Mohammad Reza
2004-Jul-20 07:50 UTC
[Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED
Dear lists... But this still un-solved the real problem to join w2k to samba3-ldap . I'm here with the same situation. I even switch my distro to SuSe with same result, still cant join domain. Please give us hint how to solve or debug this problem. regards reza -----Original Message----- From: Craig White [mailto:craigwhite@azapple.com] Sent: Tue 7/20/2004 9:48 AM To: samba@lists.samba.org Cc: Subject: Re: [Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED On Mon, 2004-07-19 at 19:34, Jos? Ildefonso Camargo Tolosa wrote:> >http://samba.idealx.org/smbldap-howto.fr.html as you > >recommended. I have one big question, which one do I > >put in '/etc/ldap.conf' > > > >nss_base_passwd dc=wbcoll,dc=edu?one > >nss_base_shadow dc=wbcoll,dc=edu?one > >nss_base_group ou=Groups,dc=wbcoll,dc=edu?one > > > >or > > > >nss_base_passwd ou=Users,dc=wbcoll,dc=edu?one > >nss_base_shadow ou=Users,dc=wbcoll,dc=edu?one > >nss_base_group ou=Groups,dc=wbcoll,dc=edu?one > > > > > Neither, use this: > > nss_base_passwd dc=wbcoll,dc=edu?sub > nss_base_shadow dc=wbcoll,dc=edu?sub > nss_base_group ou=Groups,dc=wbcoll,dc=edu?one > > Look at the sub, it tells the system to descend to all the sub-objects it may have. >--- It is pertinent to consider that this suggestion waives any efficiency for ease of use as it will tell all user lookups to search the entire LDAP tree. I already told him to use his second choice as that is most efficient. I recognize that your option would permit the option of trying to use a separate organizational unit for Computers but this guy is endlessly confused, and simple is clearly better for his purposes, without considering the impact of excessive searching of the LDAP db. Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
José Ildefonso Camargo Tolosa
2004-Jul-20 15:32 UTC
[Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED
Mohammad Reza wrote:>Dear lists... > >But this still un-solved the real problem to join w2k to samba3-ldap . >I'm here with the same situation. >I even switch my distro to SuSe with same result, still cant join domain. >Please give us hint how to solve or debug this problem. > >Sorry, I looked at the thread, and I don't have info about your problem with w2k. According to what I read at the link posted by Abebe, I think it may be a problem with the unix system not "seeing" the machine account created automatically by samba (ie, the smbldap-useradd script). You should be able to do a "su - winxp\$" as root, and it should log in: obelix:~# su - virtualxp\$ No directory, logging in with HOME=/ Off course, it will not give you a prompt as virtualxp\$, because the shell is /bin/false, but If the user didn't existed, it would answered: Unkown ID, or something like that.> >regards >reza > >-----Original Message----- >From: Craig White [mailto:craigwhite@azapple.com] >Sent: Tue 7/20/2004 9:48 AM >To: samba@lists.samba.org >Cc: >Subject: Re: [Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED >On Mon, 2004-07-19 at 19:34, Jos? Ildefonso Camargo Tolosa wrote: > > > >>>http://samba.idealx.org/smbldap-howto.fr.html as you >>>recommended. I have one big question, which one do I >>>put in '/etc/ldap.conf' >>> >>>nss_base_passwd dc=wbcoll,dc=edu?one >>>nss_base_shadow dc=wbcoll,dc=edu?one >>>nss_base_group ou=Groups,dc=wbcoll,dc=edu?one >>> >>>or >>> >>>nss_base_passwd ou=Users,dc=wbcoll,dc=edu?one >>>nss_base_shadow ou=Users,dc=wbcoll,dc=edu?one >>>nss_base_group ou=Groups,dc=wbcoll,dc=edu?one >>> >>> >>> >>> >>Neither, use this: >> >>nss_base_passwd dc=wbcoll,dc=edu?sub >>nss_base_shadow dc=wbcoll,dc=edu?sub >>nss_base_group ou=Groups,dc=wbcoll,dc=edu?one >> >>Look at the sub, it tells the system to descend to all the sub-objects it may have. >> >> >> >--- >It is pertinent to consider that this suggestion waives any efficiency >for ease of use as it will tell all user lookups to search the entire >LDAP tree. > >I already told him to use his second choice as that is most efficient. I >recognize that your option would permit the option of trying to use a >separate organizational unit for Computers but this guy is endlessly >confused, and simple is clearly better for his purposes, without >considering the impact of excessive searching of the LDAP db. > >Craig > > >
abebe lsslp
2004-Jul-20 15:36 UTC
[Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED
I was having trouble sleeping last night, so I start
going over your past e-mails. Do you remember you
asking me that I need to make sure LDAP is
authenticating system users? And I told you that it
was. I was not completely lying, it authenticates
'testuser1' with no problem. However, 'administrator'
is getting kicked out as soon as it logs in. Here is
what it looks like:
[root@eaglex root]# ssh administrator@192.168.1.10
administrator@192.168.1.10's password:
Last login: Tue Jul 20 09:49:05 2004 from 192.168.1.17
Connection to 192.168.1.10 closed.
[root@eaglex root]#
Here is part of 'slapd.log':
+++++++++++++++++++++++++++++++++++++++++++++++++++
Jul 20 10:22:31 eaglex slapd[20508]: conn=7 op=2 SRCH
attr=cn userPassword memberUid uniqueMember gidNumber
Jul 20 10:22:31 eaglex slapd[20508]: conn=7 op=2
SEARCH RESULT tag=101 err=0 nentries=1 textJul 20 10:22:31 eaglex slapd[20508]:
conn=7 fd=15
closed
Jul 20 10:25:17 eaglex slapd[20508]: conn=4 op=2 SRCH
base="dc=wbcoll,dc=edu" scope=2
filter="(&(objectClass=posixAccount)(uid=administrator))"
Jul 20 10:25:17 eaglex slapd[20508]: conn=4 op=2 SRCH
attr=uid userPassword uidNumber gidNumber cn
homeDirectory loginShell gecos description objectClass
Jul 20 10:25:17 eaglex slapd[20508]: conn=4 op=2
SEARCH RESULT tag=101 err=0 nentries=1 textJul 20 10:25:19 eaglex slapd[20508]:
conn=8 fd=15
ACCEPT from IP=127.0.0.1:33263 (IP=0.0.0.0:389)
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=0 BIND
dn="cn=Manager,dc=wbcoll,dc=edu" method=128
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=0 BIND
dn="cn=Manager,dc=wbcoll,dc=edu" mech=simple ssf=0
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=0
RESULT tag=97 err=0 textJul 20 10:25:19 eaglex slapd[20508]: conn=8 op=1 SRCH
base="dc=wbcoll,dc=edu" scope=2
filter="(uid=Administrator)"
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=1
SEARCH RESULT tag=101 err=0 nentries=1 textJul 20 10:25:19 eaglex slapd[20508]:
conn=8 op=2 BIND
anonymous mech=implicit ssf=0
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=2 BIND
dn="uid=Administrator,ou=Users,dc=wbcoll,dc=edu"
method=128
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=2 BIND
dn="uid=Administrator,ou=Users,dc=wbcoll,dc=edu"
mech=simple ssf=0
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=2
RESULT tag=97 err=0 textJul 20 10:25:19 eaglex slapd[20508]: conn=8 op=3 BIND
anonymous mech=implicit ssf=0
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=3 BIND
dn="cn=Manager,dc=wbcoll,dc=edu" method=128
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=3 BIND
dn="cn=Manager,dc=wbcoll,dc=edu" mech=simple ssf=0
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=3
RESULT tag=97 err=0 textJul 20 10:25:19 eaglex slapd[20508]: conn=9 fd=18
ACCEPT from IP=127.0.0.1:33264 (IP=0.0.0.0:389)
Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=0 BIND
dn="cn=Manager,dc=wbcoll,dc=edu" method=128
Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=0 BIND
dn="cn=Manager,dc=wbcoll,dc=edu" mech=simple ssf=0
Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=0
RESULT tag=97 err=0 textJul 20 10:25:19 eaglex slapd[20508]: deferring
operation
Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=1 SRCH
base="dc=wbcoll,dc=edu" scope=2
filter="(&(objectClass=shadowAccount)(uid=Administrator))"
Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=1 SRCH
attr=uid userPassword shadowLastChange shadowMax
shadowMin shadowWarning shadowInactive shadowExpire
Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=1
SEARCH RESULT tag=101 err=0 nentries=1 textJul 20 10:25:20 eaglex slapd[20508]:
conn=8 op=4
UNBIND
Jul 20 10:25:20 eaglex slapd[20508]: conn=8 fd=15
closed
Jul 20 10:25:20 eaglex slapd[20508]: conn=10 fd=15
ACCEPT from IP=127.0.0.1:33265 (IP=0.0.0.0:389)
Jul 20 10:25:20 eaglex slapd[20508]: conn=9 fd=18
closed
Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=0 BIND
dn="cn=Manager,dc=wbcoll,dc=edu" method=128
Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=0 BIND
dn="cn=Manager,dc=wbcoll,dc=edu" mech=simple ssf=0
Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=0
RESULT tag=97 err=0 textJul 20 10:25:20 eaglex slapd[20508]: conn=10 op=1 SRCH
base="dc=wbcoll,dc=edu" scope=2
filter="(uid=Administrator)"
Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=1
SEARCH RESULT tag=101 err=0 nentries=1 textJul 20 10:25:20 eaglex slapd[20508]:
conn=10 op=2 SRCH
base="ou=Groups,dc=wbcoll,dc=edu" scope=1
filter="(&(objectClass=posixGroup)(|(memberUid=Administrator)(uniqueMember=uid=administrator,ou=users,dc=wbcoll,dc=edu)))"
Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=2 SRCH
attr=cn userPassword memberUid uniqueMember gidNumber
Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=2
SEARCH RESULT tag=101 err=0 nentries=1 textJul 20 10:25:20 eaglex slapd[20508]:
conn=10 fd=15
closed
+++++++++++++++++++++++++++++++++++++++++++++++++++
Is it alright if I delete the files in
'/var/lib/ldap/*' before I use 'slapindex'?
When I do the 'ldapsearch' command, machine entry does
not exist anymore.
Here is my 'smb.conf' after taking out what you told
me and using 'testparm -s > /tmp/smb.conf'
+++++++++++++++++++++++++++++++++++++++++++++
[root@eaglex root]# cat /tmp/smb.conf
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[Profiles]"
Processing section "[printers]"
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
# Global parameters
[global]
workgroup = AGUILAS
netbios name = EALGEX
server string = Samba-LDAP PDC Server
map to guest = Bad User
passdb backend = ldapsam:ldap://127.0.0.1/
username map = /etc/samba/smbusers
log level = 10
log file = /var/log/samba/%m.log
max log size = 10000
time server = Yes
deadtime = 10
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
printcap name = cups
add user script = /usr/sbin/smbldap-useradd -m
"%u"
add group script = /usr/sbin/smbldap-groupadd
-p "%g"
add user to group script /usr/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script /usr/sbin/smbldap-groupmod -x
"%u" "%g"
set primary group script /usr/sbin/smbldap-usermod -g "%g"
"%u"
add machine script = /usr/sbin/smbldap-useradd
-w "%u"
logon script = logon.bat
logon path logon drive = H:
logon home domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
ldap suffix = dc=wbcoll,dc=edu
ldap machine suffix ou=People,dc=wbcoll,dc=edu
ldap user suffix = ou=Users,dc=wbcoll,dc=edu
ldap group suffix = ou=Groups,dc=wbcoll,dc=edu
ldap idmap suffix = dc=wbcoll,dc=edu
ldap admin dn = cn=Manager,dc=wbcoll,dc=edu
ldap passwd sync = Yes
ldap delete dn = Yes
printer admin = @print Operators
create mask = 0640
directory mask = 0750
hosts allow = 192.168.1., 192.168.2., 127.
printing = cups
dont descend /proc,/dev,/etc,/lib,/lost+found,/initrd
[homes]
comment = Home Directories
read only = No
browseable = No
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = Yes
share modes = No
++++++++++++++++++++++++++++++++++++++++++++++++
once again,
Ambex
__________________________________
Do you Yahoo!?
Vote for the stars of Yahoo!'s next ad campaign!
http://advision.webevents.yahoo.com/yahoo/votelifeengine/
abebe lsslp
2004-Jul-28 20:11 UTC
[Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED
So....here I am with some more of my problem :(
Sorry for the slow response to your last e-mails, I had to give up my xp machine
and had to wait till I get a new one. We were also having trouble with our ISP
(cox) for me to VPN from my home xp machine.
Back to the real deal... I have decided not to assume anything and to take it
step by step :) Craig..I have followed your advice and I am using
'people' instead of 'Computers'.
NOTE:
- Have 'root= administrator' in /etc/samba/smbusers
- Have done the appropriate chages to the xp registery
-[root@eaglex root]# smbldap-usershow administrator
dn: uid=Administrator,ou=Users,dc=wbcoll,dc=edu
cn: Administrator
sn: Administrator
objectClass: inetOrgPerson,sambaSAMAccount,posixAccount,shadowAccount
gidNumber: 512
uid: Administrator
uidNumber: 0
homeDirectory: /home/
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaHomePath: \\EAGLEX\homes
sambaHomeDrive: H:
sambaPrimaryGroupSID: S-1-5-21-3864350619-1217412381-2490860374-512
sambaSID: S-1-5-21-3864350619-1217412381-2490860374-2996
loginShell: /bin/false
gecos: Netbios Domain Administrator
sambaAcctFlags: [U]
sambaPwdMustChange: 1098811932
sambaLMPassword: F70389E8F4B94063AAD3B435B51404EE
sambaPwdLastSet: 1091035932
sambaNTPassword: 60BED106E19D7A3F919FA1919125FFBA
userPassword: {SSHA}3zMR3Ds/5knGujxtByOIYPjl0mVBhJgr
ERROR: (having trouble joining XP (xptest) to domain).
The following error occured attempting to join the domain "AGUILAS":
'Access is denied.'
And here is part of the error message in 'xptest.log':
[2004/07/28 13:59:39, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[AGUILAS]\[administrator]@[XPTEST] with the new password interface
[2004/07/28 13:59:39, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [AGUILAS]\[root]@[XPTEST]
[2004/07/28 13:59:39, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2004/07/28 13:59:39, 3] smbd/uid.c:push_conn_ctx(364)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2004/07/28 13:59:39, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/07/28 13:59:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/07/28 13:59:39, 3] auth/auth_sam.c:check_sam_security(202)
check_sam_security: Couldn't find user 'root' in passdb file.
[2004/07/28 13:59:39, 3] auth/auth_winbind.c:check_winbind_security(80)
check_winbind_security: Not using winbind, requested domain [AGUILAS] was for
this SAM.
[2004/07/28 13:59:39, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [administrator] -> [root] FAILED
with error NT_STATUS_NO_SUCH_USER
[2004/07/28 13:59:39, 3] smbd/sesssetup.c:do_map_to_guest(41)
No such user administrator [AGUILAS] - using guest account
QUESTION:
1) Do I have to add 'smbpasswd -a root' or 'smbpasswd -a
administrator'?
2) NT_STATUS_NO_SUCH_USER ? 'pdbedit -LV administrator' shows that the
user exist
3) do 'root' and 'administrator' have to have the same password?
Ambex
---------------------------------
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
Christian.Wittmer@intercomponentware.com
2004-Jul-29 06:52 UTC
[Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED
abebe lsslp <peaceofcrap2001@yahoo.com>
Sent by:
samba-bounces+christian.wittmer=intercomponentware.com@lists.samba.org
28.07.2004 22:11
To: Samba Samba <samba@lists.samba.org>
cc:
Subject: Re: [Samba] Samba+LDAP - so close yet so far :)
...STILL NOT SOLVED
>Back to the real deal... I have decided not to assume anything and to
take it step by step :) Craig..I have >followed your advice and I am using
'people' instead of 'Computers'.
OK, if you store Computers and Users in ou=People that's ok
>NOTE:
>- Have 'root= administrator' in /etc/samba/smbusers
no remove it>- Have done the appropriate chages to the xp registery
You do not need any modifications
>-[root@eaglex root]# smbldap-usershow administrator
>dn: uid=Administrator,ou=Users,dc=wbcoll,dc=edu
I think you use ou=People ?!
>cn: Administrator
>sn: Administrator
>objectClass: inetOrgPerson,sambaSAMAccount,posixAccount,shadowAccount
>gidNumber: 512
>uid: Administrator
>uidNumber: 0
>homeDirectory: /home/
>sambaLogonTime: 0
>sambaLogoffTime: 2147483647
>sambaKickoffTime: 2147483647
>sambaPwdCanChange: 0
>sambaHomePath: \\EAGLEX\homes
>sambaHomeDrive: H:
>sambaPrimaryGroupSID: S-1-5-21-3864350619-1217412381-2490860374-512
>sambaSID: S-1-5-21-3864350619-1217412381-2490860374-2996
>loginShell: /bin/false
>gecos: Netbios Domain Administrator
>sambaAcctFlags: [U]
>sambaPwdMustChange: 1098811932
>sambaLMPassword: F70389E8F4B94063AAD3B435B51404EE
>sambaPwdLastSet: 1091035932
>sambaNTPassword: 60BED106E19D7A3F919FA1919125FFBA
>userPassword: {SSHA}3zMR3Ds/5knGujxtByOIYPjl0mVBhJgr
>ERROR: (having trouble joining XP (xptest) to domain).
>The following error occured attempting to join the domain
"AGUILAS":
>'Access is denied.'
Error is shown in the LOG
And here is part of the error message in 'xptest.log':
>[2004/07/28 13:59:39, 3] auth/auth.c:check_ntlm_password(219)
>check_ntlm_password: Checking password for unmapped user
[AGUILAS]\[administrator]@[XPTEST] with the new >password interface
>[2004/07/28 13:59:39, 3] auth/auth.c:check_ntlm_password(222)
>check_ntlm_password: mapped user is: [AGUILAS]\[root]@[XPTEST]
Here is the error.
Remove usermapping in smbusers. Administrator should not be mapped to root
!!!
>[2004/07/28 13:59:39, 3] smbd/sec_ctx.c:push_sec_ctx(256)
>push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
>[2004/07/28 13:59:39, 3] smbd/uid.c:push_conn_ctx(364)
>push_conn_ctx(0) : conn_ctx_stack_ndx = 0
>[2004/07/28 13:59:39, 3] smbd/sec_ctx.c:set_sec_ctx(288)
>setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>[2004/07/28 13:59:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
>pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>[2004/07/28 13:59:39, 3] auth/auth_sam.c:check_sam_security(202)
>check_sam_security: Couldn't find user 'root' in passdb file.
>[2004/07/28 13:59:39, 3] auth/auth_winbind.c:check_winbind_security(80)
>check_winbind_security: Not using winbind, requested domain [AGUILAS] was
for this SAM. >[2004/07/28 13:59:39, 2] auth/auth.c:check_ntlm_password(312)
>check_ntlm_password: Authentication for user [administrator] -> [root]
FAILED with error NT_STATUS_NO_SUCH_USER >[2004/07/28 13:59:39, 3] smbd/sesssetup.c:do_map_to_guest(41)
>No such user administrator [AGUILAS] - using guest account
>QUESTION:
>1) Do I have to add 'smbpasswd -a root' or 'smbpasswd -a
administrator'?
No. See comment in LOG
>2) NT_STATUS_NO_SUCH_USER ? 'pdbedit -LV administrator' shows that
the
user exist
Try 'smbclient -L [YOURHOST] -UAdministrator%password'
where password is the the password you gave Administrator
you can check if you can access shares on your samba
>3) do 'root' and 'administrator' have to have the same
password?
No, Admnistrator only need to have the uid=0, and he has it.
If you have 2 ou, one for Users and one for Computers then you need to
have /etc/ldap.conf like as following.
This is a must have when not using NIS !!!!
#
# This is the configuration file for the LDAP nameservice
# switch library, the LDAP PAM module and the shadow package.
#
.....snip
# RFC2307bis naming contexts
# Syntax:
# nss_base_XXX base?scope?filter
# where scope is {base,one,sub}
# and filter is a filter to be &'d with the
# default filter.
# You can omit the suffix eg:
# nss_base_passwd ou=People,
# to append the default base DN but this
# may incur a small performance impact.
#nss_base_passwd ou=People,dc=icw,dc=com?sub # uncomment when usin
NIS
#nss_base_shadow ou=People,dc=icw,dc=com?sub # uncomment when using
NIS
nss_base_group ou=Groups,dc=icw,dc=com?sub
nss_base_hosts ou=Machines,dc=icw,dc=com?sub
....
When any other Questions will come along, just mail me.
Christian
---------------------------------
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Christian.Wittmer@intercomponentware.com
2004-Jul-30 07:23 UTC
[Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED
abebe lsslp <peaceofcrap2001@yahoo.com>
30.07.2004 01:35
To: Christian.Wittmer@intercomponentware.com
cc:
Subject: Re: [Samba] Samba+LDAP - so close yet so far :)
...STILL NOT SOLVED
Hey Christian,
Thanks for your response and your willingness to help me out! However, I
am so excited to tell you that I have been able to join the domain for
right now. As you said, commenting out "root=administrator" in
'/etc/samba/smbusers' and then 'smbpasswd -a administrator'
fixed the
problem. > #nss_base_passwd ou=People,dc=icw,dc=com?sub # uncomment when usin NIS
> #nss_base_shadow ou=People,dc=icw,dc=com?sub # uncomment when using NIS
:))
>Don't you have to have the n 'nss_base_shadow'?
Only when your using NIS.
The problem is when joining Machine to Domain samba searches in ou=Peolple
because of "nss_base_shadow|passwd"
And I read this in the smbldap-tools Mailinglist (www.idealx.org)
> nss_base_group ou=Groups,dc=icw,dc=com?sub
> nss_base_hosts ou=Machines,dc=icw,dc=com?sub
>What version did the samba team fix the ou= Machines for hosts?
I started manage LDAP with "LAM" and there are Machines and not
Computers
so I stayed on Machines.
Now I make quick mods on LDAP with "phpMyLDAPAdmin" it's great.
>I will contact you if I have trouble with this as I configure Samba+LDAP
on the production box.
OK
Thanks again,
Ambex
Chris
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!