Hello there, I'm running 2.2.5 compiled with ACL and LDAP auth. The PDC used to work flawlessly using smbpasswd but I want to dual boot the workstations to Linux so I need a centralized LDAP authentication repository. Once I reinstalled the LDAPized samba I started populating the directory with the "well-known" identities using the smbldap tools (bear in mind I'm more of a UNIX guy so these MSisms are a bit of a black magic to me). Following that I started using smbldap-useradd to insert the users in the domain, chowning their homes to the new UNIX uids and wile I was at it, moved the profiles to a separate place in the filesystem (the profile used to be in unix HOME; worked fine but docs said it gives problems so I followed instructions). The situation is as follows: Users no longer have unix private group, their primary group is 100 (Users) which is default in those tools and logon to the NT4 machines is ok and attribute mapping is fully turned on (hoped this would cure the sync briefcase becoming a regular dir after roaming logoff/login). File/Directory masks are all 0777. I'm experiencing many problem with this configuration so please give me some hints (documentation pointers if necessary): MS Office keeps popping up the registration initials/username window as if is had been run for the first time (often locking up). Printing no longer works, eg. Acrobat 5 asks to define a default printer before proceeding but the control panel wizard refuses to run. Outlook express asks to choose a user profile from an empty list and creation of a new one fails. Homes drive mapping no longer works. Accounts belonging to Domain Admins group work ok. I'm not near the machines ATM, but I suspect it's the primary group that's @ fault; perhaps it sould be Domain Users. Can you confirm this or is there something worse @ play? Ciao, Edo
In the profiles share, do you have "nt acl support = no" ? If not, set it up and see if that helps. Edoardo Causarano wrote:> > Hello there, > > I'm running 2.2.5 compiled with ACL and LDAP auth. The PDC used to work > flawlessly using smbpasswd but I want to dual boot the workstations to > Linux so I need a centralized LDAP authentication repository. > > Once I reinstalled the LDAPized samba I started populating the directory > with the "well-known" identities using the smbldap tools (bear in mind > I'm more of a UNIX guy so these MSisms are a bit of a black magic to > me). Following that I started using smbldap-useradd to insert the users > in the domain, chowning their homes to the new UNIX uids and wile I was > at it, moved the profiles to a separate place in the filesystem (the > profile used to be in unix HOME; worked fine but docs said it gives > problems so I followed instructions). > > The situation is as follows: > Users no longer have unix private group, their primary group is 100 > (Users) which is default in those tools and logon to the NT4 machines is > ok and attribute mapping is fully turned on (hoped this would cure the > sync briefcase becoming a regular dir after roaming logoff/login). > File/Directory masks are all 0777. > > I'm experiencing many problem with this configuration so please give me > some hints (documentation pointers if necessary): MS Office keeps > popping up the registration initials/username window as if is had been > run for the first time (often locking up). Printing no longer works, eg. > Acrobat 5 asks to define a default printer before proceeding but the > control panel wizard refuses to run. Outlook express asks to choose a > user profile from an empty list and creation of a new one fails. Homes > drive mapping no longer works. Accounts belonging to Domain Admins group > work ok. > > I'm not near the machines ATM, but I suspect it's the primary group > that's @ fault; perhaps it sould be Domain Users. Can you confirm this > or is there something worse @ play? > > Ciao, > Edo > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba-- Yuri Pismerov, Sr. System Administrator, TUCOWS.COM INC. (416) 535-0123 ext. 1352
> Message: 11 > Date: Thu, 12 Sep 2002 15:15:30 +0200 > From: Edoardo Causarano <edoardocausarano@tin.it> > To: samba@lists.samba.org > Subject: [Samba] LDAP PDC problems > > Hello there, > > I'm running 2.2.5 compiled with ACL and LDAP auth. The PDC used to work > flawlessly using smbpasswd but I want to dual boot the workstations to > Linux so I need a centralized LDAP authentication repository. > > Once I reinstalled the LDAPized samba I started populating the directory > with the "well-known" identities using the smbldap toolsThere are better ways of doing this, since AFAICT, the smbldap tools are best suited for setting up from scratch. You could have used the migration tools to migrate your existing passwd/group/shadow info into LDAP. On Mandrake the scripts are in the openldap-migration pacage. Then, you should use the import script in the samba source: examples/LDAP/import_smbpasswd.pl to import the samba accounts from smbpasswd. You should now have all the info you had before. I still have some issues with smbldap tools (doesn't set objectClass=person, defaults to hard-coding the profile and login script, which kind of defeats the purpose of using LDAP and samba, so they need to be manually removed etc), but haven't gotten around to trying to fix them. (bear in mind> I'm more of a UNIX guy so these MSisms are a bit of a black magic to > me). Following that I started using smbldap-useradd to insert the users > in the domain, chowning their homes to the new UNIX uids and wile I was > at it, moved the profiles to a separate place in the filesystem (the > profile used to be in unix HOME; worked fine but docs said it gives > problems so I followed instructions). > > The situation is as follows: > Users no longer have unix private group, their primary group is 100 > (Users) which is default in those tools and logon to the NT4 machines is > ok and attribute mapping is fully turned on (hoped this would cure the > sync briefcase becoming a regular dir after roaming logoff/login). > File/Directory masks are all 0777. > > I'm experiencing many problem with this configuration so please give me > some hints (documentation pointers if necessary): MS Office keeps > popping up the registration initials/username window as if is had been > run for the first time (often locking up). Printing no longer works, eg. > Acrobat 5 asks to define a default printer before proceeding but the > control panel wizard refuses to run. Outlook express asks to choose a > user profile from an empty list and creation of a new one fails.Looks like symtoms of not being able to read and write to the registry. The users registry is by default only accessible to them (and probably admins), defined the the SID (I think). Since the rid has changed, you have now prevented all your users from modifying their own registry.> Homes > drive mapping no longer works.Don't know why this would be broken if you fixed the ownership.> Accounts belonging to Domain Admins group > work ok.Since they have rights on their profile, being admins.> > I'm not near the machines ATM, but I suspect it's the primary group > that's @ fault; perhaps it sould be Domain Users. Can you confirm this > or is there something worse @ play?I think the problem is that your rid's have changed. You need to either: 1)Delete all the user registries (ntuser.dat in their profile) 2)Revert to good backups and undo your uid changes, and reimport your users into LDAP using something besides smbldap tools (ie ldap-migration scripts and the samba import script). You may also want to read the recent ldap article on http://mandrakesecure.net -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7