Dear Eduard,as far as I understang JHT in his "Samba by example" in chapter 5, computers are treated like users. So what worked with me and SuSE9.3 was:
1. in smb.conf
ldap machine suffix = ou=Users
2. in smbldap.conf
computersdn="ou=Users,${suffix}"
Best
Joachim
Eduard Witteveen wrote:
Dear list,Whe i trying to add a machine to the domain(ldap/pdc) i get the following error:Error: modifications require authentication at /usr/share/perl5/smbldap_tools.pm line 891, <DATA> line 283. [2005/08/11 16:46:54, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2324) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w "eduard-laptop$"' gave 127Since i used the user Administrator, i login from the windows-machine on the linux-computer running samba with the username Administrator (account which is stored inside ldap), i *can* run the command succesfull. (this user is actually root since i changed the gidnumber and the uidnumber both to 0)But when this machine has been added manually to the ldap-database, i still cannot join the domain and samba puts information like the following in the log:[2005/08/11 17:05:07, 0] lib/smbldap.c:smbldap_open(882) smbldap_open: cannot access LDAP when not root.. ..... [2005/08/11 17:05:22, 0] lib/smbldap.c:smbldap_search_suffix(1176) smbldap_search_suffix: Problem during the LDAP search: (Timed out)[2005/08/11 17:05:22, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2350) could not add user/computer eduard-laptop$ to passdb. Check permissions?I've attached the smb.conf for completeness. Furthermore, im running Version 3.0.14a-UbuntuPlease let me know, how i can let samba execute the "add machine script" successfull------------------------------------------------------------------------ # Global parameters [global] workgroup = hawarit netbios name = pdc enable privileges = yes # interfaces = 192.168.5.11 username map = /etc/samba/smbusers server string = Samba Server %v security = user encrypt passwords = true # min passwd length = 3 min print space = 3 obey pam restrictions = No #unix password sync = Yes #passwd program = /usr/sbin/smbldap-passwd -u %u #passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n" ldap passwd sync = Yes log level = 0 syslog = 0 log file = /var/log/samba/log.%m max log size = 100000 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 logon script = logon.bat logon drive = H: logon home = logon path = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = no passdb backend = ldapsam:ldap://127.0.0.1/ # passdb backend = ldapsam:"ldap://127.0.0.1/ ldap://slave.idealx.com"; # ldap filter = (&(objectclass=sambaSamAccount)(uid=%u)) ldap admin dn = cn=manager,dc=hawarit,dc=com ldap suffix = dc=hawarit,dc=com ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users #TODO: use tls on ldap server one day! # ldap ssl = start tls ldap ssl = no add user script = /usr/sbin/smbldap-useradd -m "%u" ldap delete dn = Yes #delete user script = /usr/sbin/smbldap-userdel "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u"add group script = /usr/sbin/smbldap-groupadd -p "%g" #delete group script = /usr/sbin/smbldap-groupdel "%g"add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" # printers configuration printer admin = @"Print Operators" load printers = Yes create mask = 0640 directory mask = 0750 nt acl support = No printing = cups printcap name = cups deadtime = 10 guest account = nobody map to guest = Bad User dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd show add printer wizard = yes ; to maintain capital letters in shortcuts in any of the profile folders: preserve case = yes short preserve case = yes case sensitive = no [homes] comment = repertoire de %U, %u read only = No create mask = 0644 directory mask = 0775 browseable = No [netlogon] path = /home/samba/netlogon/ browseable = No read only = yes [profiles] path = /home/samba/profiles read only = no create mask = 0600 directory mask = 0700 browseable = No guest ok = Yes profile acls = yes csc policy = disable# next line is a great way to secure the profiles force user = %U # next line allows administrator to access all profiles valid users = %U @"Domain Admins"[printers] comment = Network Printers printer admin = @"Print Operators"guest ok = yes printable = yespath = /home/samba/spool/ browseable = No read only = Yes printable = Yes print command = /usr/bin/lpr -P%p -r %s lpq command = /usr/bin/lpq -P%p lprm command = /usr/bin/lprm -P%p %j [print$] path = /home/samba/printers guest ok = No browseable = Yes read only = Yes valid users = @"Print Operators" write list = @"Print Operators" create mask = 0664 directory mask = 0775 [public] comment = Repertoire public path = /public browseable = Yes guest ok = Yes read only = No directory mask = 0775 create mask = 0664
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
