Adam Tauno WIlliams skrev:
I'm trying to move my existing MS-AD over to SAMBA, the place I'm
So you have an AD domain? Samba 3.x does not provide an AD domain, it
provides an NT domains, so your requirement of "everything keeps running
in the same or almost the same way" cannot be met. Unless you want to
try Samba 4.
We are not using the AD-functionalitys so what I ment was that my
windows-clients is able to join the domain, and user-validate.
When I try to join a Windows Vista Ultimate ore Windows XP Pro to the
domain it takes 30 sec and then it says "The machine account dos not
exist" but as I understand that is what
"add machine script = /usr/sbin/smbldap-useradd -t 0 -w -i "%u"" has to
do right ?
It is supposed to, yes.
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
Get rid of all the "socket options" stuff. Are you using an old HOWTO
or some crap Wiki entry from somewhere? Setting this directive is an
OLD habit and very obsolete. Use only the Samba HOWTO and By-Example as
provided on Samba docs. Assume everything else on the Internet is
obsolete and out-of-date, because it most likely is.
It was en the example file for smbldatp-tools Domain config. I have
removed it now, but still now differance
[2009/08/14 18:22:24, 0] passdb/pdb_get_set.c:pdb_get_group_sid(210)
pdb_get_group_sid: Failed to find Unix account for DomAdmin
[2009/08/14 18:22:24, 1] auth/auth_util.c:make_server_info_sam(562)
User DomAdmin in passdb, but getpwnam() fails!
I don't know why it is looking for a "DomAdmin" account. Perhaps your
directory is not fully initialized? Loaded with the required users,
etc...
DomAdmin, is a Domain-administrator accaunt I have created instead of
"admin" ore "root"
I have ran "smbldap-populate -u 10000 -g 10000 -a admin -g guest" and it
populates LDAP with all the default users and groupes windows need to be
able to join.
-u uidNumber first uidNumber to allocate (default: 1000)
-g gidNumber first uidNumber to allocate (default: 1000)
-a user administrator login name (default: root)
-b user guest login name (default: nobody)
Error: modifications require authentication at
/usr/share/perl5/smbldap_tools.pm line 1083.
[2009/08/14 18:22:48, 0]
passdb/pdb_interface.c:pdb_default_create_user(336)
_samr_create_user: Running the command `/usr/sbin/smbldap-useradd -t 0
-w -i "hds$"' gave 127
I don't use smblap-tools but this looks like they don't have sufficient
config to authenticate to the DSA.
Don't know what the problem is with smbldap-useradd, but when I run the
command alone it creates a windows machine user:
# smbldap-useradd -w -i testcomputer
New password : 1234
Retype new password : 1234
failed to add entry: structural object class modification from 'account'
to 'inetOrgPerson' not allowed at /usr/sbin/smbldap-useradd line 311,
<STDIN> line 2.
I have the schemas that provite account and inetOrgPerson
# smbldap-useradd -?
(c) Jerome Tournier - ([email protected])- Licensed under the GPL
Usage: /usr/sbin/smbldap-useradd [-awmugdsckABCDEFGHMNPST?] username
-a is a Windows User (otherwise, Posix stuff only)
-b is a AIX User
-c gecos
-d home
-g gid
-i is a trust account (Windows Workstation)
-k skeleton dir (with -m)
-m creates home directory and copies /etc/skel
-n do not create a group
-o add the user in the organizational unit (relative to the user
suffix. Ex: 'ou=admin,ou=all')
-u uid
-s shell
-t time. Wait 'time' seconds before exiting (when adding Windows
Workstation)
-w is a Windows Workstation (otherwise, Posix stuff only)
-A can change password ? 0 if no, 1 if yes
-B must change password ? 0 if no, 1 if yes
-C sambaHomePath (SMB home share, like '\\PDC-SRV\homes')
-D sambaHomeDrive (letter associated with home share, like 'H:')
-E sambaLogonScript (DOS script to execute on login)
-F sambaProfilePath (profile directory, like '\\PDC-SRV\profiles\foo')
-G supplementary comma-separated groups
-H sambaAcctFlags (samba account control bits like '[NDHTUMWSLKI]')
-M local mailAddress (comma seperated)
-N given name
-P ends by invoking smbldap-passwd
-S surname (Family name)
-T mailToAddress (forward address) (comma seperated)
-? show this help message
Mike Eggleston skrev:
I'm not at work and am unable to compare your configuration with
my production configuration. I have a similar environment, though,
and found for windows boxes I needed to create the account in LDAP
first (I use smbldap-adduser ...), then I must also add my samba
server as a WINS server to the windows box, then I can join the
windows box to my samba pdc domain.
Mike
I have now tryed to set my server as wins-server - still samme problem
--
Med Venlig Hilsen / Best regards
Henrik Dige Semark
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
