samba - Dec 2005 - SAMBA3 + LDAP

Hi all

I have samb3 with LDAP , My query is

1. My clients are windows 2000 professional, and the clients are not able to
join the domain
but if add the computer name in /etc/passwd
ie computername$:x:110:200::/bin/false:/dev/null
and then do smbpasswd -a -m computername , the computer is able to join the
domain
but i have mentioned the add machine script in smb.conf file

2. After Joining the domain, i am unable to login as Administrator, but able
to login as root
if i give command getent passwd | grep Administrator , there is no output

3. How do i create groups , and add users to the groups, it is not taking
system groups,
when i do smbldap-populate, it adds people,group, Domain Admins, Domain
Users, etc and root, but not system groups
so how to add system groups ,

4. in have smbldap-tool 0.9 , in that there is no mkntpasswd , is it ok, or
this should be there, when i downloaded from the IDEALX website, it was not
there int the TAR.gz file.



my smb.conf file is as follows
################################################
[global]

  workgroup = testdomain.com
  server string = Samba Server
  interfaces = eth0, lo
  bind interfaces only = yes
  passdb backend = ldapsam:ldap://testdomain.com
  min passwd length = 8
  hosts allow = 192.168.129. 192.168.130. 127.
  printcap name = /etc/printcap
  load printers = yes
  cups options = raw
  log file = /var/log/samba/%m.log
  max log size = 50
  security = user
  encrypt passwords = yes
  unix password sync = Yes
  passwd program = /usr/local/sbin/smbldap-passwd -u %u
  passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
  add user script = /usr/local/sbin/smbldap-useradd -m "%u"
  delete user script = /usr/local/sbin/smbldap-userdel "%u"
  add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
  add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
  add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u"
"%g"
  delete user from group script = /usr/local/sbin/smbldap-groupmod -x
"%u"
"%g"
  set primary group script = /usr/local/sbin/smbldap-usermod -g '%g'
'%u'
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  local master = no
  os level = 65
  domain master = yes
  preferred master = yes
  domain logons = yes
  logon script = %U.bat
  logon path = \\%L\Profiles\%U
  wins support = yes
  dns proxy = no
  ldap suffix = dc=msdpl,dc=com
  ldap machine suffix = ou=Computers
  ldap user suffix = ou=People
  ldap group suffix = ou=Groups

#============================ Share Definitions
=============================   ldap idmap suffix = ou=Idmap
   ldap admin dn = cn=manager,dc=msdpl,dc=com
   idmap backend = ldap:ldap://testdomain.com
   idmap uid = 10000-20000
   idmap gid = 10000-20000
   map acl inherit = yes
   template shell = /bin/false
   winbind use default domain = no

#============================ Share Definitions
=============================[homes]
   comment = Home Directories
   browseable = no
   writable = yes

# Un-comment the following and create the netlogon directory for Domain
Logons
 [netlogon]
   comment = Network Logon Service
   path = /home/netlogon
   guest ok = yes
   writable = no
   share modes = no


# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
[Profiles]
    path = /home/profiles
    browseable = no


# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
# Set public = yes to allow user 'guest account' to print
   guest ok = no
   writable = no
   printable = yes

# This one is useful for people to share files
;[tmp]
;   comment = Temporary file space
;   path = /tmp
;   read only = no
;   public = yes

# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
;   comment = Public Stuff
;   path = /home/samba
;   public = yes
;   read only = yes
;   write list = @staff

# Other examples.
#
# A private printer, usable only by fred. Spool data will be placed in
fred's
# home directory. Note that fred must have write access to the spool
directory,
# wherever it is.
;[fredsprn]
;   comment = Fred's Printer
;   valid users = fred
;   path = /homes/fred
;   printer = freds_printer
;   public = no
;   writable = no
;   printable = yes

# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
;   comment = Fred's Service
;   path = /usr/somewhere/private
;   valid users = fred
;   public = no
;   writable = yes
;   printable = no

# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %u option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
;  comment = PC Directories
;  path = /usr/pc/%m
;  public = no
;  writable = yes

# A publicly accessible directory, read/write to all users. Note that all
files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of
course
# be specified, in which case all files would be owned by that user instead.
;[public]
;   path = /usr/somewhere/else/public
;   public = yes
;   only guest = yes
;   writable = yes
;   printable = no

# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In
this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
;   comment = Mary's and Fred's stuff
;   path = /usr/somewhere/shared
;   valid users = mary fred
;   public = no
;   writable = yes
;   printable = no
;   create mask = 0765
##############################################################################
slapcat output of my LDAP Database
#############################################################################
dn: dc=msdpl,dc=com
objectClass: dcObject
objectClass: organization
o: msdpl
dc: msdpl
structuralObjectClass: organization
entryUUID: 05229ea4-0313-102a-8c6c-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#000001#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z

dn: ou=People,dc=msdpl,dc=com
objectClass: organizationalUnit
ou: People
structuralObjectClass: organizationalUnit
entryUUID: 05260012-0313-102a-8c6d-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#000002#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z

dn: ou=Groups,dc=msdpl,dc=com
objectClass: organizationalUnit
ou: Groups
structuralObjectClass: organizationalUnit
entryUUID: 05289b92-0313-102a-8c6e-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#000003#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z

dn: ou=Computers,dc=msdpl,dc=com
objectClass: organizationalUnit
ou: Computers
structuralObjectClass: organizationalUnit
entryUUID: 052b98e2-0313-102a-8c6f-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#000004#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z

dn: ou=Idmap,dc=msdpl,dc=com
objectClass: organizationalUnit
ou: Idmap
structuralObjectClass: organizationalUnit
entryUUID: 052cc0f0-0313-102a-8c70-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#000005#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z

dn: uid=root,ou=People,dc=msdpl,dc=com
cn: root
sn: root
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: shadowAccount
gidNumber: 0
uid: root
uidNumber: 0
homeDirectory: /home/root
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaHomePath: \\medhapdc\root
sambaHomeDrive: X:
sambaProfilePath: \\%L\profiles\root
sambaPrimaryGroupSID: S-1-5-21-733529158-2951540498-1078206000-512
sambaSID: S-1-5-21-733529158-2951540498-1078206000-500
loginShell: /bin/false
gecos: Netbios Domain Administrator
structuralObjectClass: inetOrgPerson
entryUUID: 052f6cd8-0313-102a-8c71-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
sambaLMPassword: 570CE399DA1412ABAAD3B435B51404EE
sambaNTPassword: B9D2D4955B330B503CC792EB6A55BB1F
userPassword:: e01ENX00bm1LOFNwNkQwOXd0TmFlKzhKZlRRPT0sambaPwdMustChange:
2147483647
sambaPasswordHistory:
00000000000000000000000000000000000000000000000000000000
 00000000
sambaAcctFlags: [U          ]
sambaPwdCanChange: 1134804146
sambaPwdLastSet: 1134804146
entryCSN: 20051217072226Z#000001#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217072226Z

dn: uid=nobody,ou=People,dc=msdpl,dc=com
cn: nobody
sn: nobody
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: shadowAccount
gidNumber: 514
uid: nobody
uidNumber: 999
homeDirectory: /dev/null
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaHomePath: \\medhapdc\nobody
sambaHomeDrive: X:
sambaProfilePath: \\%L\profiles\nobody
sambaPrimaryGroupSID: S-1-5-21-733529158-2951540498-1078206000-514
sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
sambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
sambaAcctFlags: [NUD        ]
sambaSID: S-1-5-21-733529158-2951540498-1078206000-2998
loginShell: /bin/false
structuralObjectClass: inetOrgPerson
entryUUID: 0536d040-0313-102a-8c72-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#000007#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z

dn: cn=Domain Admins,ou=Groups,dc=msdpl,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 512
cn: Domain Admins
memberUid: root
description: Netbios Domain Administrators
sambaSID: S-1-5-21-733529158-2951540498-1078206000-512
sambaGroupType: 2
displayName: Domain Admins
structuralObjectClass: posixGroup
entryUUID: 05396d64-0313-102a-8c73-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#000008#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z

dn: cn=Domain Users,ou=Groups,dc=msdpl,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 513
cn: Domain Users
description: Netbios Domain Users
sambaSID: S-1-5-21-733529158-2951540498-1078206000-513
sambaGroupType: 2
displayName: Domain Users
structuralObjectClass: posixGroup
entryUUID: 053c775c-0313-102a-8c74-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
memberUid: nir
memberUid: administrator
memberUid: test
entryCSN: 20051217065939Z#000003#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217065939Z

dn: cn=Domain Guests,ou=Groups,dc=msdpl,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 514
cn: Domain Guests
description: Netbios Domain Guests Users
sambaSID: S-1-5-21-733529158-2951540498-1078206000-514
sambaGroupType: 2
displayName: Domain Guests
structuralObjectClass: posixGroup
entryUUID: 053ec534-0313-102a-8c75-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#00000a#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z

dn: cn=Domain Computers,ou=Groups,dc=msdpl,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 515
cn: Domain Computers
description: Netbios Domain Computers accounts
sambaSID: S-1-5-21-733529158-2951540498-1078206000-515
sambaGroupType: 2
displayName: Domain Computers
structuralObjectClass: posixGroup
entryUUID: 05416aa0-0313-102a-8c76-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#00000b#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z

dn: cn=Administrators,ou=Groups,dc=msdpl,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 544
cn: Administrators
description: Netbios Domain Members can fully administer the
computer/sambaDom
 ainName
sambaSID: S-1-5-32-544
sambaGroupType: 5
displayName: Administrators
structuralObjectClass: posixGroup
entryUUID: 0545b024-0313-102a-8c77-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#00000c#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z

dn: cn=Account Operators,ou=Groups,dc=msdpl,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 548
cn: Account Operators
description: Netbios Domain Users to manipulate users accounts
sambaSID: S-1-5-32-548
sambaGroupType: 5
displayName: Account Operators
structuralObjectClass: posixGroup
entryUUID: 054771a2-0313-102a-8c78-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#00000d#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z

dn: cn=Print Operators,ou=Groups,dc=msdpl,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 550
cn: Print Operators
description: Netbios Domain Print Operators
sambaSID: S-1-5-32-550
sambaGroupType: 5
displayName: Print Operators
structuralObjectClass: posixGroup
entryUUID: 0549871c-0313-102a-8c79-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#00000e#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z

dn: cn=Backup Operators,ou=Groups,dc=msdpl,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 551
cn: Backup Operators
description: Netbios Domain Members can bypass file security to back up
files
sambaSID: S-1-5-32-551
sambaGroupType: 5
displayName: Backup Operators
structuralObjectClass: posixGroup
entryUUID: 054bf2b8-0313-102a-8c7a-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#00000f#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z

dn: cn=Replicators,ou=Groups,dc=msdpl,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 552
cn: Replicators
description: Netbios Domain Supports file replication in a sambaDomainName
sambaSID: S-1-5-32-552
sambaGroupType: 5
displayName: Replicators
structuralObjectClass: posixGroup
entryUUID: 054d366e-0313-102a-8c7b-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#000010#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z

dn: sambaDomainName=testdomain.com,dc=msdpl,dc=com
objectClass: sambaDomain
objectClass: sambaUnixIdPool
sambaDomainName: testdomain.com
sambaSID: S-1-5-21-733529158-2951540498-1078206000
gidNumber: 1000
structuralObjectClass: sambaDomain
entryUUID: 054e7f7e-0313-102a-8c7c-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
uidNumber: 1005
entryCSN: 20051217070029Z#000001#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217070029Z

dn: uid=nir,ou=People,dc=msdpl,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: nir
sn: nir
uid: nir
uidNumber: 1000
gidNumber: 513
homeDirectory: /home/nir
loginShell: /bin/bash
gecos: System User
description: System User
structuralObjectClass: inetOrgPerson
entryUUID: bff5d9d0-0313-102a-8c7d-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217064025Z
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: System User
sambaSID: S-1-5-21-733529158-2951540498-1078206000-3000
sambaPrimaryGroupSID: S-1-5-21-733529158-2951540498-1078206000-513
sambaLogonScript: scripts\logon.bat
sambaProfilePath: \\%L\profiles\nir
sambaHomePath: \\medhapdc\nir
sambaHomeDrive: X:
sambaLMPassword: D2FEEB4DBDDFD0B3AAD3B435B51404EE
sambaAcctFlags: [U]
sambaNTPassword: 8595B41B79E65B25B9A79DDFB96616F5
sambaPwdLastSet: 1134801635
sambaPwdMustChange: 1136097635
userPassword:: e01ENX10TURlbUFQUVh1QUhObUFwMHFmUFlnPT0entryCSN:
20051217064035Z#000002#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217064035Z

dn: uid=test,ou=People,dc=msdpl,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: test
sn: test
uid: test
uidNumber: 1003
gidNumber: 513
homeDirectory: /home/test
loginShell: /bin/bash
gecos: System User
description: System User
structuralObjectClass: inetOrgPerson
entryUUID: 6f6edfc2-0316-102a-8c80-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217065939Z
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
displayName: System User
sambaSID: S-1-5-21-733529158-2951540498-1078206000-3006
sambaPrimaryGroupSID: S-1-5-21-733529158-2951540498-1078206000-513
sambaLogonScript: scripts\logon.bat
sambaProfilePath: \\%L\profiles\test
sambaHomePath: \\medhapdc\test
sambaHomeDrive: X:
sambaLMPassword: 01FC5A6BE7BC6929AAD3B435B51404EE
sambaNTPassword: 0CB6948805F797BF2A82807973B89537
userPassword:: e01ENX1DWTlyelVZaDAzUEszazZESmllMDlnPT0sambaPwdCanChange:
1134802809
sambaPwdMustChange: 2147483647
sambaPasswordHistory:
00000000000000000000000000000000000000000000000000000000
 00000000
sambaPwdLastSet: 1134802809
sambaAcctFlags: [U          ]
entryCSN: 20051217070009Z#000001#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217070009Z

dn: uid=testing$,ou=Computers,dc=msdpl,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
cn: testing$
sn: testing$
uid: testing$
uidNumber: 1004
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
structuralObjectClass: inetOrgPerson
entryUUID: 8d5fede6-0316-102a-8c81-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217070029Z
sambaSID: S-1-5-21-733529158-2951540498-1078206000-3362
sambaPrimaryGroupSID: S-1-5-21-733529158-2951540498-1078206000-3365
sambaPwdMustChange: 2147483647
sambaAcctFlags: [W          ]
sambaPwdCanChange: 1134804365
sambaNTPassword: EC1097FD6D0B4969885C587BAE1E0AA7
sambaPwdLastSet: 1134804365
entryCSN: 20051217072605Z#000001#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217072605Z
#######################################################################################


Regards
Niranjan

mallapadi niranjan wrote:
> Hi all
> 
> I have samb3 with LDAP , My query is
> 
> 1. My clients are windows 2000 professional, and the clients are not able
to
> join the domain
> but if add the computer name in /etc/passwd
> ie computername$:x:110:200::/bin/false:/dev/null
> and then do smbpasswd -a -m computername , the computer is able to join the
> domain
> but i have mentioned the add machine script in smb.conf file
It seems you missed the nss_ldap part, what is in your /etc/ldap.conf
and /etc/nsswitch.conf?
> 
> 2. After Joining the domain, i am unable to login as Administrator, but
able
> to login as root
> if i give command getent passwd | grep Administrator , there is no output
again, nss_ldap setup broken.
> 
> 3. How do i create groups , and add users to the groups, it is not taking
> system groups,
> when i do smbldap-populate, it adds people,group, Domain Admins, Domain
> Users, etc and root, but not system groups
> so how to add system groups ,
depends, if you have the "add user to group script" and friends set up
in smb.conf you can use usermgr.exe. You can use any ldap-tool to do it
though.
> 
> 4. in have smbldap-tool 0.9 , in that there is no mkntpasswd , is it ok, or
> this should be there, when i downloaded from the IDEALX website, it was not
> there int the TAR.gz file.
I think it has been replaced with some perl module recently.

cheers
 Paul

Hi paul

i have changed the ldap.conf file to the following
################################################################
host testdomain.com
base dc=msdpl,dc=com
bindpw secret
rootbinddn cn=manager,dc=msdpl,dc=com
timelimit 15
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberUID
pam_password md5
nss_base_passwd        dc=msdpl,dc=com?sub
nss_base_shadow        dc=msdpl,dc=com?sub
nss_base_group        dc=msdpl,dc=com?sub
ssl no
##################################################################

I am able to add the computer with smbldap-useradd machine script, after
changing as you said.

now, i am unable to login as administrator, and able to login only as root.
and

The ldap log file is
###########################################################################
Dec 20 10:52:43 testsystem slapd[3549]: conn=6 op=5 SEARCH RESULT tag=101
err=0 nentries=0 textDec 20 10:52:43 testsystem slapd[3549]: conn=7 op=3 SRCH
base="dc=msdpl,dc=com" scope=2 deref=0
filter="(&(objectClass=posixAccount)(uid=nobody))"
Dec 20 10:52:43 testsystem slapd[3549]: <= bdb_equality_candidates: (uid)
index_param failed (18)
Dec 20 10:52:43 testsystem slapd[3549]: conn=7 op=3 SEARCH RESULT tag=101
err=0 nentries=1 textDec 20 10:52:43 testsystem slapd[3549]: conn=7 op=4 SRCH
base="dc=msdpl,dc=com" scope=2 deref=0
filter="(&(objectClass=posixGroup)(|(memberUid=nobody)(uniqueMember=uid=nobody,ou=people,dc=msdpl,dc=com)))"
Dec 20 10:52:43 testsystem slapd[3549]: conn=7 op=4 SRCH attr=gidNumber
Dec 20 10:52:43 testsystem slapd[3549]: <= bdb_equality_candidates:
(uniqueMember) index_param failed (18)
Dec 20 10:52:43 testsystem slapd[3549]: conn=7 op=4 SEARCH RESULT tag=101
err=0 nentries=0 textDec 20 10:52:43 testsystem slapd[3549]: conn=6 op=6 SRCH
base="dc=msdpl,dc=com" scope=2 deref=0
filter="(&(uid=administrator)(objectClass=sambaSamAccount))"
Dec 20 10:52:43 testsystem slapd[3549]: conn=6 op=6 SRCH attr=uid uidNumber
gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange
sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName
sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description
sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial
sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory
modifyTimestamp sambaLogonHours modifyTimestamp
Dec 20 10:52:43 testsystem slapd[3549]: <= bdb_equality_candidates: (uid)
index_param failed (18)
Dec 20 10:52:43 testsystem slapd[3549]: conn=6 op=6 SEARCH RESULT tag=101
err=0 nentries=0
text#############################################################################

i have created a testuser using smbldap-useradd -a -m -A 1 -P testuser, and
gave password.
i could able to login with the user in the windows client, and able to
change password.
but that password is not getting updated shadow password.

my query is the ldap password and shadow password should be same. ie if i
change a user password, will it get updated even in shadow password.
so that if i login with the "testuser" in linux, i should able to
login with
the same password.

Regards
Niranjan





On 12/20/05, Paul K?lle <pkoelle@gmail.com >
wrote:
>
> mallapadi niranjan wrote:
> > Hi all
> Hi, please keep replies on the list and cut your configs down to the
> relevant entries.
>
> > *<the ldap.log file is below>*
> > Dec 19 19:28:46 testsystem slapd[6010]: <= bdb_equality_candidates:
> > (uid) index_param failed (18)
> >
> > Dec 19 19:28:46 testsystem slapd[6010]: conn=6 op=6 SEARCH RESULT
> > tag=101 err=0 nentries=0 text> >
> > Dec 19 19:28:46 testsystem slapd[6010]: conn=6 op=7 SRCH
> > base="ou=People,dc=msdpl,dc=com" scope=1 deref=0
> > filter="(&(objectClass=posixAccount)(uid=test1$))"
> No entries found. Change in /etc/ldap.conf
>
> nss_base_passwd ou=People,dc=msdpl,dc=com?one
>
> to:
>
> nss_base_passwd dc=msdpl,dc=com?sub
>
> nss_ldap needs to find both, users and computers with the
> nss_base_passwd filter. So either you put them all in one container and
> stick with onelevel searches or change like outlined above.
>
> cheers
> Paul
>
>

mallapadi niranjan wrote:
> Dec 20 10:52:43 testsystem slapd[3549]: conn=6 op=6 SEARCH RESULT tag=101
> err=0 nentries=0 text>
#############################################################################
There is no administrator account..., you can map administrator to root
or create the administrator account in LDAP.
> 
> i have created a testuser using smbldap-useradd -a -m -A 1 -P testuser, and
> gave password.
> i could able to login with the user in the windows client, and able to
> change password.
> but that password is not getting updated shadow password.
> 
> my query is the ldap password and shadow password should be same. ie if i
> change a user password, will it get updated even in shadow password.
> so that if i login with the "testuser" in linux, i should able to
login with
> the same password.
try in smb.conf:

ldap passwd sync = yes
> 
> Regards
> Niranjan