Kyle Schmitt
2009-Jul-20 20:43 UTC
[Samba] Only administrator works in ldapsam:editposix domain
I tried setting up a samba/ldap domain using the ldapsam:editposix feature, using the brief instructions at http://wiki.samba.org/index.php/Ldapsam_Editposix. Everything goes rather smoothly, and I can add XP machines and log into them as the Administrative user. I added a user to the server, then to samba/ldap using smbpasswd -a newuser ldapsearch -x shows the user & encrypted password, so I figure I'm good to go. When log in with my new (non admin) user, I get an error about catastrophic failure, "Unable to complete the requested operation because of either a catastrophic media failure or a data structure corruption on the disk." Hu, maybe the user isn't in the domain users group yet? net rpc group addmem "Domain Users" newuser Could not add newuser to Domain Users: NT_STATUS_NO_SUCH_MEMBER I tried a bunch of variations with the domain before one part or another, and got pretty much the same error messages over and over. What am I doing wrong?
Kyle Schmitt
2009-Jul-21 21:53 UTC
[Samba] Only administrator works in ldapsam:editposix domain
Nevermind, I found it. I needed to add the user to the group in unix (or unix/ldap) first, then to the nt group.
Norberto Bensa
2009-Jul-22 15:08 UTC
[Samba] Only administrator works in ldapsam:editposix domain
Always CC the list. On Wed, Jul 22, 2009 at 10:20 AM, Kyle Schmitt<kyleaschmitt at gmail.com> wrote:> On Tue, Jul 21, 2009 at 10:36 PM, Norberto Bensa<nbensa at gmail.com> wrote: >> If you use ldapsam:editposix, that's is automatically done for you >> with the net command. Are you sure your nsswitch.conf is configured >> correctly? > > At first I didn't have the nsswitch.conf setup, because I intended the > server to handle LDAP & samba for remote systems, but not for itself > (something I've done before quite successfully with straight LDAP > setups).It needs LDAP for itself. Samba needs unix accounts and groups. Read the docs.> The only issue now is getting the unix password/shadow information in > LDAP,/etc/nsswitch.conf /etc/ldap.conf /etc/ldap.secret /etc/ldap/ldap.conf (paths are for Debian based distros)> and somehow getting the correct homeDirectory entry by default > (right now it's defaulting to /home/<DOMAIN>/<username>).Use "template homedir" in smb.conf Regards, Norberto