Hi,
With samba-3.0, smbldap-tools msu add only PosixAccount, it's samba
which add samba attribute to LDAP.
NOTE : what is the ldap filter parameter in smb.conf
In samba.idealx.org, you must use the howto available here :
http://samba.idealx.org/smbldap-howto.fr.html
Andres Toomsalu a �crit :
Hi,
I've reported this before but I guess I'll have to do it again, since
it's not fixed yet or I'm understanding something wrong here.
The problem is that smbldap-useradd -w 'machinename' will add only
posixAccount entrys into ldap but it should add both posixAccount and
sambaSAMAccount entrys.
So if one doesn't add correct machine account entrys manually to ldap
the windows workstation domain joining is impossible.
The Samba Openldap howto clearly documents that smbldap-useradd -w
'worsktation' should produce following entrys in ldap:
dn: uid=testhost3$,ou=Computers,dc=IDEALX,dc=ORG
objectClass: top
objectClass: posixAccount
objectClass: sambaSAMAccount
cn: testhost3$
gidNumber: 553
homeDirectory: /dev/null
loginShell: /bin/false
uid: testhost3$
uidNumber: 1005
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
description: Computer Account
rid: 0
primaryGroupID: 0
lmPassword: 7582BF7F733351347D485E46C8E6306E
ntPassword: 7582BF7F733351347D485E46C8E6306E
acctFlags: [W ]
Looking at smbldap-useradd script code I can see that sambaSAMAccount
entrys are only added when -i switch is used (trusted workstation
account).
----------- CODE SNIP --------------------
# MACHINE ACCOUNT
if (defined($Options{'w'}) or defined($Options{'i'})) {
#print "About to create machine $userName:\n";
if (!add_posix_machine
($userName,$userUidNumber,$userGidNumber,$Options{'t'})) {
die "$0: error while adding posix account\n";
}
if (defined($Options{'i'})) {
# For machine trust account
# Objectclass sambaSAMAccount must be added now !
my $pass;
my $pass2;
system "stty -echo";
print "New password : ";
chomp($pass=<STDIN>);
print "\n";
system "stty echo";
system "stty -echo";
print "Retype new password : ";
chomp($pass2=<STDIN>);
print "\n";
system "stty echo";
if ($pass ne $pass2) {
print "New passwords don't match!\n";
exit (10);
}
my ($lmpassword,$ntpassword) = ntlmgen $pass;
my $date=time;
my $modify = $ldap_master->modify (
"uid=$userName,$config{computersdn}",
changes => [
replace => [objectClass =>
['inetOrgPerson', 'posixAccount', 'sambaSAMAccount']],
add => [sambaLogonTime => '0'],
add => [sambaLogoffTime => '2147483647'],
add => [sambaKickoffTime => '2147483647'],
add => [sambaPwdCanChange => '0'],
add => [sambaPwdMustChange => '2147483647'],
add => [sambaPwdLastSet => "$date"],
add => [sambaAcctFlags => '[I ]'],
add => [sambaLMPassword => "$lmpassword"],
add => [sambaNTPassword => "$ntpassword"],
add => [sambaSID => "$user_sid"],
add => [sambaPrimaryGroupSID =>
"$config{SID}-515"]
]
);
$modify->code && die "failed to add entry: ", $modify->error ;
}
$ldap_master->unbind;
exit 0;
}
----------- CODE SNIP END ------------------
So whats the deal - misleading howto document or bug in
smbldap-useradd script or I'm getting something wrong here?
Cheers,
--
St�phane Purnelle <[EMAIL PROTECTED]>
Site Web : http://www.linuxplusvalue.be
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
