Re: [expert] Samba LDAP PDC an answer, not a question

[Jim C]

Sorry guys, I was dead wrong about this.  Well, I was right about the 
port but it was only one problem in a laundry list.  Some of them had to 
do with me second guessing ACLs that were not required and I think I may 
have gotten some Windows formatting in my /etc/pam.d/passwd and 
/etc/pam.d/system-auth files.  I have it working now.  You might want to 
check on the server box for the /etc/ldap.conf file for which one minor 
change is required.

nss_base_passwd         dc=mylan,dc=net?sub
nss_base_shadow         ou=People,dc=mylan,dc=net?one
nss_base_group          ou=Group,dc=mylan,dc=net?one
nss_base_hosts          ou=Hosts,dc=mylan,dc=com?one
nss_base_passwd above has to be set to "dc=mylan,dc=net?sub" otherwise 
the system cannot find the computer accounts with Samba 2.2.7a.
Also you need to make sure you've got your /etc/samba/smbldap_conf.pm 
settings correct.  I can also say that adding users with those scripts 
in /usr/share/samba/scripts takes some getting used to.  Here is what 
was required to add my administrators account:

smbldap-useradd.pl -m -g adm -a Administrator -P -E '' -F '' Administrator

and this for a regular user that uses the default group:

smbldap-useradd.pl -m -P -a -A 1 -E '' -F '' jcolling

For help use:
smbldap-useradd.pl -?
Dave Seff wrote:
I have been trying to do the same thing. Could you send me the LDAP
section from your smb.conf offline? Just X out your specific info. 

Thanks. 

-Dave

On Wed, 2003-02-26 at 14:12, Jim C wrote:

So I've been racking my brains over why my Samba-LDAP PDC wont add a 
machine account automatically like it is supposed to. If I add the 
machine by hand there is no problem with joining the domain.  So what's 
up?  I try to log on and I don't get any error codes that pertain to 
adding a user showing up in the logs.  In addition Samba does not want 
to execute the 'add user script' at all even if I use a custom script.
Until today I had thought the problem might have to do with my Perl 
libraries.  BUZZZZ! Wrong answer!

Turns out that if you have the ldap port set incorrectly in 
/etc/smb.conf you can only join the domain if the user has already been 
added.  Reason being that Samba refuses to execute the 'add user 
script'.  I found this very weird as I would have expected that no 
joining the domain at all would have been possible under these conditions.



Jim C.



______________________________________________________________________

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

------------------------------------------------------------------------

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com





Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com