I repeat that I have the same problem. I found a connex problem :
If a computer is added succesfully, the next SambaSID isn't correctly computed, because
the uidNumber is not changed.
Why, because samba has converted the posixAccount to account schema. And the account schema don't have uid attribute..
Samba 3.0.2a OpenLDAP 2.1.25 RedHat 8.0
Other information, I analysed the log file when I try to add on-fly a computer,
The script is correcly executed, but samba try to add a new entry, but he must add sambaSamAccount only.
I ask the question, why samba try to add a account (created by the smbldap-useradd) ?
I anyone have some information or help me
St�phane
Stagiair a �crit :
He Guys,
When we add a client pc (win2k) to our domain everything goes well except that the add machine script wont run.
A computer will be created within the lDAP directory but not with the add machine script.
The following is our situation.
Fedora Core1 |-samba-3.0.2-7.FC1 |-openldap-2.1.22-8
smb.conf
--------------
# Global parameters
[global]
workgroup = T3E
server string = domeinserver
bind interfaces only = Yes
passwd program = /usr/sbin/smbldap-passwd.pl %u
passwd chat = *new*password* %n *new*password* %n *successfully*
passwd chat debug = Yes
passdb backend = ldapsam:ldap://localhost
#unix password sync = Yes
log level = 2
log file = /var/log/samba/samba.log.%m
time server = Yes
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
add user script = /usr/sbin/smbldap-useradd.pl -a -m %u
add machine script = /usr/sbin/smbldap-useradd.pl -w %u
delete user script = /usr/sbin/smbldap-userdel.pl -r %u
add group script = /usr/sbin/smbldap-groupadd.pl %g
delete group script = /usr/sbin/smbldap-groupdel.pl %g
add user to group script = /usr/sbin/smbldap-usermod.pl -G %g %u
domain logons = Yes
os level = 34
preferred master = Yes
domain master = Yes
wins support = Yes
ldap suffix = o=T3E,c=nl
ldap admin dn = cn=Manager,o=T3E,c=nl
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap user suffix = ou=people
ldap ssl = no
admin users = root
hide unreadable = Yes
logon path = \\%N\%U\.winprofile
logon script = netwerk.bat
encrypt passwords = Yes
username map = /etc/samba/smbusers
--------------
As you see we use the smbldap-tools to execute when a client logins to the domain.
After login the following entry will be made in LDAP:
uid=tmc-ontwikkelpc$,ou=computers,o=T3E,c=nl -------------- dn: uid=tmc-ontwikkelpc$,ou=computers,o=T3E,c=nl uid: tmc-ontwikkelpc$ sambaSID: S-1-5-21-1973588340-308753574-2243378783-3006 sambaPrimaryGroupSID: S-1-5-21-1973588340-308753574-2243378783-3007 objectClass: sambaSamAccount objectClass: account displayName: TMC-ONTWIKKELPC$ sambaPwdCanChange: 1080312437 sambaPwdMustChange: 2147483647 sambaLMPassword: F64C97556FCFA59023753BB150C8A535 sambaNTPassword: E5C3C09DB2CAD5D92CBE5054CCBB7A27 sambaPwdLastSet: 1080312437 sambaAcctFlags: [W ] --------------
If we do a client add by hand (/usr/sbin/smbldap-useradd.pl -w %u) we get the following entry in the LDAP dir:
uid=tmc-ontwikkelpc$,ou=computers,o=T3E,c=nl -------------- dn: uid=test$,ou=computers,o=T3E,c=nl objectClass: top objectClass: inetOrgPerson objectClass: posixAccount cn: test$ sn: test$ uid: test$ uidNumber: 1000 gidNumber: 10012 homeDirectory: /dev/null loginShell: /bin/false description: Computer --------------
This is a really different schema, and this is the one that we need. Anyone sees what were doing wrong?
-- St�phane Purnelle <[EMAIL PROTECTED]> Site Web : http://www.linuxplusvalue.be
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
