Ben Tisdall
2007-Apr-13 22:09 UTC
[Samba] smbldap-useradd not creating machine accounts in correct fashion
Hi, I have OpenLDAP working here generally without problems for a variety of applications including the management of Samba. Functioning user accounts can be created via 'smbldap-useradd' with the proper samba attributes being added in LDAP, however... Something odd is happening when I (or samba) tries to create a machine account with 'smbldap-useradd -w test1$' - an entry is created that looks like this: dn: uid=test1$,ou=computers,dc=redcircle objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount cn: test1$ sn: test1$ uid: test1$ uidNumber: 1041 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer Needless to the computer is not able to join the domain... Whereas a working entry migrated from tdbsam looks like this: dn: uid=sonny$,ou=computers,dc=redcircle uid: sonny$ sambaSID: S-1-5-21-1595696850-3378076689-3030227139-3008 sambaPrimaryGroupSID: S-1-5-21-1595696850-3378076689-3030227139-1201 objectClass: sambaSamAccount objectClass: account displayName: SONNY$ sambaPwdMustChange: 2147483647 sambaAcctFlags: [W ] sambaPwdCanChange: 1175234556 sambaPwdLastSet: 1175234556 Feel as what's happening is so wrong that it must be some silliness on my part but for the life of me can't figure out what & any help would be much appreciated. BTW this is occurring with version 0.9.2a of the tools downloaded from SF & also the .deb for my Ubuntu server.
Edmundo Valle Neto
2007-Apr-13 22:49 UTC
[Samba] smbldap-useradd not creating machine accounts in correct fashion
Ben Tisdall escreveu:> Hi, > > I have OpenLDAP working here generally without problems for a variety of > applications including the management of Samba. Functioning user > accounts can be created via 'smbldap-useradd' with the proper samba > attributes being added in LDAP, however... > > Something odd is happening when I (or samba) tries to create a machine > account with 'smbldap-useradd -w test1$' - an entry is created that > looks like this: > > > dn: uid=test1$,ou=computers,dc=redcircle > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: inetOrgPerson > objectClass: posixAccount > cn: test1$ > sn: test1$ > uid: test1$ > uidNumber: 1041 > gidNumber: 515 > homeDirectory: /dev/null > loginShell: /bin/false > description: Computer > gecos: Computer > > Needless to the computer is not able to join the domain... > > Whereas a working entry migrated from tdbsam looks like this: > > dn: uid=sonny$,ou=computers,dc=redcircle > uid: sonny$ > sambaSID: S-1-5-21-1595696850-3378076689-3030227139-3008 > sambaPrimaryGroupSID: S-1-5-21-1595696850-3378076689-3030227139-1201 > objectClass: sambaSamAccount > objectClass: account > displayName: SONNY$ > sambaPwdMustChange: 2147483647 > sambaAcctFlags: [W ] > sambaPwdCanChange: 1175234556 > sambaPwdLastSet: 1175234556 > > Feel as what's happening is so wrong that it must be some silliness on > my part but for the life of me can't figure out what & any help would be > much appreciated. BTW this is occurring with version 0.9.2a of the tools > downloaded from SF & also the .deb for my Ubuntu server.Your script appears to be working right, "smbldap-useradd -w machinename$" should only create an account with posix attributes, the sambaSAMAccount class and attributes will be added by samba when the client is joined into the domain. You can see that in the IDEALX smbldap-tools user manual. Regards. Edmundo Valle Neto
Ben Tisdall
2007-Apr-14 22:51 UTC
[Samba] smbldap-useradd not creating machine accounts in correct fashion
Hi, I have OpenLDAP working here generally without problems for a variety of applications including the management of Samba. Functioning user accounts can be created via 'smbldap-useradd' with the proper samba attributes being added in LDAP, however... Something odd is happening when I (or samba) tries to create a machine account with 'smbldap-useradd -w test1$' - an entry is created that looks like this: dn: uid=test1$,ou=computers,dc=redcircle objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount cn: test1$ sn: test1$ uid: test1$ uidNumber: 1041 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer Needless to the computer is not able to join the domain... Whereas a working entry migrated from tdbsam looks like this: dn: uid=sonny$,ou=computers,dc=redcircle uid: sonny$ sambaSID: S-1-5-21-1595696850-3378076689-3030227139-3008 sambaPrimaryGroupSID: S-1-5-21-1595696850-3378076689-3030227139-1201 objectClass: sambaSamAccount objectClass: account displayName: SONNY$ sambaPwdMustChange: 2147483647 sambaAcctFlags: [W ] sambaPwdCanChange: 1175234556 sambaPwdLastSet: 1175234556 Feel as what's happening is so wrong that it must be some silliness on my part but for the life of me can't figure out what & any help would be much appreciated. BTW this is occurring with version 0.9.2a of the tools downloaded from SF & also the .deb for my Ubuntu server -- Ben Tisdall
Ben Tisdall
2007-Apr-16 12:32 UTC
[Samba] smbldap-useradd not creating machine accounts in correct fashion
On Fri, April 13, 2007 23:48, Edmundo Valle Neto wrote:> > Your script appears to be working right, "smbldap-useradd -w > machinename$" should only create an account with posix attributes, thesambaSAMAccount class and attributes will be added by samba when the client is joined into the domain.> > You can see that in the IDEALX smbldap-tools user manual.Thanks Edmundo and apologies for not having consulted the fine manual more closely - I should know better. In the end testing revealed that the tools were putting the machine accounts under 'ou=computers,${suffix}' (as I wanted) but samba seemed to be looking for them under 'ou=users,${suffix}', because if I reconfigured the tools to put the accounts there then everything worked as expected. This is odd as I have 'machine suffix = ou=computers' in smb.conf & now, having now put things back as they were, everything's working! Therefore I can only conclude that the issue was due to some typo that I've now unwittingly corrected - odd, as I was logging samba at up to 4 & saw nothing suggestive. Best, -- Ben Tisdall
Ben Tisdall
2007-May-03 23:38 UTC
[Samba] smbldap-useradd not creating machine accounts in correct fashion
On Fri, April 13, 2007 23:48, Edmundo Valle Neto wrote:> > Your script appears to be working right, "smbldap-useradd -w > machinename$" should only create an account with posix attributes, thesambaSAMAccount class and attributes will be added by samba when the client is joined into the domain.> > You can see that in the IDEALX smbldap-tools user manual.Thanks Edmundo and apologies for not having consulted the fine manual more closely - I should know better. In the end testing revealed that the tools were putting the machine accounts under 'ou=computers,${suffix}' (as I wanted) but samba seemed to be looking for them under 'ou=users,${suffix}', because if I reconfigured the tools to put the accounts there then everything worked as expected. This is odd as I have 'machine suffix = ou=computers' in smb.conf & now, having now put things back as they were, everything's working! Therefore I can only conclude that the issue was due to some typo that I've now unwittingly corrected - odd, as I was logging samba at up to 4 & saw nothing suggestive. Best, -- Ben Tisdall
Maybe Matching Threads
- removing last piece of grid graphical output with grid.remove
- Samba 3.0.25b: smbd 99% CPU utilisation with opened MS Word doc
- Asterisk 13.1.0/PJSIP outbound calling using SIP trunk: Unable to create request with auth.No auth credentials for any realms in challenge.
- Asterisk 13.1.0/PJSIP outbound calling using SIP trunk: Unable to create request with auth.No auth credentials for any realms in challenge.
- Asterisk 13.1.0/PJSIP outbound calling using SIP trunk: Unable to create request with auth.No auth credentials for any realms in challenge.