samba - May 2012 - : Server's root name change when log-in

Hi,

I'm currently working on a server whitch use samba and openldap,
The OS used is Debian squeeze 6.0.1 64 on the server, the previous was 
fedora 5

My Samba is the domain Master of the network, the users of the ldap are 
link with the samba, and i try to join computer XP to this domain, so 
the user present in the ldap could  (with login and password) log on in 
the domain, access shares etc ...

ldap schema :  ou=people
                ou=group
                ou=temppeople
                ou=tempgroups
                ou=systeme

Samba is well configured with libpam-ldap, libnss-ldap, smb-ldaptools
and the file /etc/nsswitch.conf with
passwd files ldap
group    files ldap
shadow files ldap

When using getent passwd, the server get all the users of the ldap.

But, ( and their is the problem ) : when trying to join the machine to 
the domain, how do i say to samba that only my users in
ou = systeme ; are the only one able to join this one ? Beacause 
currently, anyone can join the domain and i don't want it.

Other Strange things, when i try to join the domain with for exemple 
admin99 ( whitch is present in the ou=systeme) , when i'm on the server 
and open a Terminal, when i log in root ( su - root ) with the right 
password of root, i obtain :
admin99 at server , not root at server , and with a ls -lh on folder, files 
are on admin99:root

If i stop ldap 2 minutes after, and re-open a terminal and log as root, 
everything come back to normal.

If you need some infomations, I can give it in the next mail.

Regards.


-- 
Thibaut JACOB
SCIRC Orl?ans (Bourgogne) IUFM

--

When you join the machine to the domain you should be prompted for
credentials of someone who has permissions to join the computer to the
domain -    this is normally the domain administrator or someone in the
domain administrators group.     Users who are not domain administrators
should not be able to join machines to the domain.

You may also want to change your LDAP structure to get a little more
control , e.g "ou=systeme" and "ou=temppeople" should be a
children of
"ou=people."     You can configure your ldap configuration to look for
users in "ou=people" and its children.    "getent passwd"
should still
list all the user  accounts.  






On 05/09/12 08:28, Thibaut Jacob wrote:
> Hi,
>
> I'm currently working on a server whitch use samba and openldap,
> The OS used is Debian squeeze 6.0.1 64 on the server, the previous was
> fedora 5
>
> My Samba is the domain Master of the network, the users of the ldap
> are link with the samba, and i try to join computer XP to this domain,
> so the user present in the ldap could  (with login and password) log
> on in the domain, access shares etc ...
>
> ldap schema :  ou=people
>                ou=group
>                ou=temppeople
>                ou=tempgroups
>                ou=systeme
>
> Samba is well configured with libpam-ldap, libnss-ldap, smb-ldaptools
> and the file /etc/nsswitch.conf with
> passwd files ldap
> group    files ldap
> shadow files ldap
>
> When using getent passwd, the server get all the users of the ldap.
>
> But, ( and their is the problem ) : when trying to join the machine to
> the domain, how do i say to samba that only my users in
> ou = systeme ; are the only one able to join this one ? Beacause
> currently, anyone can join the domain and i don't want it.
>
> Other Strange things, when i try to join the domain with for exemple
> admin99 ( whitch is present in the ou=systeme) , when i'm on the
> server and open a Terminal, when i log in root ( su - root ) with the
> right password of root, i obtain :
> admin99 at server , not root at server , and with a ls -lh on folder, files
> are on admin99:root
>
> If i stop ldap 2 minutes after, and re-open a terminal and log as
> root, everything come back to normal.
>
> If you need some infomations, I can give it in the next mail.
>
> Regards.
>
>