hi all,
i am actually trying to get samba 3.01 (on SLES 8.0) working as PDC with
the ldap backend. I have already configured nsswitch to also use ldap
for groups and passwords (the root user is still in the /etc/passwd file
- i can't imagine that putting the root user into openldap is a really
good idea).
There is one sentence in the howto
(http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html#create_ldap_recs)
which i don't understand complete - "Remember that if you need join a
XP to the domain, an uidNumber=0 account is ALSO required (ie
Administrator or root accounts)." - should this mean that i need (when
i'd like to join XP's - not win2k?) to add the objectClass posixaccount
to the Administrator entrie with the uidNumber 0 ? - If this is so -
doesn't this collidates then with the root user in the /etc/passwd file
?
There is also another thing - I've triied to add a workstation with:
"smbpasswd -a -m nomicro$ -D 256" - then i got this:
-----------
some messages about connecting...
The LDAP server is succesful connected
pdb backend ldapsam has a valid init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
smbldap_search_suffix: searching
for:[(&(uid=nomicro$)(objectclass=sambaSamAccount))]
smbldap_open: already connected to the LDAP server
ldapsam_getsampwnam: Unable to locate user [nomicro$] count=0
Finding user nomicro$
Trying _Get_Pwnam(), username as lowercase is nomicro$
Trying _Get_Pwnam(), username as uppercase is NOMICRO$
Checking combinations of 0 uppercase letters in nomicro$
Get_Pwnam_internals didn't find user [nomicro$]!
Failed to initialise SAM_ACCOUNT for user nomicro$.
Failed to modify password entry for user nomicro$
------
this looks like it is searching for the user so that it can alter his
password - but i wanted to add the user not to alter the password, so
what is here wrong.
and, the relevant parts from my smb.conf
-------------
[global]
workgroup = DIALOG-TELEKOM
netbios name = ZION
comment = Dialog PDC
security = user
null passwords = Yes
encrypt passwords = yes
logon drive = U:
logon path = \\%N\profiles\%g
domain master = yes
domain logons = yes
preferred master = yes
os level = 255
wins support = yes
public = No
browseable = No
writable = No
debug level = 255
# ldap parameters
passdb backend = ldapsam
ldap admin dn = "cn=administrator,dc=dialog-telekom,dc=at"
ldap suffix = dc=dialog-telekom,dc=at
ldap machine suffix = ou=computers
ldap user suffix = ou=people
ldap ssl = No
ldap delete dn = no
-----------
hope this arn't stupid questions ;-)
have a nice day
wolfi
Wolfgang Pichler a ?crit :>hi, > >thanx for this fast reply > >at http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html#smbpasswd there >is documented that >---------- >Example for (-a )dd a new (-m)achine named icb$ with debug (-D ) set >to 256: > >./bin/smbpasswd -m -a icb$ -D 256 >---------- >this command is needed to add a machine to my PDC - but there isn't >mentioned that i first have to create an user account with the same name >(which doesn't seems to be logically to me). The aboce command should >create the account (or i am wrong?) > >wolfi > >Am Mo, den 29.12.2003 schrieb St?phane Purnelle um 15:51: > > >>Wolfgang Pichler a ?crit : >> >> >> >>>hi all, >>> >>>i am actually trying to get samba 3.01 (on SLES 8.0) working as PDC with >>>the ldap backend. I have already configured nsswitch to also use ldap >>>for groups and passwords (the root user is still in the /etc/passwd file >>>- i can't imagine that putting the root user into openldap is a really >>>good idea). >>> >>>There is one sentence in the howto >>>(http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html#create_ldap_recs) >>>which i don't understand complete - "Remember that if you need join a >>>XP to the domain, an uidNumber=0 account is ALSO required (ie >>>Administrator or root accounts)." - should this mean that i need (when >>>i'd like to join XP's - not win2k?) to add the objectClass posixaccount >>>to the Administrator entrie with the uidNumber 0 ? - If this is so - >>>doesn't this collidates then with the root user in the /etc/passwd file >>>? >>> >>>There is also another thing - I've triied to add a workstation with: >>>"smbpasswd -a -m nomicro$ -D 256" - then i got this: >>>----------- >>>some messages about connecting... >>>The LDAP server is succesful connected >>>pdb backend ldapsam has a valid init >>>Attempting to find an passdb backend to match guest (guest) >>>Found pdb backend guest >>>pdb backend guest has a valid init >>>smbldap_search_suffix: searching >>>for:[(&(uid=nomicro$)(objectclass=sambaSamAccount))] >>>smbldap_open: already connected to the LDAP server >>>ldapsam_getsampwnam: Unable to locate user [nomicro$] count=0 >>>Finding user nomicro$ >>>Trying _Get_Pwnam(), username as lowercase is nomicro$ >>>Trying _Get_Pwnam(), username as uppercase is NOMICRO$ >>>Checking combinations of 0 uppercase letters in nomicro$ >>>Get_Pwnam_internals didn't find user [nomicro$]! >>>Failed to initialise SAM_ACCOUNT for user nomicro$. >>>Failed to modify password entry for user nomicro$ >>>------ >>> >>>this looks like it is searching for the user so that it can alter his >>>password - but i wanted to add the user not to alter the password, so >>>what is here wrong. >>> >>>and, the relevant parts from my smb.conf >>>------------- >>>[global] >>> workgroup = DIALOG-TELEKOM >>> netbios name = ZION >>> comment = Dialog PDC >>> security = user >>> null passwords = Yes >>> encrypt passwords = yes >>> logon drive = U: >>> logon path = \\%N\profiles\%g >>> domain master = yes >>> domain logons = yes >>> preferred master = yes >>> os level = 255 >>> wins support = yes >>> public = No >>> browseable = No >>> writable = No >>> debug level = 255 >>> # ldap parameters >>> passdb backend = ldapsam >>> ldap admin dn = "cn=administrator,dc=dialog-telekom,dc=at" >>> ldap suffix = dc=dialog-telekom,dc=at >>> ldap machine suffix = ou=computers >>> ldap user suffix = ou=people >>> ldap ssl = No >>> ldap delete dn = no >>>----------- >>> >>>hope this arn't stupid questions ;-) >>> >>>have a nice day >>>wolfi >>> >>> >>> >>> >>> >>Have you created the account nomicro ? >>smbuseradd -w nomicro >> >> > > > >Could you see in your LDAP tree is you are a nomicro$$, samba add the '$' directly.
Wolfgang, What script are you calling, and with what parameters for "add user script" and "add machine script"? If you do not have them you will have the exact problem you have reported. Cheers, John T. On Mon, 29 Dec 2003, Wolfgang Pichler wrote:> hi all, > > i am actually trying to get samba 3.01 (on SLES 8.0) working as PDC with > the ldap backend. I have already configured nsswitch to also use ldap > for groups and passwords (the root user is still in the /etc/passwd file > - i can't imagine that putting the root user into openldap is a really > good idea). > > There is one sentence in the howto > (http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html#create_ldap_recs) > which i don't understand complete - "Remember that if you need join a > XP to the domain, an uidNumber=0 account is ALSO required (ie > Administrator or root accounts)." - should this mean that i need (when > i'd like to join XP's - not win2k?) to add the objectClass posixaccount > to the Administrator entrie with the uidNumber 0 ? - If this is so - > doesn't this collidates then with the root user in the /etc/passwd file > ? > > There is also another thing - I've triied to add a workstation with: > "smbpasswd -a -m nomicro$ -D 256" - then i got this: > ----------- > some messages about connecting... > The LDAP server is succesful connected > pdb backend ldapsam has a valid init > Attempting to find an passdb backend to match guest (guest) > Found pdb backend guest > pdb backend guest has a valid init > smbldap_search_suffix: searching > for:[(&(uid=nomicro$)(objectclass=sambaSamAccount))] > smbldap_open: already connected to the LDAP server > ldapsam_getsampwnam: Unable to locate user [nomicro$] count=0 > Finding user nomicro$ > Trying _Get_Pwnam(), username as lowercase is nomicro$ > Trying _Get_Pwnam(), username as uppercase is NOMICRO$ > Checking combinations of 0 uppercase letters in nomicro$ > Get_Pwnam_internals didn't find user [nomicro$]! > Failed to initialise SAM_ACCOUNT for user nomicro$. > Failed to modify password entry for user nomicro$ > ------ > > this looks like it is searching for the user so that it can alter his > password - but i wanted to add the user not to alter the password, so > what is here wrong. > > and, the relevant parts from my smb.conf > ------------- > [global] > workgroup = DIALOG-TELEKOM > netbios name = ZION > comment = Dialog PDC > security = user > null passwords = Yes > encrypt passwords = yes > logon drive = U: > logon path = \\%N\profiles\%g > domain master = yes > domain logons = yes > preferred master = yes > os level = 255 > wins support = yes > public = No > browseable = No > writable = No > debug level = 255 > # ldap parameters > passdb backend = ldapsam > ldap admin dn = "cn=administrator,dc=dialog-telekom,dc=at" > ldap suffix = dc=dialog-telekom,dc=at > ldap machine suffix = ou=computers > ldap user suffix = ou=people > ldap ssl = No > ldap delete dn = no > ----------- > > hope this arn't stupid questions ;-) > > have a nice day > wolfi > >-- John H Terpstra Email: jht@samba.org