I finally got Samba-3.0beta1 as PDC with LDAP backend. However, I need to specify: passdb backend = ldapsam smbpasswd:smbpasswd guest and have the root account's exists in smbpasswd file. I still could not get a uid=root entry in LDAP to allow client workstation to join the domain. When in samba-2.2.8a I could use a fake rid=506 with uidNumber=0 entry in LDAP (as a SambaAccount) and it worked fine. But even after converting this entry to SambaSamAccount object with Jerry's conversambaAccount script it would not allow client machines to join the domain. Has anyone got a full LDAP based Samba PDC working without the need to have a fallback smbpasswd for the root account? What SambaSID will work for a root account that allows client workstations to join the domain? Please advise. Thanks! __________________________________ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com
> I finally got Samba-3.0beta1 as PDC with LDAP backend.> However, I need to specify: > > passdb backend = ldapsam smbpasswd:smbpasswd guest > > and have the root account's exists in smbpasswd file. > I still could not get a uid=root entry in LDAP to > allow client workstation to join the domain. > > When in samba-2.2.8a I could use a fake rid=506 with > uidNumber=0 entry in LDAP (as a SambaAccount) and it > worked fine. But even after converting this entry to > SambaSamAccount object with Jerry's conversambaAccount > script it would not allow client machines to join the > domain. > > Has anyone got a full LDAP based Samba PDC working > without the need to have a fallback smbpasswd for the > root account? What SambaSID will work for a root > account that allows client workstations to join the > domain? With pdbedit -L you can see rid's. I used it and got rid 0 with sambaSID: <domain sid>-1000. It might be that I have somewhere declared that SID's start at 1000 but I didn't found it in smb.conf so it might be default. Hannu
On Mon, 2003-06-09 at 01:28, Chee Wai Yeung wrote:> I still could not get a uid=root entry in LDAP to > allow client workstation to join the domain.> Has anyone got a full LDAP based Samba PDC working > without the need to have a fallback smbpasswd for the > root account?My experience is the same as yours, Chee. I had to have a user 'root' in smbpasswd, despite having a root-user (UID=GID=0) in LDAP (this was using 3.0alpha24, not beta1). -Gord -- Gordon Pritchard, P.Eng. | Institute of Electrical and Research Labs Manager | Electronics Engineers Simon Fraser University, Surrey | Quarter Century Wireless Ass'n gordonp@sfu.ca | Telephone Pioneers of America phone: 604.268.7509 | Amateur Radio: VA7SFU, VA7GP
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 9 Jun 2003, Chee Wai Yeung wrote:> I finally got Samba-3.0beta1 as PDC with LDAP backend. > However, I need to specify: > > passdb backend = ldapsam smbpasswd:smbpasswd guest > > and have the root account's exists in smbpasswd file. > I still could not get a uid=root entry in LDAP to > allow client workstation to join the domain. > > When in samba-2.2.8a I could use a fake rid=506 with > uidNumber=0 entry in LDAP (as a SambaAccount) and it > worked fine. But even after converting this entry to > SambaSamAccount object with Jerry's conversambaAccount > script it would not allow client machines to join the > domain. > > Has anyone got a full LDAP based Samba PDC working > without the need to have a fallback smbpasswd for the > root account? What SambaSID will work for a root > account that allows client workstations to join the > domain?It was working fine during my regressions tests. I'll take another look though. cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+5U8yIR7qMdg1EfYRAmq5AKC8n/eIK9C6gXiuPLaLXVkUKcVVuACfSrUk +vuV5SUeURpjhI70OUxezKk=s18z -----END PGP SIGNATURE-----