Henrik Dige Semark
2009-Aug-16 16:44 UTC
[Samba] [Fwd: Re: Samba PDC + OpenLDAP (Debian Lenny)]
Sorry to Adam Tauno WIlliams for sending direct. -- Med Venlig Hilsen / Best regards Henrik Dige Semark
Henrik Dige Semark
2009-Aug-16 16:46 UTC
[Samba] [Fwd: Re: Samba PDC + OpenLDAP (Debian Lenny)]
Adam Tauno WIlliams skrev:>> I'm trying to move my existing MS-AD over to SAMBA, the place I'm >> > > So you have an AD domain? Samba 3.x does not provide an AD domain, it > provides an NT domains, so your requirement of "everything keeps running > in the same or almost the same way" cannot be met. Unless you want to > try Samba 4. >We are not using the AD-functionalitys so what I ment was that my windows-clients is able to join the domain, and user-validate.> >> When I try to join a Windows Vista Ultimate ore Windows XP Pro to the >> domain it takes 30 sec and then it says "The machine account dos not >> exist" but as I understand that is what >> "add machine script = /usr/sbin/smbldap-useradd -t 0 -w -i "%u"" has to >> do right ? >> > > It is supposed to, yes. > > >> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 >> > > Get rid of all the "socket options" stuff. Are you using an old HOWTO > or some crap Wiki entry from somewhere? Setting this directive is an > OLD habit and very obsolete. Use only the Samba HOWTO and By-Example as > provided on Samba docs. Assume everything else on the Internet is > obsolete and out-of-date, because it most likely is. >It was en the example file for smbldatp-tools Domain config. I have removed it now, but still now differance> >> [2009/08/14 18:22:24, 0] passdb/pdb_get_set.c:pdb_get_group_sid(210) >> pdb_get_group_sid: Failed to find Unix account for DomAdmin >> [2009/08/14 18:22:24, 1] auth/auth_util.c:make_server_info_sam(562) >> User DomAdmin in passdb, but getpwnam() fails! >> > > I don't know why it is looking for a "DomAdmin" account. Perhaps your > directory is not fully initialized? Loaded with the required users, > etc... >DomAdmin, is a Domain-administrator accaunt I have created instead of "admin" ore "root" I have ran "smbldap-populate -u 10000 -g 10000 -a admin -g guest" and it populates LDAP with all the default users and groupes windows need to be able to join. -u uidNumber first uidNumber to allocate (default: 1000) -g gidNumber first uidNumber to allocate (default: 1000) -a user administrator login name (default: root) -b user guest login name (default: nobody)> >> Error: modifications require authentication at >> /usr/share/perl5/smbldap_tools.pm line 1083. >> [2009/08/14 18:22:48, 0] >> passdb/pdb_interface.c:pdb_default_create_user(336) >> _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -t 0 >> -w -i "hds$"' gave 127 >> > > I don't use smblap-tools but this looks like they don't have sufficient > config to authenticate to the DSA. >Don't know what the problem is with smbldap-useradd, but when I run the command alone it creates a windows machine user: # smbldap-useradd -w -i testcomputer New password : 1234 Retype new password : 1234 failed to add entry: structural object class modification from 'account' to 'inetOrgPerson' not allowed at /usr/sbin/smbldap-useradd line 311, <STDIN> line 2. I have the schemas that provite account and inetOrgPerson # smbldap-useradd -? (c) Jerome Tournier - (jtournier at gmail.com)- Licensed under the GPL Usage: /usr/sbin/smbldap-useradd [-awmugdsckABCDEFGHMNPST?] username -a is a Windows User (otherwise, Posix stuff only) -b is a AIX User -c gecos -d home -g gid -i is a trust account (Windows Workstation) -k skeleton dir (with -m) -m creates home directory and copies /etc/skel -n do not create a group -o add the user in the organizational unit (relative to the user suffix. Ex: 'ou=admin,ou=all') -u uid -s shell -t time. Wait 'time' seconds before exiting (when adding Windows Workstation) -w is a Windows Workstation (otherwise, Posix stuff only) -A can change password ? 0 if no, 1 if yes -B must change password ? 0 if no, 1 if yes -C sambaHomePath (SMB home share, like '\\PDC-SRV\homes') -D sambaHomeDrive (letter associated with home share, like 'H:') -E sambaLogonScript (DOS script to execute on login) -F sambaProfilePath (profile directory, like '\\PDC-SRV\profiles\foo') -G supplementary comma-separated groups -H sambaAcctFlags (samba account control bits like '[NDHTUMWSLKI]') -M local mailAddress (comma seperated) -N given name -P ends by invoking smbldap-passwd -S surname (Family name) -T mailToAddress (forward address) (comma seperated) -? show this help message Mike Eggleston skrev: I'm not at work and am unable to compare your configuration with my production configuration. I have a similar environment, though, and found for windows boxes I needed to create the account in LDAP first (I use smbldap-adduser ...), then I must also add my samba server as a WINS server to the windows box, then I can join the windows box to my samba pdc domain. Mike I have now tryed to set my server as wins-server - still samme problem -- Med Venlig Hilsen / Best regards Henrik Dige Semark