Gary Martin
2008-Jan-09 20:08 UTC
[Fedora-directory-users] Samba + FDS Problem adding Administrator account "Username not found"
I am following the instructions in the Howto:Samba documentation on
the FDS Wiki site. When I go to edit the Administrator account using
the following command:
pdbedit -U $( net getlocalsid | sed ''s/SID for domain YOURWORKGROUP
is: //'' )-500 -u Administrator -r
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
Username not found!
I get the same "Username not found" error if I run "pdbedit -L
-v -u
Administrator" so it seems that the account doesn''t exist, yet if
run:
ldapsearch -b dc=test,dc=com -x ''(uid=Administrator)''
# extended LDIF
#
# LDAPv3
# base <dc=test,dc=com> with scope subtree
# filter: (uid=Administrator)
# requesting: ALL
#
# Administrator, People, test.com
dn: uid=Administrator,ou=People,dc=test,dc=com
uid: Administrator
cn: Samba Admin
givenName: Samba
sn: Admin
mail: Administrator@test.com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
loginShell: /bin/bash
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: Samba Admin
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Should this account have some Samba Domain info? What did I do wrong?
Here is a copy of the sambaAdmin.ldif I used:
dn: uid=Administrator,ou=People,dc=test,dc=com
uid: Administrator
cn: Samba Admin
givenName: Samba
sn: Admin
mail: Administrator@test.com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
userPassword: {crypt}x
loginShell: /bin/bash
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: Samba Admin
And a copy of my smb.conf if it helps:
[global]
workgroup = DOMAIN
security = user
passdb backend = ldapsam:ldap://vandread.test.com
ldap admin dn = cn=Directory Manager
ldap suffix = dc=test,dc=com
ldap user suffix = ou=People
ldap machine suffix = ou=People
ldap group suffix = ou=Groups
log file = /var/log/samba/%m.log
log level = 3
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 33
domain logons = yes
domain master = yes
local master = yes
preferred master = yes
wins support = yes
logon home = \\%L\%u\profiles
logon path = \\%L\profiles\%u
logon drive = H:
template shell = /bin/false
winbind use default domain = no
winbind nested groups = no
enable privileges = yes
Thanks.
Jonathan Barber
2008-Jan-10 10:01 UTC
Re: [Fedora-directory-users] Samba + FDS Problem adding Administrator account "Username not found"
On Wed, Jan 09, 2008 at 03:08:59PM -0500, Gary Martin wrote:> I am following the instructions in the Howto:Samba documentation on > the FDS Wiki site. When I go to edit the Administrator account using > the following command:[snip]> # Administrator, People, test.com > dn: uid=Administrator,ou=People,dc=test,dc=com > uid: Administrator > cn: Samba Admin > givenName: Samba > sn: Admin > mail: Administrator@test.com > objectClass: person > objectClass: organizationalPerson > objectClass: inetOrgPerson > objectClass: posixAccount > objectClass: top > loginShell: /bin/bash > uidNumber: 0 > gidNumber: 0 > homeDirectory: /root > gecos: Samba AdminDid you add this user with smbpasswd? AFAIK it should have the sambaSamAccount objectclass with the various attributes that samba creates (which is dependant upon your version of samba). The HOWTO specifies using the command: $ smbpasswd -a Administrator -w<ldap-admin-password> The ldap filter samba uses (3.0.25 at least) is of the form: (&(uid=USERNAME)(objectClass=sambaSamAccount)) So if you haven''t added the user via samba (or added the attributes manually) the filter won''t match and samba won''t find the user. Cheers.> # search result > search: 2 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > > Should this account have some Samba Domain info? What did I do wrong? > Here is a copy of the sambaAdmin.ldif I used: > > dn: uid=Administrator,ou=People,dc=test,dc=com > uid: Administrator > cn: Samba Admin > givenName: Samba > sn: Admin > mail: Administrator@test.com > objectClass: person > objectClass: organizationalPerson > objectClass: inetOrgPerson > objectClass: posixAccount > objectClass: top > userPassword: {crypt}x > loginShell: /bin/bash > uidNumber: 0 > gidNumber: 0 > homeDirectory: /root > gecos: Samba Admin > > And a copy of my smb.conf if it helps: > > [global] > workgroup = DOMAIN > security = user > passdb backend = ldapsam:ldap://vandread.test.com > ldap admin dn = cn=Directory Manager > ldap suffix = dc=test,dc=com > ldap user suffix = ou=People > ldap machine suffix = ou=People > ldap group suffix = ou=Groups > log file = /var/log/samba/%m.log > log level = 3 > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > os level = 33 > domain logons = yes > domain master = yes > local master = yes > preferred master = yes > wins support = yes > logon home = \\%L\%u\profiles > logon path = \\%L\profiles\%u > logon drive = H: > template shell = /bin/false > winbind use default domain = no > > winbind nested groups = no > enable privileges = yes > > > Thanks. > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users-- Jonathan Barber High Performance Computing Analyst Tel. +44 (0) 1382 386389
Gary Martin
2008-Jan-10 14:01 UTC
Re: [Fedora-directory-users] Samba + FDS Problem adding Administrator account "Username not found"
On Jan 10, 2008 5:01 AM, Jonathan Barber <j.barber@dundee.ac.uk> wrote:> On Wed, Jan 09, 2008 at 03:08:59PM -0500, Gary Martin wrote: > > I am following the instructions in the Howto:Samba documentation on > > the FDS Wiki site. When I go to edit the Administrator account using > > the following command: > > [snip] > > > # Administrator, People, test.com > > dn: uid=Administrator,ou=People,dc=test,dc=com > > uid: Administrator > > cn: Samba Admin > > givenName: Samba > > sn: Admin > > mail: Administrator@test.com > > objectClass: person > > objectClass: organizationalPerson > > objectClass: inetOrgPerson > > objectClass: posixAccount > > objectClass: top > > loginShell: /bin/bash > > uidNumber: 0 > > gidNumber: 0 > > homeDirectory: /root > > gecos: Samba Admin > > Did you add this user with smbpasswd?Yes> AFAIK it should have the > sambaSamAccount objectclass with the various attributes that samba > creates (which is dependant upon your version of samba).I am using FC6 with Samba version 3.0.24-11.> > The HOWTO specifies using the command: > $ smbpasswd -a Administrator -w<ldap-admin-password>This is the command I used.> > The ldap filter samba uses (3.0.25 at least) is of the form: > (&(uid=USERNAME)(objectClass=sambaSamAccount)) > > So if you haven''t added the user via samba (or added the attributes > manually) the filter won''t match and samba won''t find the user.How do I add these manually since samba did not do it for me.> > Cheers.
Jonathan Barber
2008-Jan-11 13:49 UTC
Re: [Fedora-directory-users] Samba + FDS Problem adding Administrator account "Username not found"
On Thu, Jan 10, 2008 at 09:01:44AM -0500, Gary Martin wrote:> On Jan 10, 2008 5:01 AM, Jonathan Barber <j.barber@dundee.ac.uk> wrote: > > On Wed, Jan 09, 2008 at 03:08:59PM -0500, Gary Martin wrote: > > > I am following the instructions in the Howto:Samba documentation on > > > the FDS Wiki site. When I go to edit the Administrator account using > > > the following command: > > > > [snip][snip]> How do I add these manually since samba did not do it for me.This is an example of a user that works with Samba 3.0.25b (on RHEL4): dn: cn=jbarber,ou=edir,ou=people,ou=lifesci,o=dundee objectClass: sambasamaccount objectClass: posixaccount objectClass: top objectClass: inetorgperson objectClass: organizationalperson objectClass: person cn: jbarber sn: Barber uidNumber: 5023 gidNumber: 1011 loginShell: /bin/bash uid: jbarber uid: jon homeDirectory: /homes/jon sambaPwdCanChange: 1194276885 sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaPwdMustChange: 2147483647 sambaSID: S-1-5-21-1279830386-3947966166-4038294555-11046 sambaPwdLastSet: 1197029450 sambaAcctFlags: [UX ] -- Jonathan Barber High Performance Computing Analyst Tel. +44 (0) 1382 386389