Quoting Daniel Müller <[email protected]>:
" ldapsam:editposix"-Is as I can tell not a good solution whenever I tried
this it did not
Work right. And there is nowhere a good and new howto about this feature. No
description goes into the depth.
-----------------------------------------------
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: [email protected]
Internet: www.tropenklinik.de
-----------------------------------------------
-----Ursprüngliche Nachricht-----
Von: [email protected] [mailto:[email protected]] Im
Auftrag von Mike Brady
Gesendet: Mittwoch, 23. Februar 2011 09:17
An: Jon Detert
Cc: [email protected]
Betreff: Re: [Samba] problem joining WinXP machine to samba PDC+LDAP
environment
Quoting Jon Detert <[email protected]>:
On Mon, Feb 21, 2011 at 4:15 PM, Mike Brady
<[email protected]> wrote:
Quoting Jon Detert <[email protected]>:
Hello,
I can't join a winxp box to my samba domain. I just have one samba
server, meant to act as a PDC for domain='CHI'.
Any ideas how to troubleshoot and/or remedy?
Thanks,
Jon
Context:
------------
samba v3.3.8 on CentOS v5.5, using ldapsam backend. Domainname ='CHI'.
smbldap-tools v0.9.6.
I 'populated' the ldap with 'smbldap-populate'.
I try to join the winxp box, authenticating to the domain as user
'jdetert', which is a member of the 'Administrators' group:
# smbldap-groupshow Administrators
dn: cn=Administrators,ou=Groups,dc=infinityhealthcare,dc=com
objectClass: top,posixGroup,sambaGroupMapping
gidNumber: 544
cn: Administrators
description: Netbios Domain Members can fully administer the
computer/sambaDomainName
sambaSID: S-1-5-32-544
sambaGroupType: 5
displayName: Administrators
memberUid: jdetert,root
What happens:
----------------------
a failure dialog window pops up on the winxp box with this message:
'The following error occurred attempting to join the domain "CHI":
The user name could not be found.'
-- snip --
I am working through a similar setup at the moment.
Looking at the smbldap-useradd source, status 9 is "user must not exist
in
LDAP", so I assume from that that the workstation userid already exists?
Turns out you are correct. So, I deleted the 'user'="testfsclient$"
from the ou=Computers, and retried, but it failed with the same error,
and it re-created the user object.
Any ideas how/why joining the domain is not fully working?
Thanks,
Jon
Jon
A couple more things:
1) smbldap-populate initializes the sambaGroupType for all the
S-1-5-32-* SIDs to 5. This is incorrect. It should be 4, but this
probably isn't causing this issue.
2) I think that root needs to be in the Domain Admins group in order
to join a machine to the domain, not the Administrators group which is
a local group. At least that is how I am set up.
3) Depending on the details of your implementation you may not need to
use smbldap-tools at all. Have a look at the ldapsam:editposix and
ldapsam:trusted on the smb.conf man page. Note that using
ldapsam:editposix is one case where winbind is required on a Samba PDC.
Mike
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Daniel
Exactly how did ldapsam:editposix not "work right"?
I thought that the smb.conf man page described things well enough.
I have converted my test set up from using smbldap-tools to using
ldapsam:posixedit and so far it is doing everything that I was using
smbldap-tools for correctly. I am using the SerNet 3.5.6 RPMs.
Mike
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
