He Guys,
When we add a client pc (win2k) to our domain everything goes well
except that the add machine script wont run.
A computer will be created within the lDAP directory but not with the
add machine script.
The following is our situation.
Fedora Core1
|-samba-3.0.2-7.FC1
|-openldap-2.1.22-8
smb.conf
--------------
# Global parameters
[global]
workgroup = T3E
server string = domeinserver
bind interfaces only = Yes
passwd program = /usr/sbin/smbldap-passwd.pl %u
passwd chat = *new*password* %n *new*password* %n *successfully*
passwd chat debug = Yes
passdb backend = ldapsam:ldap://localhost
#unix password sync = Yes
log level = 2
log file = /var/log/samba/samba.log.%m
time server = Yes
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
add user script = /usr/sbin/smbldap-useradd.pl -a -m %u
add machine script = /usr/sbin/smbldap-useradd.pl -w %u
delete user script = /usr/sbin/smbldap-userdel.pl -r %u
add group script = /usr/sbin/smbldap-groupadd.pl %g
delete group script = /usr/sbin/smbldap-groupdel.pl %g
add user to group script = /usr/sbin/smbldap-usermod.pl -G %g %u
domain logons = Yes
os level = 34
preferred master = Yes
domain master = Yes
wins support = Yes
ldap suffix = o=T3E,c=nl
ldap admin dn = cn=Manager,o=T3E,c=nl
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap user suffix = ou=people
ldap ssl = no
admin users = root
hide unreadable = Yes
logon path = \\%N\%U\.winprofile
logon script = netwerk.bat
encrypt passwords = Yes
username map = /etc/samba/smbusers
--------------
As you see we use the smbldap-tools to execute when a client logins to
the domain.
After login the following entry will be made in LDAP:
uid=tmc-ontwikkelpc$,ou=computers,o=T3E,c=nl
--------------
dn: uid=tmc-ontwikkelpc$,ou=computers,o=T3E,c=nl
uid: tmc-ontwikkelpc$
sambaSID: S-1-5-21-1973588340-308753574-2243378783-3006
sambaPrimaryGroupSID: S-1-5-21-1973588340-308753574-2243378783-3007
objectClass: sambaSamAccount
objectClass: account
displayName: TMC-ONTWIKKELPC$
sambaPwdCanChange: 1080312437
sambaPwdMustChange: 2147483647
sambaLMPassword: F64C97556FCFA59023753BB150C8A535
sambaNTPassword: E5C3C09DB2CAD5D92CBE5054CCBB7A27
sambaPwdLastSet: 1080312437
sambaAcctFlags: [W ]
--------------
If we do a client add by hand (/usr/sbin/smbldap-useradd.pl -w %u) we
get the following entry in the LDAP dir:
uid=tmc-ontwikkelpc$,ou=computers,o=T3E,c=nl
--------------
dn: uid=test$,ou=computers,o=T3E,c=nl
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
cn: test$
sn: test$
uid: test$
uidNumber: 1000
gidNumber: 10012
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
--------------
This is a really different schema, and this is the one that we need.
Anyone sees what were doing wrong?
Hi, I repeat that I have the same problem. I found a connex problem : If a computer is added succesfully, the next SambaSID isn't correctly computed, because the uidNumber is not changed. Why, because samba has converted the posixAccount to account schema. And the account schema don't have uid attribute.. Samba 3.0.2a OpenLDAP 2.1.25 RedHat 8.0 Other information, I analysed the log file when I try to add on-fly a computer, The script is correcly executed, but samba try to add a new entry, but he must add sambaSamAccount only. I ask the question, why samba try to add a account (created by the smbldap-useradd) ? I anyone have some information or help me St?phane Stagiair a ?crit :> He Guys, > > When we add a client pc (win2k) to our domain everything goes well > except that the add machine script wont run. > A computer will be created within the lDAP directory but not with the > add machine script. > The following is our situation. > > Fedora Core1 > |-samba-3.0.2-7.FC1 > |-openldap-2.1.22-8 > > smb.conf > -------------- > # Global parameters > [global] > workgroup = T3E > server string = domeinserver > bind interfaces only = Yes > passwd program = /usr/sbin/smbldap-passwd.pl %u > passwd chat = *new*password* %n *new*password* %n *successfully* > passwd chat debug = Yes > passdb backend = ldapsam:ldap://localhost > #unix password sync = Yes > log level = 2 > log file = /var/log/samba/samba.log.%m > time server = Yes > socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 > add user script = /usr/sbin/smbldap-useradd.pl -a -m %u > add machine script = /usr/sbin/smbldap-useradd.pl -w %u > delete user script = /usr/sbin/smbldap-userdel.pl -r %u > add group script = /usr/sbin/smbldap-groupadd.pl %g > delete group script = /usr/sbin/smbldap-groupdel.pl %g > add user to group script = /usr/sbin/smbldap-usermod.pl -G %g %u > domain logons = Yes > os level = 34 > preferred master = Yes > domain master = Yes > wins support = Yes > ldap suffix = o=T3E,c=nl > ldap admin dn = cn=Manager,o=T3E,c=nl > ldap group suffix = ou=groups > ldap machine suffix = ou=computers > ldap user suffix = ou=people > ldap ssl = no > admin users = root > hide unreadable = Yes > logon path = \\%N\%U\.winprofile > logon script = netwerk.bat > encrypt passwords = Yes > username map = /etc/samba/smbusers > -------------- > As you see we use the smbldap-tools to execute when a client logins to > the domain. > After login the following entry will be made in LDAP: > > uid=tmc-ontwikkelpc$,ou=computers,o=T3E,c=nl > -------------- > dn: uid=tmc-ontwikkelpc$,ou=computers,o=T3E,c=nl > uid: tmc-ontwikkelpc$ > sambaSID: S-1-5-21-1973588340-308753574-2243378783-3006 > sambaPrimaryGroupSID: S-1-5-21-1973588340-308753574-2243378783-3007 > objectClass: sambaSamAccount > objectClass: account > displayName: TMC-ONTWIKKELPC$ > sambaPwdCanChange: 1080312437 > sambaPwdMustChange: 2147483647 > sambaLMPassword: F64C97556FCFA59023753BB150C8A535 > sambaNTPassword: E5C3C09DB2CAD5D92CBE5054CCBB7A27 > sambaPwdLastSet: 1080312437 > sambaAcctFlags: [W ] > -------------- > > If we do a client add by hand (/usr/sbin/smbldap-useradd.pl -w %u) we > get the following entry in the LDAP dir: > > uid=tmc-ontwikkelpc$,ou=computers,o=T3E,c=nl > -------------- > dn: uid=test$,ou=computers,o=T3E,c=nl > objectClass: top > objectClass: inetOrgPerson > objectClass: posixAccount > cn: test$ > sn: test$ > uid: test$ > uidNumber: 1000 > gidNumber: 10012 > homeDirectory: /dev/null > loginShell: /bin/false > description: Computer > -------------- > > This is a really different schema, and this is the one that we need. > Anyone sees what were doing wrong? > >-- St?phane Purnelle <stephane.purnelle@tiscali.be> Site Web : http://www.linuxplusvalue.be
Le Fri, Mar 26, 2004 at 04:06:38PM +0100, Stagiair a ecrit:> When we add a client pc (win2k) to our domain everything goes well > except that the add machine script wont run. > A computer will be created within the lDAP directory but not with the > add machine script.I don't have answer to your problem, but i have 2 remarks...> socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 > add user script = /usr/sbin/smbldap-useradd.pl -a -m %u > add machine script = /usr/sbin/smbldap-useradd.pl -w %u > delete user script = /usr/sbin/smbldap-userdel.pl -r %u > add group script = /usr/sbin/smbldap-groupadd.pl %g > delete group script = /usr/sbin/smbldap-groupdel.pl %g > add user to group script = /usr/sbin/smbldap-usermod.pl -G %g %uThose scripts are old. You should maybe use the latest one (be careful to the configutation file: there are 2 files now located in /etc/smbldap-tools and the script does not have the .pl extension anymore)> After login the following entry will be made in LDAP: > uid=tmc-ontwikkelpc$,ou=computers,o=T3E,c=nl > objectClass: sambaSamAccount > This is a really different schema, and this is the one that we need. > Anyone sees what were doing wrong?The sambaSAMAccount is added by samba itself when joining the domain. -- J?r?me