search for: machine_account

...g/log" procedure. I put at the end of this mail ldap entries for each step made. So first, is the reference of a working machine account (achieved by joining manually the "new" domain) [1]. Here are steps I have made: 1. I'm adding machine account using: #smbldap-useradd -W machine_account$ Then I provide my machine account the same SID in ldap using: #pdbedit machine_account$ -U S-1-5-21-720590779-4203916555-4014520812-11343 The result is [2], and I can't log with it. Logs tell me something like "Workstation machine_account$ doesn't have a password"... Indeed,...

Hi, The idea is to avoid to have machines accounts in /etc/passwd and store all on the ldap. I must have a machine account in /etc/passwd ( normal way ) to create the account with pdbedit -a -m machine_account. In fact once it is created , I can delete the account in the localmachine and machine can connect without any problems. ( the account stay only in the ldap ). I 've done it. What kind of probleme can I have if I delete account machines in the /etc/passwd ? There is no attribute of posix a...

First thing - I'd like to say a big "THANK YOU" to the developers. I just upgraded to samba-3.0.23 and I've noticed an alarming issue with respect to my configuration. I've been using the built-in keytab management and it looks like the updated code no longer creates the userPrincipal in Active Directory. Whether this is an issue for others or not, it would be nice to have

...Domain Users, but for computers, it is Domain > Computers. > > If 'getent passwd PC050$' doesn't return anything, then you need to > find out why. indeed, getent passwd PC050$ does not return anything. In the ADUC attribute editor it shows sAMAccountType : 805306369 = ( MACHINE_ACCOUNT) primaryGroupID : 515 = ( GROUP_RID_COMPUTERS ) gidNumber : not set I understand from your question that computer network accounts should be visible in the list of user accounts (getent passwd) and that computer accounts must have a GID in order to 'show up'. However, I have no computers s...

...ed to supply the correct "machine trust account" password to Samba, which I was able to obtain from windows by dumping the LSA secret named "$MACHINE.ACC". The problem is, this password is in a UCS-2 (little-endian) encoding and If I just copy and paste the same into the SECRETS/MACHINE_ACCOUNT/PASSWORD key (in the secrets.tdb file), it does not work (I get some sort of kerberos authentication failed error). I even tried to convert the password to UTF8 encoding and feed the resulting byte string to samba and that ran into some problems too. So my question is, how do I make Samba interpr...

...rs, it is Domain Computers. > > > > If 'getent passwd PC050$' doesn't return anything, then you need to > > find out why. > > indeed, getent passwd PC050$ does not return anything. > In the ADUC attribute editor it shows > sAMAccountType : 805306369 = ( MACHINE_ACCOUNT) > primaryGroupID : 515 = ( GROUP_RID_COMPUTERS ) > gidNumber : not set > I understand from your question that computer network accounts should > be visible in the list of user accounts (getent passwd) and that > computer accounts must have a GID in order to 'show up'. Howev...

Hi, Thanks for the quick reply. I read the links you suggested when I setup my domain member configuration. Followed the links a s closely as I could. Just read them again. Did you mean to point me at some part I missed in order to get the machine network accounts to be able to access the shares? Which part? I removed the 'winbind' lines and 'username map' lines. They are

...f(stderr,"Cannot set operatingSystem or operatingSystemVersion\n"); + d_fprintf(stderr,"values, but you cat set it manually\n"); + } + d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->config.realm); SAFE_FREE(machine_account); --- net_ads.c ends here --- -- With Best Regards. Rashid N. Achilov (RNA1-RIPE), Web: http://www.askd.ru/~shelton OOO "ACK" telecommunications administrator, e-mail: achilov-rn [at] askd.ru PGP: 83 CD E2 A7 37 4A D5 81 D6 D6 52 BF C9 2F 85 AF 97 BE CB 0A

...tring = eis samba 1.0.5, samba %v on linux security = user os level = 255 local master = yes preferred master = yes domain logons = yes domain master = yes admin users = root eis domain admin group = root eis add user script = /var/install/bin/samba-add-workstation %u 777 machine_account /dev/null /bin/false logon script = %U.bat logon drive = x: debug level = 3 encrypt passwords = yes update encrypted = yes username level = 2 username map = /etc/user.map public = no browseable = yes interfaces = 127.0.0.1/8 192.168.0.3/255.255.255.0 bind interfaces...

...tring = eis samba 1.0.4, samba %v on linux security = user os level = 255 local master = yes preferred master = yes domain logons = yes domain master = yes admin users = root eis domain admin group = root eis add user script = /var/install/bin/samba-add-workstation %u 777 machine_account /dev/null /bin/false logon script = %U.bat logon drive = x: debug level = 0 encrypt passwords = yes update encrypted = yes username level = 2 username map = /etc/user.map public = no browseable = yes interfaces = 127.0.0.1/8 192.168.0.3/255.255.255.0 bind interface...

...e account added. (5) To add machine accounts, make sure there are corresponding FreeBSD account names appended $. This can be done by adding an account w/o $ appended. Then mis3# vipw -d /etc Then add $ by yourself. mis3# smbpasswd -m -a <machine_account> # no $ appended mis3# slapcat -l dump.ldif -f /usr/local/etc/openldap/slapd.conf -b "dc=fgs,dc=org,dc=tw" mis3# less dump.ldif Then you should see the machine added. ------------------------------- the end ---------------------...

Hello and happy new year :) I have to set up a samba server as a PDC with a openldap backend. My openldap server is fully functionnal and it is not secured yet (so no problems with tls). I must use debian etch or lenny. My server's IP is 192.168.9.10/24. I have set up a dns server (bind9) for my domain named "mik". It's a local domain for testing only. There is a piece of