Daniel Northam
2006-Feb-10 19:51 UTC
[Samba] Upgraded from 3.0.9 -> 3.0.21b - Now adding machines aproblem
Yes, I had a similar problem when I upgraded from 3.0.9 -> 3.0.21b. After upgrading I could not add machines. It would find the PDC and then prompt me for a user/password, I would enter it and I got user not found error message. If I typed the password incorrect then I would get Username/Password incorrect error message. My logs showed that I was authenticating OK. So only thing I could think of is that the samba ID's are getting mangled or something along those lines. I did not have much time to play around with it so I downgraded back to 3.0.9 and what would you know, it started working again. Anybody have a fix for this? Is this a bug? Or a depreciated argument in the conf files that have been overlooked? -----SNIP SMB.CONF--------- [global] interfaces = 192.168.4.14/32 workgroup = FFPW netbios name = PDC-SRV server string = SAMBA-LDAP PDC SERVER encrypt passwords = true passdb backend = ldapsam:ldap://host.domain.tld.net/ passwd program = /usr/usr/sbin/smbldap-passwd -o %u passwd chat = *new*password %n\n *new*password* %n\n *successfully* unix password sync = No ldap suffix = dc=ffplus,dc=net ldap machine suffix = ou=Computers,ou=Users,ou=f800 ldap user suffix = ou=Staff,ou=Users,ou=f800 ldap group suffix = ou=Groups,ou=f800 ldap admin dn = "cn=directory manager" ldap ssl = No ldap user suffix = ou=Staff,ou=Users,ou=f800,dc=ffplus,dc=net log file = /var/log/samba/%m.log log level = 2 domain logons = Yes os level = 255 preferred master = Yes domain master = True wins support = Yes nt acl support = no logon drive = U: logon script = %U.bat load printers = Yes printing = cups printcap name = /etc/samba/printers.list use client driver = no admin users = @"Domain Admins" add user script = /usr/sbin/smbldap-useradd -a -m %u delete user script = /usr/sbin/smbldap-userdel -r %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u [netlogon] path = /netlogon public = no writeable = no browsable = no guest ok = yes [homes] comment = Home Directories valid users = %S writeable = Yes read only = No create mask = 755 directory mask = 0775 browseable = No [profiles] path = \\%L\%U\profile read only = No writeable = Yes browseable = no profile acls = Yes guest ok = yes [tmp] comment = Temporary file space path = /tmp readonly = no guest ok = yes [filestor] comment = Misc User Files/Application Data path = /net/file_stor/ valid users = @"Domain Admins", @"Domain Users" public = no writeable = yes printable = no create mask = 0700 [backups] comment = server backup files path = /net/backups/ valid users = @"Domain Admins" public = no writeable = yes printable = no create mask = 0765 [applications] comment = Storage for software applications path = /applications/ valid users = @"XP_Power_Users", @"Domain Admins" public = no guest ok = no writeable = yes printable = no create mask = 755 [ProfileDir] comment = Root of all Homes for admin tasks path = /net/users valid users = @"Domain Admins" public = no writeable = yes printable = no create mask = 0666 [printers] comment = All Printers path = /var/spool/samba browseable = no public = yes guest ok = yes writeable = no printable = yes printer admin = @"Domain Admins", @"XP_Power_Users" [print$] comment = Printer Drivers path = /etc/samba/drivers browsable = yes guest ok = no read only = yes write list = @"Domain Admins", @"XP_Power_Users" ----END SMB.CONF---- -----Original Message----- From: samba-bounces+dnortham=ffpglobal.com@lists.samba.org [mailto:samba-bounces+dnortham=ffpglobal.com@lists.samba.org] On Behalf Of Dan Sent: Friday, February 10, 2006 11:20 AM To: samba@lists.samba.org Subject: [Samba] Upgraded from 3.0.9 -> 3.0.21b - Now adding machines aproblem I recently upgraded my samba pdc from version 3.0.9 to version 3.0.21b to try and fix a browse issue with Windows 2003 Server and linux samba servers. The browse issue was fixed, but now I am having problems adding machines to the network. I run slackware 10.0 linux with an openldap backend which has worked fine until now. I also upgraded the samba tools from idealx.org to the latest version. First when I went to add a machine it would bomb out and when I would check the ldap directory I noticed it had the posix machine info but not the samba machine info. To add the machine I am using the command add machine script = /usr/local/sbin/smbldap-useradd -t 0 -w '%u' in my smb.conf as specified in the example. I then looked at the smbldap-useradd script and realized that the add_samba_machine call from the tools.pm file was never getting called anywhere in the scripts so maybe this is incorrect but I added the following to the smbldap-useradd script: if (defined($Options{'w'})) { if (!add_samba_machine($userName,$userUidNumber,$Options{'t'})) { die "$0: error while adding samba account\n"; } } right under the following: # MACHINE ACCOUNT if (defined($Options{'w'}) or defined($Options{'i'})) { #print "About to create machine $userName:\n"; if (!add_posix_machine ($userName,$userUidNumber,$userGidNumber,$Options{'t'})) { die "$0: error while adding posix account\n"; } so that the rest of the ldap info was getting filled in. It still would bomb out on me with the error "The user name could not be found" but it did make a difference. Leaving the new ldap entry alone I would then try and add the machine again and it would work so I am not sure what is wrong. I checked the machine entry in ldap before and after and nothing much seems to have changed. I checked the samba logs and the user adding to the domain comes back as authenticated so I am at a loss as to why it would fail the first time and not the second. Now most likely I am doing something else wrong as I can't imagine I should have to change the scripts but I haven't come across what it is. Has anyone seen this behavior before? Any help is greatly appreciated thanks. Dan, Below is the global section of my smb.conf: [global] workgroup=MYDOMAIN netbios name=MYDOMAIN_PDC admin users = administrator server string = MY PDC security = user load printers = yes ; printcap name = /etc/printcap ; print command = lpr -r -P%p %s ; printing = lprng ; printcap name = cups ; printing = cups ; show add printer wizard = yes log file = /var/log/samba/log.%m max log size = 10000 ldap ssl = on passdb backend = ldapsam:ldaps://ldap.home.mydomain.org:636 ldap admin dn = uid=root,ou=users,dc=home,dc=mydomain,dc=org ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=users ldap suffix = dc=home,dc=mydomain,dc=org ldap delete dn = no add user script = /usr/local/sbin/smbldap-useradd -m '%u' delete user script = /usr/local/sbin/smbldap-userdel %u add group script = /usr/local/sbin/smbldap-groupadd -p '%g' delete group script = /usr/local/sbin/smbldap-groupdel '%g' add user to group script = /usr/local/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/local/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/local/sbin/smbldap-usermod -g '%u' '%g' add machine script = /usr/local/sbin/smbldap-useradd -t 0 -w '%u' ldap passwd sync = Yes idmap uid = 15000-20000 idmap gid = 15000-20000 idmap backend = ldap:ldaps://ldap.mydomain.org:636 username map = /etc/samba/smbusers socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 128 domain master = yes domain logons = yes local master = yes preferred master = yes logon script = logon.bat encrypt passwords = yes unix password sync = no passwd program = /usr/local/sbin/smbldap-passwd -o %u logon path = c:\Documents and Settings\%U remote announce = 10.1.0.255 remote browse sync = 10.1.0.255 wins support = yes map to guest = Never nt acl support = true -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba