldn't give me access by default if I'm using the private system socket?
>>>> No, you still need to authenticate as a user with the required
>>>> permissions e.g. Administrator
>>>>
>>>> Also, as you are trying to update the schema, you will need to add
>>>> '/--option="dsdb:schema update allowed"=true' to the ldbmodify command/
>>>>
>>>> /Rowland/
>>>>
>>> Since I'm (g)root how could I avoid inputting any password at all?
>>> Should be possible since samba-tool never asks you a password as root
>> Then do what samba-tool does, fall back to the computers kerberos ticket
>> and add '-P' to the ldbmodify command
>>> Also what's the point of having a more private socket in /var/lib/samba/private/ldap_priv/ldapi if it asks auth credential like the "less private" socket /var/lib/samba/private/ldapi?
>> Even more security ;-)
>>
>> Rowland
>>
> I've already added -P to ldbmodify, what am I missing, how should I do that?

Sorry, I realised after I posted that, it only works for searching, you 
will have to authenticate, this is nothing to do with Samba, it is a 
Windows thing, anonymous searches/changes are not allowed.

Rowland

More information about the samba mailing list