Mother always told me that there'd be days like this. She just didn't tell me that they go on for weeks. OK - John's book suggests that we're not complete in this arena here...Yeah, I bought the Samba 3 How-to-guide - Borders/Phoenix had 3 on the shelf (now 2) - and also an LDAP book for reference. It's been a fun weekend ;-) problemo... # smbpasswd -x -i MULLEN ldapsam_delete_entry: Could not delete attributes for uid=mullen$,ou=People,o=Mullen,c=US, error: Object class violation (object class 'person' requires attribute 'cn') Failed to delete entry for user MULLEN$. Failed to modify password entry for user MULLEN$ [must check - yes, cn=MULLEN$ is there, but the $ is probably kinking the hose...dunno - it found it in simple search further down email] # net rpc trustdom list Password: The username or password was not correct. [2003/12/21 23:08:46, 0] utils/net_rpc.c:rpc_trustdom_list(2028) Couldn't connect to domain controller [too tired to figure this last one out] # ldapsearch -x -h localhost -b 'o=Mullen,c=US' '(uid=MULLEN$)' version: 2 # # filter: (uid=MULLEN$) # requesting: ALL # # mullen$, People, Mullen, US dn: uid=mullen$,ou=People,o=Mullen,c=US uid: mullen$ cn: mullen$ sn: mullen$ mail: mullen$@mullenpr.com objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: kerberosSecurityObject objectClass: sambaSamAccount krbName: mullen$@MULLENPR.COM loginShell: /bin/false uidNumber: 1001 gidNumber: 1001 homeDirectory: /home/mullen sambaSID: S-1-5-21-3186189368-1246494298-1334198317-3002 sambaPrimaryGroupSID: S-1-5-21-3186189368-1246494298-1334198317-3003 sambaPwdCanChange: 1072073389 sambaPwdMustChange: 2147483647 sambaLMPassword: the-names-have-been-changed sambaNTPassword: to-protect-the-innocent sambaPwdLastSet: 1072073389 sambaAcctFlags: [I ] yes, there's an entry in /etc/passwd for MULLEN$ (had to hand edit after adding the user mullen) interdomain trust was working earlier today - but I ended up purging the LDAP one last time because I had to get rid of SID's from original domain captured by net rpc vampire and create a new SID for the second domain. wanted to just delete the trust from LINUX-DOMAIN to WINDOWS-DOMAIN to start over. Trust from WINDOWS-DOMAIN to LINUX-DOMAIN seems OK. Learning Samba 3 (so much has changed from 2.2x) simultaneously with LDAP has been a numbing experience. Methinks that there are config stuff for smb3 that aren't in LDAP db - possibly in secrets.tdb - sort of samba's equiv to the Windows registry. Don't mind passwords, but where do they hide the things like group mapping and domain trusts? I probably should have 'nuked' the secrets.tdb but I'm tired, chicken and perhaps someone will shine light in the dark corners. Craig
Monday, December 22, 2003, 1:40:12 PM, Craig wrote:> # smbpasswd -x -i MULLENMe myself did not 'trust' smbpasswd or pdbedit tools to modify any attributes in ldap, because most account are not samba specific account only. better to write your own script for better control of ldap entry.> Learning Samba 3 (so much has changed from 2.2x) simultaneously with > LDAP has been a numbing experience. Methinks that there are config stuff > for smb3 that aren't in LDAP db - possibly in secrets.tdb - sort of > samba's equiv to the Windows registry. Don't mind passwords, but where > do they hide the things like group mapping and domain trusts? I probably > should have 'nuked' the secrets.tdb but I'm tired, chicken and perhaps > someone will shine light in the dark corners.groupmapping is stored in ldap, see sambaGroupMapping objectclass. --beast
Hi Craig I'm new to Samba 3, and I still have problems with LDAP ;o) But maybe i can help on this... I think you want to remove a Workstation (the $ told me that) but there're not the W flag in sambaAcctFlags. Sorry if I'm wrong... Seb. Selon Craig White <craigwhite@azapple.com>:> Mother always told me that there'd be days like this. She just didn't > tell me that they go on for weeks. > > OK - John's book suggests that we're not complete in this arena > here...Yeah, I bought the Samba 3 How-to-guide - Borders/Phoenix had 3 > on the shelf (now 2) - and also an LDAP book for reference. It's been a > fun weekend ;-) > > problemo... > > # smbpasswd -x -i MULLEN > ldapsam_delete_entry: Could not delete attributes for > uid=mullen$,ou=People,o=Mullen,c=US, error: Object class violation > (object class 'person' requires attribute 'cn') > Failed to delete entry for user MULLEN$. > Failed to modify password entry for user MULLEN$ > > [must check - yes, cn=MULLEN$ is there, but the $ is probably kinking > the hose...dunno - it found it in simple search further down email] > > # net rpc trustdom list > Password: > The username or password was not correct. > [2003/12/21 23:08:46, 0] utils/net_rpc.c:rpc_trustdom_list(2028) > Couldn't connect to domain controller > > [too tired to figure this last one out] > > # ldapsearch -x -h localhost -b 'o=Mullen,c=US' '(uid=MULLEN$)' > version: 2 > > # > # filter: (uid=MULLEN$) > # requesting: ALL > # > > # mullen$, People, Mullen, US > dn: uid=mullen$,ou=People,o=Mullen,c=US > uid: mullen$ > cn: mullen$ > sn: mullen$ > mail: mullen$@mullenpr.com > objectClass: person > objectClass: organizationalPerson > objectClass: inetOrgPerson > objectClass: posixAccount > objectClass: top > objectClass: kerberosSecurityObject > objectClass: sambaSamAccount > krbName: mullen$@MULLENPR.COM > loginShell: /bin/false > uidNumber: 1001 > gidNumber: 1001 > homeDirectory: /home/mullen > sambaSID: S-1-5-21-3186189368-1246494298-1334198317-3002 > sambaPrimaryGroupSID: S-1-5-21-3186189368-1246494298-1334198317-3003 > sambaPwdCanChange: 1072073389 > sambaPwdMustChange: 2147483647 > sambaLMPassword: the-names-have-been-changed > sambaNTPassword: to-protect-the-innocent > sambaPwdLastSet: 1072073389 > sambaAcctFlags: [I ] > > yes, there's an entry in /etc/passwd for MULLEN$ (had to hand edit after > adding the user mullen) > > interdomain trust was working earlier today - but I ended up purging the > LDAP one last time because I had to get rid of SID's from original > domain captured by net rpc vampire and create a new SID for the second > domain. > > wanted to just delete the trust from LINUX-DOMAIN to WINDOWS-DOMAIN to > start over. Trust from WINDOWS-DOMAIN to LINUX-DOMAIN seems OK. > > Learning Samba 3 (so much has changed from 2.2x) simultaneously with > LDAP has been a numbing experience. Methinks that there are config stuff > for smb3 that aren't in LDAP db - possibly in secrets.tdb - sort of > samba's equiv to the Windows registry. Don't mind passwords, but where > do they hide the things like group mapping and domain trusts? I probably > should have 'nuked' the secrets.tdb but I'm tired, chicken and perhaps > someone will shine light in the dark corners. > > Craig > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >