Graham Leggett
2004-Mar-09 23:23 UTC
[Samba] Samba and LDAP backend - howto docs problems?
Hi all, I have followed the instructions at http://samba.mirror.ac.uk/samba/docs/man/passdb.html in an attempt to set up a Samba v3.0.2 (supplied by Redhat as part of RHEL v3.0) PDC. I have got as far as trying to get a windows 2k box to join this new domain that I have created, however this fails with the error "Logon failure: unknown user name or password". Samba itself logs nothing of this failure. Looking at the LDAP logs, I see that Samba is trying to do the following LDAP search: (&(&(uid=admin)(objectClass=sambaSamAccount))(objectClass=sambaSamAccount)) This search fails, because the ldif displayed in the howto does not include the sambaSamAccount objectclass in the admin object: dn: cn=admin,ou=People,dc=quenya,dc=org cn: admin objectclass: top objectclass: organizationalRole objectclass: simpleSecurityObject userPassword: {SSHA}c3ZM9tBaBo9autm1dL3waDS21+JSfQVz Does anyone have any step by step instructions for getting a Win2k box to join a Samba domain that is known to work? Regards, Graham --
John H Terpstra
2004-Mar-09 23:36 UTC
[Samba] Samba and LDAP backend - howto docs problems?
On Wed, 10 Mar 2004, Graham Leggett wrote:> Hi all, > > I have followed the instructions at > http://samba.mirror.ac.uk/samba/docs/man/passdb.html in an attempt toOk. I am one of the authors of that. It should work. Email me you smb.conf file and I will try to help.> set up a Samba v3.0.2 (supplied by Redhat as part of RHEL v3.0) PDC. > > I have got as far as trying to get a windows 2k box to join this new > domain that I have created, however this fails with the error "Logon > failure: unknown user name or password". > > Samba itself logs nothing of this failure. > > Looking at the LDAP logs, I see that Samba is trying to do the following > LDAP search: > (&(&(uid=admin)(objectClass=sambaSamAccount))(objectClass=sambaSamAccount)) > > This search fails, because the ldif displayed in the howto does not > include the sambaSamAccount objectclass in the admin object: > > dn: cn=admin,ou=People,dc=quenya,dc=org > cn: admin > objectclass: top > objectclass: organizationalRole > objectclass: simpleSecurityObject > userPassword: {SSHA}c3ZM9tBaBo9autm1dL3waDS21+JSfQVz > > Does anyone have any step by step instructions for getting a Win2k box > to join a Samba domain that is known to work?Fully documented step-by-step instructions that work with SuSE and Red Hat are in the new book "Samba-3 by Example" - can be ordered from Amazon.Com now. Will ship starting March 26th. Have you also checked chapter 2 of TOSHARG (The Official Samba-3 HOWTO and Reference Guide)? While not as comprehensive as the new book, this chapter was the seed that started the avalance of the "Give us more ..." litany that resulted in "Samba-3 by Example". Have you set up your scripts? - add user script - delete user script - add machine script - add group script - delete group script - add user to group script - etc. Have you test driven each manually to prove that it works? Have you configured nss_ldap and proven that it works? ie: getent passwd getent group Does: pdbedit -Lw list the users in the old smbpasswd format? Many, many more questions ... what have you done to demonstrate that each element of your configuration works? Cheers, John T. -- John H Terpstra Email: jht@samba.org
Diego Julian Remolina
2004-Mar-10 00:02 UTC
[Samba] Samba and LDAP backend - howto docs problems?
I also noticed this problem. I do not know why it happens, but did noticed the following which may help: I already have a few machines in an old samba-2.2.8 production environment. Those machines are already in dns, nis netgoups, etc. My new samba 3.0.2a does not restrict to any hosts yet. So if I run the command: /opt/local/samba/bin/smbpasswd -a -m mathpc22$ Then it succeds: oak:/etc/openldap/ldif # /opt/local/samba/bin/smbpasswd -a -m mathpc22$ Added user mathpc22$. while if I use a new hostname not listed in my dns/netgroups tables then it fails oak:/tmp/samba-3.0.2/source # /opt/local/samba/bin/smbpasswd -a -m diego Failed to initialise SAM_ACCOUNT for user diego$. Failed to modify password entry for user diego$ I am leaving the office right (oh man is 7pm, another 12 hour work day) now so I will try to find out if it wants the machine in dns or netgroups and will post again to the list to let you know what I find out. Diego On Tue, 9 Mar 2004, John H Terpstra wrote:> On Wed, 10 Mar 2004, Graham Leggett wrote: > > > Hi all, > > > > I have followed the instructions at > > http://samba.mirror.ac.uk/samba/docs/man/passdb.html in an attempt to > > Ok. I am one of the authors of that. It should work. Email me you > smb.conf file and I will try to help. > > > set up a Samba v3.0.2 (supplied by Redhat as part of RHEL v3.0) PDC. > > > > I have got as far as trying to get a windows 2k box to join this new > > domain that I have created, however this fails with the error "Logon > > failure: unknown user name or password". > > > > Samba itself logs nothing of this failure. > > > > Looking at the LDAP logs, I see that Samba is trying to do the following > > LDAP search: > > (&(&(uid=admin)(objectClass=sambaSamAccount))(objectClass=sambaSamAccount)) > > > > This search fails, because the ldif displayed in the howto does not > > include the sambaSamAccount objectclass in the admin object: > > > > dn: cn=admin,ou=People,dc=quenya,dc=org > > cn: admin > > objectclass: top > > objectclass: organizationalRole > > objectclass: simpleSecurityObject > > userPassword: {SSHA}c3ZM9tBaBo9autm1dL3waDS21+JSfQVz > > > > Does anyone have any step by step instructions for getting a Win2k box > > to join a Samba domain that is known to work? > > Fully documented step-by-step instructions that work with SuSE and Red Hat > are in the new book "Samba-3 by Example" - can be ordered from Amazon.Com > now. Will ship starting March 26th. > > Have you also checked chapter 2 of TOSHARG (The Official Samba-3 HOWTO and > Reference Guide)? While not as comprehensive as the new book, this chapter > was the seed that started the avalance of the "Give us more ..." litany > that resulted in "Samba-3 by Example". > > Have you set up your scripts? > - add user script > - delete user script > - add machine script > - add group script > - delete group script > - add user to group script > - etc. > > Have you test driven each manually to prove that it works? > > Have you configured nss_ldap and proven that it works? > ie: getent passwd > getent group > > Does: > pdbedit -Lw > > list the users in the old smbpasswd format? > > Many, many more questions ... what have you done to demonstrate that each > element of your configuration works? > > > Cheers, > John T. > -- > John H Terpstra > Email: jht@samba.org > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
Graham Leggett schrieb:> John H Terpstra wrote: > >>>> Have you set up your scripts? >>>> - add user script >>>> - delete user script >>>> - add machine script >>>> - add group script >>>> - delete group script >>>> - add user to group script >>>> - etc. > > > Another ccomment on the docs - the docs for samldap do not make any > mention of the smbldap-tools package, and the fact that it is required > in order to produce a usable system. > > And neither the samba docs, nor it would seem the smbldap-tools docs > make any mention of what command line settings are supposed to be used > in each case. > > Is it possible to add a section to the docs to cover this? > > Regards, > Graham > -- >Hi, yes the tools should be better described as they are in the smb sources i found it very hard at my first setup ldap smb. On the other Hand many setups are thinkable with ldap, a description to the ldap populate is only one way ( fast , working ) to come to a working smb ldap pdc Regards
John H Terpstra
2004-Mar-10 15:19 UTC
[Samba] Samba and LDAP backend - howto docs problems?
On Wed, 10 Mar 2004, Graham Leggett wrote:> John H Terpstra wrote: > > >>>Have you set up your scripts? > >>> - add user script > >>> - delete user script > >>> - add machine script > >>> - add group script > >>> - delete group script > >>> - add user to group script > >>> - etc. > > Another ccomment on the docs - the docs for samldap do not make any > mention of the smbldap-tools package, and the fact that it is required > in order to produce a usable system. > > And neither the samba docs, nor it would seem the smbldap-tools docs > make any mention of what command line settings are supposed to be used > in each case.Well they are mentioned under "Interdomain Trusts" - but I admit that is very obtuse. The use of these tools is documented in the book version of the Samba-HOWTO-Collection, "The Official Samba-3 HOWTO and Reference Guide" available from Amazon.Com. There are 5 chapters that are not in the HOWTO document - these will be released on April 5th with consent from Prentice-Hall (the book publisher).> > Is it possible to add a section to the docs to cover this?Please send me your patches. If you are not comfortable sending XML document patches, send me text to apply and I will put rectify the problem. Please note that the HOWTO is a green document - this means it is continually being updated. Each reprinting of the HOWTO book has the updates in it also. - John T. -- John H Terpstra Email: jht@samba.org
Seemingly Similar Threads
- Using the same LDAP entry for posixAccount and sambaSamAccount with smbldap
- posixAccount for Machines in LDAP?
- Issue providing seamless migrtion (3.0.24 to 3.5.6) - sambaNTPassword mystery
- Solution to smbldap-tools not adding sambaSAMAccount
- Problems with the IdealX scripts