Hi all
I have samb3 with LDAP , My query is
1. My clients are windows 2000 professional, and the clients are not able to
join the domain
but if add the computer name in /etc/passwd
ie computername$:x:110:200::/bin/false:/dev/null
and then do smbpasswd -a -m computername , the computer is able to join the
domain
but i have mentioned the add machine script in smb.conf file
2. After Joining the domain, i am unable to login as Administrator, but able
to login as root
if i give command getent passwd | grep Administrator , there is no output
3. How do i create groups , and add users to the groups, it is not taking
system groups,
when i do smbldap-populate, it adds people,group, Domain Admins, Domain
Users, etc and root, but not system groups
so how to add system groups ,
4. in have smbldap-tool 0.9 , in that there is no mkntpasswd , is it ok, or
this should be there, when i downloaded from the IDEALX website, it was not
there int the TAR.gz file.
my smb.conf file is as follows
################################################
[global]
workgroup = testdomain.com
server string = Samba Server
interfaces = eth0, lo
bind interfaces only = yes
passdb backend = ldapsam:ldap://testdomain.com
min passwd length = 8
hosts allow = 192.168.129. 192.168.130. 127.
printcap name = /etc/printcap
load printers = yes
cups options = raw
log file = /var/log/samba/%m.log
max log size = 50
security = user
encrypt passwords = yes
unix password sync = Yes
passwd program = /usr/local/sbin/smbldap-passwd -u %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x
"%u"
"%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g '%g'
'%u'
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = no
os level = 65
domain master = yes
preferred master = yes
domain logons = yes
logon script = %U.bat
logon path = \\%L\Profiles\%U
wins support = yes
dns proxy = no
ldap suffix = dc=msdpl,dc=com
ldap machine suffix = ou=Computers
ldap user suffix = ou=People
ldap group suffix = ou=Groups
#============================ Share Definitions
============================= ldap idmap suffix = ou=Idmap
ldap admin dn = cn=manager,dc=msdpl,dc=com
idmap backend = ldap:ldap://testdomain.com
idmap uid = 10000-20000
idmap gid = 10000-20000
map acl inherit = yes
template shell = /bin/false
winbind use default domain = no
#============================ Share Definitions
=============================[homes]
comment = Home Directories
browseable = no
writable = yes
# Un-comment the following and create the netlogon directory for Domain
Logons
[netlogon]
comment = Network Logon Service
path = /home/netlogon
guest ok = yes
writable = no
share modes = no
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
[Profiles]
path = /home/profiles
browseable = no
# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
# Set public = yes to allow user 'guest account' to print
guest ok = no
writable = no
printable = yes
# This one is useful for people to share files
;[tmp]
; comment = Temporary file space
; path = /tmp
; read only = no
; public = yes
# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; read only = yes
; write list = @staff
# Other examples.
#
# A private printer, usable only by fred. Spool data will be placed in
fred's
# home directory. Note that fred must have write access to the spool
directory,
# wherever it is.
;[fredsprn]
; comment = Fred's Printer
; valid users = fred
; path = /homes/fred
; printer = freds_printer
; public = no
; writable = no
; printable = yes
# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
; comment = Fred's Service
; path = /usr/somewhere/private
; valid users = fred
; public = no
; writable = yes
; printable = no
# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %u option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
; comment = PC Directories
; path = /usr/pc/%m
; public = no
; writable = yes
# A publicly accessible directory, read/write to all users. Note that all
files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of
course
# be specified, in which case all files would be owned by that user instead.
;[public]
; path = /usr/somewhere/else/public
; public = yes
; only guest = yes
; writable = yes
; printable = no
# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In
this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
; comment = Mary's and Fred's stuff
; path = /usr/somewhere/shared
; valid users = mary fred
; public = no
; writable = yes
; printable = no
; create mask = 0765
##############################################################################
slapcat output of my LDAP Database
#############################################################################
dn: dc=msdpl,dc=com
objectClass: dcObject
objectClass: organization
o: msdpl
dc: msdpl
structuralObjectClass: organization
entryUUID: 05229ea4-0313-102a-8c6c-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#000001#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z
dn: ou=People,dc=msdpl,dc=com
objectClass: organizationalUnit
ou: People
structuralObjectClass: organizationalUnit
entryUUID: 05260012-0313-102a-8c6d-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#000002#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z
dn: ou=Groups,dc=msdpl,dc=com
objectClass: organizationalUnit
ou: Groups
structuralObjectClass: organizationalUnit
entryUUID: 05289b92-0313-102a-8c6e-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#000003#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z
dn: ou=Computers,dc=msdpl,dc=com
objectClass: organizationalUnit
ou: Computers
structuralObjectClass: organizationalUnit
entryUUID: 052b98e2-0313-102a-8c6f-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#000004#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z
dn: ou=Idmap,dc=msdpl,dc=com
objectClass: organizationalUnit
ou: Idmap
structuralObjectClass: organizationalUnit
entryUUID: 052cc0f0-0313-102a-8c70-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#000005#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z
dn: uid=root,ou=People,dc=msdpl,dc=com
cn: root
sn: root
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: shadowAccount
gidNumber: 0
uid: root
uidNumber: 0
homeDirectory: /home/root
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaHomePath: \\medhapdc\root
sambaHomeDrive: X:
sambaProfilePath: \\%L\profiles\root
sambaPrimaryGroupSID: S-1-5-21-733529158-2951540498-1078206000-512
sambaSID: S-1-5-21-733529158-2951540498-1078206000-500
loginShell: /bin/false
gecos: Netbios Domain Administrator
structuralObjectClass: inetOrgPerson
entryUUID: 052f6cd8-0313-102a-8c71-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
sambaLMPassword: 570CE399DA1412ABAAD3B435B51404EE
sambaNTPassword: B9D2D4955B330B503CC792EB6A55BB1F
userPassword:: e01ENX00bm1LOFNwNkQwOXd0TmFlKzhKZlRRPT0sambaPwdMustChange:
2147483647
sambaPasswordHistory:
00000000000000000000000000000000000000000000000000000000
00000000
sambaAcctFlags: [U ]
sambaPwdCanChange: 1134804146
sambaPwdLastSet: 1134804146
entryCSN: 20051217072226Z#000001#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217072226Z
dn: uid=nobody,ou=People,dc=msdpl,dc=com
cn: nobody
sn: nobody
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: shadowAccount
gidNumber: 514
uid: nobody
uidNumber: 999
homeDirectory: /dev/null
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaHomePath: \\medhapdc\nobody
sambaHomeDrive: X:
sambaProfilePath: \\%L\profiles\nobody
sambaPrimaryGroupSID: S-1-5-21-733529158-2951540498-1078206000-514
sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
sambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
sambaAcctFlags: [NUD ]
sambaSID: S-1-5-21-733529158-2951540498-1078206000-2998
loginShell: /bin/false
structuralObjectClass: inetOrgPerson
entryUUID: 0536d040-0313-102a-8c72-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#000007#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z
dn: cn=Domain Admins,ou=Groups,dc=msdpl,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 512
cn: Domain Admins
memberUid: root
description: Netbios Domain Administrators
sambaSID: S-1-5-21-733529158-2951540498-1078206000-512
sambaGroupType: 2
displayName: Domain Admins
structuralObjectClass: posixGroup
entryUUID: 05396d64-0313-102a-8c73-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#000008#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z
dn: cn=Domain Users,ou=Groups,dc=msdpl,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 513
cn: Domain Users
description: Netbios Domain Users
sambaSID: S-1-5-21-733529158-2951540498-1078206000-513
sambaGroupType: 2
displayName: Domain Users
structuralObjectClass: posixGroup
entryUUID: 053c775c-0313-102a-8c74-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
memberUid: nir
memberUid: administrator
memberUid: test
entryCSN: 20051217065939Z#000003#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217065939Z
dn: cn=Domain Guests,ou=Groups,dc=msdpl,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 514
cn: Domain Guests
description: Netbios Domain Guests Users
sambaSID: S-1-5-21-733529158-2951540498-1078206000-514
sambaGroupType: 2
displayName: Domain Guests
structuralObjectClass: posixGroup
entryUUID: 053ec534-0313-102a-8c75-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#00000a#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z
dn: cn=Domain Computers,ou=Groups,dc=msdpl,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 515
cn: Domain Computers
description: Netbios Domain Computers accounts
sambaSID: S-1-5-21-733529158-2951540498-1078206000-515
sambaGroupType: 2
displayName: Domain Computers
structuralObjectClass: posixGroup
entryUUID: 05416aa0-0313-102a-8c76-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#00000b#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z
dn: cn=Administrators,ou=Groups,dc=msdpl,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 544
cn: Administrators
description: Netbios Domain Members can fully administer the
computer/sambaDom
ainName
sambaSID: S-1-5-32-544
sambaGroupType: 5
displayName: Administrators
structuralObjectClass: posixGroup
entryUUID: 0545b024-0313-102a-8c77-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#00000c#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z
dn: cn=Account Operators,ou=Groups,dc=msdpl,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 548
cn: Account Operators
description: Netbios Domain Users to manipulate users accounts
sambaSID: S-1-5-32-548
sambaGroupType: 5
displayName: Account Operators
structuralObjectClass: posixGroup
entryUUID: 054771a2-0313-102a-8c78-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#00000d#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z
dn: cn=Print Operators,ou=Groups,dc=msdpl,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 550
cn: Print Operators
description: Netbios Domain Print Operators
sambaSID: S-1-5-32-550
sambaGroupType: 5
displayName: Print Operators
structuralObjectClass: posixGroup
entryUUID: 0549871c-0313-102a-8c79-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#00000e#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z
dn: cn=Backup Operators,ou=Groups,dc=msdpl,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 551
cn: Backup Operators
description: Netbios Domain Members can bypass file security to back up
files
sambaSID: S-1-5-32-551
sambaGroupType: 5
displayName: Backup Operators
structuralObjectClass: posixGroup
entryUUID: 054bf2b8-0313-102a-8c7a-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#00000f#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z
dn: cn=Replicators,ou=Groups,dc=msdpl,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 552
cn: Replicators
description: Netbios Domain Supports file replication in a sambaDomainName
sambaSID: S-1-5-32-552
sambaGroupType: 5
displayName: Replicators
structuralObjectClass: posixGroup
entryUUID: 054d366e-0313-102a-8c7b-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#000010#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z
dn: sambaDomainName=testdomain.com,dc=msdpl,dc=com
objectClass: sambaDomain
objectClass: sambaUnixIdPool
sambaDomainName: testdomain.com
sambaSID: S-1-5-21-733529158-2951540498-1078206000
gidNumber: 1000
structuralObjectClass: sambaDomain
entryUUID: 054e7f7e-0313-102a-8c7c-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
uidNumber: 1005
entryCSN: 20051217070029Z#000001#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217070029Z
dn: uid=nir,ou=People,dc=msdpl,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: nir
sn: nir
uid: nir
uidNumber: 1000
gidNumber: 513
homeDirectory: /home/nir
loginShell: /bin/bash
gecos: System User
description: System User
structuralObjectClass: inetOrgPerson
entryUUID: bff5d9d0-0313-102a-8c7d-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217064025Z
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: System User
sambaSID: S-1-5-21-733529158-2951540498-1078206000-3000
sambaPrimaryGroupSID: S-1-5-21-733529158-2951540498-1078206000-513
sambaLogonScript: scripts\logon.bat
sambaProfilePath: \\%L\profiles\nir
sambaHomePath: \\medhapdc\nir
sambaHomeDrive: X:
sambaLMPassword: D2FEEB4DBDDFD0B3AAD3B435B51404EE
sambaAcctFlags: [U]
sambaNTPassword: 8595B41B79E65B25B9A79DDFB96616F5
sambaPwdLastSet: 1134801635
sambaPwdMustChange: 1136097635
userPassword:: e01ENX10TURlbUFQUVh1QUhObUFwMHFmUFlnPT0entryCSN:
20051217064035Z#000002#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217064035Z
dn: uid=test,ou=People,dc=msdpl,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: test
sn: test
uid: test
uidNumber: 1003
gidNumber: 513
homeDirectory: /home/test
loginShell: /bin/bash
gecos: System User
description: System User
structuralObjectClass: inetOrgPerson
entryUUID: 6f6edfc2-0316-102a-8c80-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217065939Z
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
displayName: System User
sambaSID: S-1-5-21-733529158-2951540498-1078206000-3006
sambaPrimaryGroupSID: S-1-5-21-733529158-2951540498-1078206000-513
sambaLogonScript: scripts\logon.bat
sambaProfilePath: \\%L\profiles\test
sambaHomePath: \\medhapdc\test
sambaHomeDrive: X:
sambaLMPassword: 01FC5A6BE7BC6929AAD3B435B51404EE
sambaNTPassword: 0CB6948805F797BF2A82807973B89537
userPassword:: e01ENX1DWTlyelVZaDAzUEszazZESmllMDlnPT0sambaPwdCanChange:
1134802809
sambaPwdMustChange: 2147483647
sambaPasswordHistory:
00000000000000000000000000000000000000000000000000000000
00000000
sambaPwdLastSet: 1134802809
sambaAcctFlags: [U ]
entryCSN: 20051217070009Z#000001#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217070009Z
dn: uid=testing$,ou=Computers,dc=msdpl,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
cn: testing$
sn: testing$
uid: testing$
uidNumber: 1004
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
structuralObjectClass: inetOrgPerson
entryUUID: 8d5fede6-0316-102a-8c81-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217070029Z
sambaSID: S-1-5-21-733529158-2951540498-1078206000-3362
sambaPrimaryGroupSID: S-1-5-21-733529158-2951540498-1078206000-3365
sambaPwdMustChange: 2147483647
sambaAcctFlags: [W ]
sambaPwdCanChange: 1134804365
sambaNTPassword: EC1097FD6D0B4969885C587BAE1E0AA7
sambaPwdLastSet: 1134804365
entryCSN: 20051217072605Z#000001#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217072605Z
#######################################################################################
Regards
Niranjan