Geoff Scott: [...]
>>> tell us what happens. >> >> What happens is, that RHAS3 gets all mixed upo (Openldap 2.2.20) as to >> what's root and what's administrator. >> >> This is a *LOUSY* solution and worthy by all men of utter condemnation. [...] > hmmm. I was just quoting from JHT's book samba by example: Making Users > Happy > step 11# > > In the above listing, you can see that the user Administrator has been > given UID=998. This means that operations conducted from a Windows client > using tools such as the Domain User Manager fails under UNIX because the > management of user and group accounts requires that the UID=0. You decide > to rectify this immediately as demonstrated here: > > root# cd /var/lib/samba/sbin root# ./smbldap-usermod.pl -u 0 > Administrator > > > OK. I see the criticism, but where's your solution? You know, on the > postfix user lists those guys will tell you you're a dweeb and then tell > you where to RTFM, but at least they tell you where in the README's to > find the info. > > I've posted here a number of times and never gotten a response. I don't > think that my questions were that silly. But rather than let someone else > sit around wondering how to fix a problem, I am trying to help. What > have you done to help this fellow lister? > > Look, I don't want to flame.... But do something constructive. I can't > help this guy anymore. His problem is beyond me. It looks like you can > tho.... So please do. No flame taken. So I'm a Postfix person; I don't usually "dweeb" (as you put it) people, I mostly RTFM and make people like VD and MB sick by telling them them i know better than they do, which is rubbish, since they're my superior any day. However, RTFM is the secret: Postfix docs and Samba docs are utterly supreme: there is *nothing* to my mind, that isn't in the docs or in Google somewhere. Anyway, here RH Samba 3.0.9 and (self-compiled) Openldap 2.2.20, on RHAS3, with Red Hat's nss_ldap. I'm as green as heck on Samba; only chose to do it at all because "the boss" told me I had to help to replace the MS shit at present accounting for great user missatisfaction at the high school where i do LDAP and mail administration. Windows clients (those making the users unhappy) are XP and 2000. I now have a Samba PDC and people can access what they want from any Windows workstation, using the Samba PDC. All I did, was read docs and experiment for a fortnight: Relevant docs: 1: the Samba html HOWTOs in /usr/share/doc/samba*/docs/htmldocs; 2: don't know where from but Samba (v.3) PDC LDAP HOWTO by Ignacio Coupeau, CTI, University of Navarra. Maybe from the same distro. The latter is worth gold to LDAP people, but contains many mix ups between Samba 2 and samba 3, though Openldap people should be able to sort things out for themselves using the innate mindset that got them over to Unix from Windows (whatever) in the first place. Bottom line: Ignacio Coupeau tells you (blam) right out that your LDAP admin user has to have a uidnumber and gidnumber attribute both of 0 and you'd better believe him, since otherwise nothing works from XP/2000's side. However, if you try to make new users/groups with these values, *HORRIBLE* things happen to your RHAS3 mappings. Applications that expect uids to be "root" get confronted with "Administrator" or gids root get confronted with "DomainAdmins" or whatever. And the apps croak. So. I end up with an LDAP "root" with uidnumber 0, gidnumber 0, who may well have another password than the /etc/passwd root, but who gets the job done (i.e. enabling XP/200 Windows domain logons). I find this abhorrent, but "the boss" pays me, and my job is to provide the solutions for which he pays my beer. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
