listman
2006-Dec-16 00:35 UTC
[Fedora-directory-users] can''t lookup UNIX group Domain Admins
Can some one please point me in the right direction to fix this? Ive searched samba group and the only thing I can find is something about having the right scripts but they dont tell you where to get them or how to run them. Any help would be greatly appreciated.
Craig White
2006-Dec-16 00:54 UTC
Re: [Fedora-directory-users] can''t lookup UNIX group Domain Admins
On Fri, 2006-12-15 at 16:35 -0800, listman wrote:> Can some one please point me in the right direction to fix this? I’ve > searched samba group and the only thing I can find is something about > having the right scripts but they don’t tell you where to get them or how > to run them. > Any help would be greatly appreciated.---- sounds like you are looking for smbldap-tools from idealx Perhaps you are using packaging from a distribution that offers these tools or start here if that is indeed what you are looking for... http://sourceforge.net/projects/smbldap-tools Craig
listman
2006-Dec-16 05:48 UTC
Re: [Fedora-directory-users] can''t lookup UNIX group Domain Admins
> On Fri, 2006-12-15 at 16:35 -0800, listman wrote: >> Can some one please point me in the right direction to fix this? Iâve >> searched samba group and the only thing I can find is something about >> having the right scripts but they donât tell you where to get them or >> how >> to run them. >> Any help would be greatly appreciated. > ---- > sounds like you are looking for smbldap-tools from idealx > > Perhaps you are using packaging from a distribution that offers these > tools or start here if that is indeed what you are looking for... > > http://sourceforge.net/projects/smbldap-tools > > Craig >Thanks Craig That does explain the scripts that I read about but it''s not helping my problem any. I''m going through the samba doc on the FDS site and keep running into problems here and no one seems to know the answer. I have installed everything I need, configurd samba, ldap, bind, and everything else refrenced from the FDS site. I''m missing something thats isn''t covered on the site but I dont know enough to figure out what it is. Heres my smb.conf file if that helps any.. [global] workgroup = DEPFYFFER security = user passdb backend = ldapsam:ldap://depfyffer.com ldap admin dn = cn=Directory Manager ldap suffix = dc=depfyffer,dc=com ldap user suffix = ou=People ldap machine suffix = ou=Computers ldap group suffix = ou=Groups add machine script = /usr/local/sbin/smbldap-useradd -w "%u" add user script = /usr/local/sbin/smbldap-useradd -m "%u" ldap delete dn = Yes #delete user script = /usr/local/sbin/smbldap-userdel "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" #delete group script = /usr/local/sbin/smbldap-groupdel "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" add machine script = /usr/local/sbin/smbldap-useradd -w "%u" log file = /var/log/%m.log socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 33 domain logons = yes domain master = yes local master = yes preferred master = yes wins support = yes logon home = \\%L\%u\profiles logon path = \\%L\profiles\%u logon drive = H: template shell = /bin/false winbind use default domain = no [netlogon] path = /var/lib/samba/netlogon read only = yes browsable = no [profiles] path = /var/lib/samba/profiles read only = no create mask = 0600 directory mask = 0700 [homes] browsable = no writable = yes
listman
2006-Dec-16 06:24 UTC
Re: [Fedora-directory-users] can''t lookup UNIX group Domain Admins
>> On Fri, 2006-12-15 at 16:35 -0800, listman wrote: >>> Can some one please point me in the right direction to fix this? Iâve >>> searched samba group and the only thing I can find is something about >>> having the right scripts but they donât tell you where to get them or >>> how >>> to run them. >>> Any help would be greatly appreciated. >> ---- >> sounds like you are looking for smbldap-tools from idealx >> >> Perhaps you are using packaging from a distribution that offers these >> tools or start here if that is indeed what you are looking for... >> >> http://sourceforge.net/projects/smbldap-tools >> >> Craig >> > Thanks Craig > That does explain the scripts that I read about but it''s not helping my > problem any. > I''m going through the samba doc on the FDS site and keep running into > problems here and no one seems to know the answer. I have installed > everything I need, configurd samba, ldap, bind, and everything else > refrenced from the FDS site. I''m missing something thats isn''t covered on > the site but I dont know enough to figure out what it is. Heres my > smb.conf file if that helps any.. > > [global] > workgroup = DEPFYFFER > security = user > passdb backend = ldapsam:ldap://depfyffer.com > ldap admin dn = cn=Directory Manager > ldap suffix = dc=depfyffer,dc=com > ldap user suffix = ou=People > ldap machine suffix = ou=Computers > ldap group suffix = ou=Groups > > add machine script = /usr/local/sbin/smbldap-useradd -w "%u" > add user script = /usr/local/sbin/smbldap-useradd -m "%u" > ldap delete dn = Yes > #delete user script = /usr/local/sbin/smbldap-userdel "%u" > add group script = /usr/local/sbin/smbldap-groupadd -p "%g" > #delete group script = /usr/local/sbin/smbldap-groupdel "%g" > add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" > delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" > "%g" > set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" > add machine script = /usr/local/sbin/smbldap-useradd -w "%u" > > log file = /var/log/%m.log > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > os level = 33 > domain logons = yes > domain master = yes > local master = yes > preferred master = yes > > wins support = yes > > logon home = \\%L\%u\profiles > logon path = \\%L\profiles\%u > logon drive = H: > > template shell = /bin/false > winbind use default domain = no > > [netlogon] > path = /var/lib/samba/netlogon > read only = yes > browsable = no > > [profiles] > path = /var/lib/samba/profiles > read only = no > create mask = 0600 > directory mask = 0700 > > [homes] > browsable = no > writable = yes >This may help also?? [root@depfyffer log]# smbpasswd -D 10 -a -m Netbios name list:- my_netbios_names[0]="DEPFYFFER" Attempting to register passdb backend ldapsam Successfully added passdb backend ''ldapsam'' Attempting to register passdb backend ldapsam_compat Successfully added passdb backend ''ldapsam_compat'' Attempting to register passdb backend NDS_ldapsam Successfully added passdb backend ''NDS_ldapsam'' Attempting to register passdb backend NDS_ldapsam_compat Successfully added passdb backend ''NDS_ldapsam_compat'' Attempting to register passdb backend smbpasswd Successfully added passdb backend ''smbpasswd'' Attempting to register passdb backend tdbsam Successfully added passdb backend ''tdbsam'' Attempting to find an passdb backend to match ldapsam:ldap://depfyffer.com (ldapsam) Found pdb backend ldapsam smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DEPFYFFER))] smbldap_search_ext: base => [dc=depfyffer,dc=com], filter => [(&(objectClass=sambaDomain)(sambaDomainName=DEPFYFFER))], scope => [2] The connection to the LDAP server was closed smb_ldap_setup_connection: ldap://depfyffer.com smbldap_open_connection: connection opened ldap_connect_system: Binding to ldap server ldap://depfyffer.com as "cn=Directory Manager" ldap_connect_system: succesful connection to the LDAP server ldap_connect_system: LDAP server does not support paged results The LDAP server is succesfully connected smbldap_get_single_attribute: [sambaAlgorithmicRidBase] = [<does not exist>] pdb backend ldapsam:ldap://depfyffer.com has a valid init smbldap_search_ext: base => [dc=depfyffer,dc=com], filter => [(&(uid=root$)(objectclass=sambaSamAccount))], scope => [2] ldapsam_getsampwnam: Unable to locate user [root$] count=0 Failed to modify password entry for user root$
Craig White
2006-Dec-16 16:30 UTC
Re: [Fedora-directory-users] can''t lookup UNIX group Domain Admins
On Fri, 2006-12-15 at 22:24 -0800, listman wrote:> >> On Fri, 2006-12-15 at 16:35 -0800, listman wrote: > >>> Can some one please point me in the right direction to fix this? I’ve > >>> searched samba group and the only thing I can find is something about > >>> having the right scripts but they don’t tell you where to get them or > >>> how > >>> to run them. > >>> Any help would be greatly appreciated. > >> ---- > >> sounds like you are looking for smbldap-tools from idealx > >> > >> Perhaps you are using packaging from a distribution that offers these > >> tools or start here if that is indeed what you are looking for... > >> > >> http://sourceforge.net/projects/smbldap-tools > >> > >> Craig > >> > > Thanks Craig > > That does explain the scripts that I read about but it''s not helping my > > problem any. > > I''m going through the samba doc on the FDS site and keep running into > > problems here and no one seems to know the answer. I have installed > > everything I need, configurd samba, ldap, bind, and everything else > > refrenced from the FDS site. I''m missing something thats isn''t covered on > > the site but I dont know enough to figure out what it is. Heres my > > smb.conf file if that helps any.. > > > > [global] > > workgroup = DEPFYFFER > > security = user > > passdb backend = ldapsam:ldap://depfyffer.com > > ldap admin dn = cn=Directory Manager > > ldap suffix = dc=depfyffer,dc=com > > ldap user suffix = ou=People > > ldap machine suffix = ou=Computers > > ldap group suffix = ou=Groups > > > > add machine script = /usr/local/sbin/smbldap-useradd -w "%u" > > add user script = /usr/local/sbin/smbldap-useradd -m "%u" > > ldap delete dn = Yes > > #delete user script = /usr/local/sbin/smbldap-userdel "%u" > > add group script = /usr/local/sbin/smbldap-groupadd -p "%g" > > #delete group script = /usr/local/sbin/smbldap-groupdel "%g" > > add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" > > delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" > > "%g" > > set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" > > add machine script = /usr/local/sbin/smbldap-useradd -w "%u" > > > > log file = /var/log/%m.log > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > > > os level = 33 > > domain logons = yes > > domain master = yes > > local master = yes > > preferred master = yes > > > > wins support = yes > > > > logon home = \\%L\%u\profiles > > logon path = \\%L\profiles\%u > > logon drive = H: > > > > template shell = /bin/false > > winbind use default domain = no > > > > [netlogon] > > path = /var/lib/samba/netlogon > > read only = yes > > browsable = no > > > > [profiles] > > path = /var/lib/samba/profiles > > read only = no > > create mask = 0600 > > directory mask = 0700 > > > > [homes] > > browsable = no > > writable = yes > > > > This may help also?? > > [root@depfyffer log]# smbpasswd -D 10 -a -m > Netbios name list:- > my_netbios_names[0]="DEPFYFFER" > Attempting to register passdb backend ldapsam > Successfully added passdb backend ''ldapsam'' > Attempting to register passdb backend ldapsam_compat > Successfully added passdb backend ''ldapsam_compat'' > Attempting to register passdb backend NDS_ldapsam > Successfully added passdb backend ''NDS_ldapsam'' > Attempting to register passdb backend NDS_ldapsam_compat > Successfully added passdb backend ''NDS_ldapsam_compat'' > Attempting to register passdb backend smbpasswd > Successfully added passdb backend ''smbpasswd'' > Attempting to register passdb backend tdbsam > Successfully added passdb backend ''tdbsam'' > Attempting to find an passdb backend to match ldapsam:ldap://depfyffer.com > (ldapsam) > Found pdb backend ldapsam > smbldap_search_domain_info: Searching > for:[(&(objectClass=sambaDomain)(sambaDomainName=DEPFYFFER))] > smbldap_search_ext: base => [dc=depfyffer,dc=com], filter => > [(&(objectClass=sambaDomain)(sambaDomainName=DEPFYFFER))], scope => [2] > The connection to the LDAP server was closed > smb_ldap_setup_connection: ldap://depfyffer.com > smbldap_open_connection: connection opened > ldap_connect_system: Binding to ldap server ldap://depfyffer.com as > "cn=Directory Manager" > ldap_connect_system: succesful connection to the LDAP server > ldap_connect_system: LDAP server does not support paged results > The LDAP server is succesfully connected > smbldap_get_single_attribute: [sambaAlgorithmicRidBase] = [<does not exist>] > pdb backend ldapsam:ldap://depfyffer.com has a valid init > smbldap_search_ext: base => [dc=depfyffer,dc=com], filter => > [(&(uid=root$)(objectclass=sambaSamAccount))], scope => [2] > ldapsam_getsampwnam: Unable to locate user [root$] count=0 > Failed to modify password entry for user root$---- assuming that you have installed smbldap-tools installed and configured properly (assuming facts not in evidence from the above), you would need to run smblpdap_populate which will automatically populate your LDAP with the needed configuration entries for Samba to work properly. Official Samba documentation lists the idealx tools (smbldap-tools) information here... http://samba.org/samba/docs/man/Samba-Guide/happy.html#sbeidealx and consider this section on making happy users... http://samba.org/samba/docs/man/Samba-Guide/happy.html#id2574922 Craig