Michael Nenishkis - List ID
2002-Oct-12 01:45 UTC
FW: [Samba] 2.2.5 LDAP/smbpasswd -L problem help.
Sorry, still stuck with this problem. It is a repost, please kindly shed me light. -----Original Message----- From: samba-admin@lists.samba.org [mailto:samba-admin@lists.samba.org] On Behalf Of Michael Joseph Nenishkis Sent: Saturday, September 28, 2002 1:03 AM To: samba@lists.samba.org Subject: [Samba] 2.2.5 LDAP/smbpasswd -L problem help. Guru's, I humbly ask you for help. I ran into a problem in which I cannot find the reason/fix. System: redhat 7.3 samba 2.2.5 --withldapsam nss_ldap configured to route the Unix UID/GID from same LDAP server. It is running well and am able to authenticate off the LDAP servers. One problem I am having right now is that I would like non-root administrators to be able to use smbpasswd -L option to reset user passwords. the /etc/samba/secrets.tdb is -rw-rw-r-- 1 root ADMIN 8192 Sep 27 18:19 /etc/samba/secrets.tdb *changed group rights so that user in ADMIN group of unix has write access -- as pointed out on the samba readme files. username, for example, on unix is joedoe. telnet to unix host as joedoe, type "id -G" shows 5 groups, for example. uid=510(joedoe) gid=100(users) groups=100(users),300(Group1),200(ADMIN),201(Group2),302(Group3) So joedoe is a member of the ADMIN group. SMB.conf is configured as follows: domain admin group = @ADMIN I am able to join NTworkstation into the domain as user joedoe, so samba understands domain admin = @admin = joedoe is a member. But, when I login to unix host as joedoe, and type smbpasswd -L maryjoe -D256 (enter) New SMB password: xxxxxx Retype SMB password: xxxxxx --cut cut--- ldap_open_connection: starting... user_in_list: checking user joedoe in list @ADMIN user_in_list: checking user |joedoe| against |@ADMIN| Unable to get default yp domain user_in_unix_group_list: checking user joedoe in group ADMIN user_in_unix_group_list: no such group ADMIN ldap_open_connection: cannot access LDAP when not root or a member of domain admin group.. Failed to find entry for user maryjoe. Failed to modify password entry for user maryjoe --- Seems Samba is not able to get the full group list for user joedoe. (?) I have looked into "user_in_unix_group_list" in the source and found there is a handle in lib/username.c but I have not clue what to do. Please kindly give me a pointer on this problem.. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
My understanding is that "domain admin group" is deprecated option. Have you tried using "admin users = @ADMIN" instead ? Michael Nenishkis - List ID wrote:> > Sorry, still stuck with this problem. > It is a repost, please kindly shed me light. > -----Original Message----- > From: samba-admin@lists.samba.org [mailto:samba-admin@lists.samba.org] > On Behalf Of Michael Joseph Nenishkis > Sent: Saturday, September 28, 2002 1:03 AM > To: samba@lists.samba.org > Subject: [Samba] 2.2.5 LDAP/smbpasswd -L problem help. > > Guru's, I humbly ask you for help. > I ran into a problem in which I cannot find the reason/fix. > > System: > redhat 7.3 > samba 2.2.5 --withldapsam > nss_ldap configured to route the Unix UID/GID from same LDAP server. > > It is running well and am able to authenticate off the LDAP servers. One > problem I am having right now is that I would like non-root > administrators to be able to use smbpasswd -L option to reset user > passwords. > > the /etc/samba/secrets.tdb is > -rw-rw-r-- 1 root ADMIN 8192 Sep 27 18:19 > /etc/samba/secrets.tdb > *changed group rights so that user in ADMIN group of unix has write > access -- as pointed out on the samba readme files. > > username, for example, on unix is joedoe. > telnet to unix host as joedoe, type "id -G" shows 5 groups, for example. > uid=510(joedoe) gid=100(users) > groups=100(users),300(Group1),200(ADMIN),201(Group2),302(Group3) > > So joedoe is a member of the ADMIN group. > > SMB.conf is configured as follows: > domain admin group = @ADMIN > > I am able to join NTworkstation into the domain as user joedoe, so samba > understands domain admin = @admin = joedoe is a member. > > But, when I login to unix host as joedoe, and type > smbpasswd -L maryjoe -D256 (enter) > New SMB password: xxxxxx > Retype SMB password: xxxxxx > --cut cut--- > ldap_open_connection: starting... > user_in_list: checking user joedoe in list @ADMIN > user_in_list: checking user |joedoe| against |@ADMIN| > Unable to get default yp domain > user_in_unix_group_list: checking user joedoe in group ADMIN > user_in_unix_group_list: no such group ADMIN > ldap_open_connection: cannot access LDAP when not root or a member of > domain admin group.. Failed to find entry for user maryjoe. Failed to > modify password entry for user maryjoe > --- > Seems Samba is not able to get the full group list for user joedoe. (?) > > I have looked into "user_in_unix_group_list" in the source and found > there is a handle in lib/username.c but I have not clue what to do. > > Please kindly give me a pointer on this problem.. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba