Hi all I have samb3 with LDAP , My query is
1. My clients are windows 2000 professional, and the clients are not able to join the domain but if add the computer name in /etc/passwd ie computername$:x:110:200::/bin/false:/dev/null and then do smbpasswd -a -m computername , the computer is able to join the domain but i have mentioned the add machine script in smb.conf file 2. After Joining the domain, i am unable to login as Administrator, but able to login as root if i give command getent passwd | grep Administrator , there is no output 3. How do i create groups , and add users to the groups, it is not taking system groups, when i do smbldap-populate, it adds people,group, Domain Admins, Domain Users, etc and root, but not system groups so how to add system groups , 4. in have smbldap-tool 0.9 , in that there is no mkntpasswd , is it ok, or this should be there, when i downloaded from the IDEALX website, it was not there int the TAR.gz file. my smb.conf file is as follows ################################################ [global] workgroup = testdomain.com server string = Samba Server interfaces = eth0, lo bind interfaces only = yes passdb backend = ldapsam:ldap://testdomain.com min passwd length = 8 hosts allow = 192.168.129. 192.168.130. 127. printcap name = /etc/printcap load printers = yes cups options = raw log file = /var/log/samba/%m.log max log size = 50 security = user encrypt passwords = yes unix password sync = Yes passwd program = /usr/local/sbin/smbldap-passwd -u %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* add user script = /usr/local/sbin/smbldap-useradd -m "%u" delete user script = /usr/local/sbin/smbldap-userdel "%u" add machine script = /usr/local/sbin/smbldap-useradd -w "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u' socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no os level = 65 domain master = yes preferred master = yes domain logons = yes logon script = %U.bat logon path = \\%L\Profiles\%U wins support = yes dns proxy = no ldap suffix = dc=msdpl,dc=com ldap machine suffix = ou=Computers ldap user suffix = ou=People ldap group suffix = ou=Groups #============================ Share Definitions ============================== ldap idmap suffix = ou=Idmap ldap admin dn = cn=manager,dc=msdpl,dc=com idmap backend = ldap:ldap://testdomain.com idmap uid = 10000-20000 idmap gid = 10000-20000 map acl inherit = yes template shell = /bin/false winbind use default domain = no #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes # Un-comment the following and create the netlogon directory for Domain Logons [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = yes writable = no share modes = no # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory [Profiles] path = /home/profiles browseable = no # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer [printers] comment = All Printers path = /var/spool/samba browseable = no # Set public = yes to allow user 'guest account' to print guest ok = no writable = no printable = yes # This one is useful for people to share files ;[tmp] ; comment = Temporary file space ; path = /tmp ; read only = no ; public = yes # A publicly accessible directory, but read only, except for people in # the "staff" group ;[public] ; comment = Public Stuff ; path = /home/samba ; public = yes ; read only = yes ; write list = @staff # Other examples. # # A private printer, usable only by fred. Spool data will be placed in fred's # home directory. Note that fred must have write access to the spool directory, # wherever it is. ;[fredsprn] ; comment = Fred's Printer ; valid users = fred ; path = /homes/fred ; printer = freds_printer ; public = no ; writable = no ; printable = yes # A private directory, usable only by fred. Note that fred requires write # access to the directory. ;[fredsdir] ; comment = Fred's Service ; path = /usr/somewhere/private ; valid users = fred ; public = no ; writable = yes ; printable = no # a service which has a different directory for each machine that connects # this allows you to tailor configurations to incoming machines. You could # also use the %u option to tailor it by user name. # The %m gets replaced with the machine name that is connecting. ;[pchome] ; comment = PC Directories ; path = /usr/pc/%m ; public = no ; writable = yes # A publicly accessible directory, read/write to all users. Note that all files # created in the directory by users will be owned by the default user, so # any user with access can delete any other user's files. Obviously this # directory must be writable by the default user. Another user could of course # be specified, in which case all files would be owned by that user instead. ;[public] ; path = /usr/somewhere/else/public ; public = yes ; only guest = yes ; writable = yes ; printable = no # The following two entries demonstrate how to share a directory so that two # users can place files there that will be owned by the specific users. In this # setup, the directory should be writable by both users and should have the # sticky bit set on it to prevent abuse. Obviously this could be extended to # as many users as required. ;[myshare] ; comment = Mary's and Fred's stuff ; path = /usr/somewhere/shared ; valid users = mary fred ; public = no ; writable = yes ; printable = no ; create mask = 0765 ############################################################################## slapcat output of my LDAP Database ############################################################################# dn: dc=msdpl,dc=com objectClass: dcObject objectClass: organization o: msdpl dc: msdpl structuralObjectClass: organization entryUUID: 05229ea4-0313-102a-8c6c-af84211c8b74 creatorsName: cn=manager,dc=msdpl,dc=com createTimestamp: 20051217063512Z entryCSN: 20051217063512Z#000001#00#000000 modifiersName: cn=manager,dc=msdpl,dc=com modifyTimestamp: 20051217063512Z dn: ou=People,dc=msdpl,dc=com objectClass: organizationalUnit ou: People structuralObjectClass: organizationalUnit entryUUID: 05260012-0313-102a-8c6d-af84211c8b74 creatorsName: cn=manager,dc=msdpl,dc=com createTimestamp: 20051217063512Z entryCSN: 20051217063512Z#000002#00#000000 modifiersName: cn=manager,dc=msdpl,dc=com modifyTimestamp: 20051217063512Z dn: ou=Groups,dc=msdpl,dc=com objectClass: organizationalUnit ou: Groups structuralObjectClass: organizationalUnit entryUUID: 05289b92-0313-102a-8c6e-af84211c8b74 creatorsName: cn=manager,dc=msdpl,dc=com createTimestamp: 20051217063512Z entryCSN: 20051217063512Z#000003#00#000000 modifiersName: cn=manager,dc=msdpl,dc=com modifyTimestamp: 20051217063512Z dn: ou=Computers,dc=msdpl,dc=com objectClass: organizationalUnit ou: Computers structuralObjectClass: organizationalUnit entryUUID: 052b98e2-0313-102a-8c6f-af84211c8b74 creatorsName: cn=manager,dc=msdpl,dc=com createTimestamp: 20051217063512Z entryCSN: 20051217063512Z#000004#00#000000 modifiersName: cn=manager,dc=msdpl,dc=com modifyTimestamp: 20051217063512Z dn: ou=Idmap,dc=msdpl,dc=com objectClass: organizationalUnit ou: Idmap structuralObjectClass: organizationalUnit entryUUID: 052cc0f0-0313-102a-8c70-af84211c8b74 creatorsName: cn=manager,dc=msdpl,dc=com createTimestamp: 20051217063512Z entryCSN: 20051217063512Z#000005#00#000000 modifiersName: cn=manager,dc=msdpl,dc=com modifyTimestamp: 20051217063512Z dn: uid=root,ou=People,dc=msdpl,dc=com cn: root sn: root objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: posixAccount objectClass: shadowAccount gidNumber: 0 uid: root uidNumber: 0 homeDirectory: /home/root sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaHomePath: \\medhapdc\root sambaHomeDrive: X: sambaProfilePath: \\%L\profiles\root sambaPrimaryGroupSID: S-1-5-21-733529158-2951540498-1078206000-512 sambaSID: S-1-5-21-733529158-2951540498-1078206000-500 loginShell: /bin/false gecos: Netbios Domain Administrator structuralObjectClass: inetOrgPerson entryUUID: 052f6cd8-0313-102a-8c71-af84211c8b74 creatorsName: cn=manager,dc=msdpl,dc=com createTimestamp: 20051217063512Z sambaLMPassword: 570CE399DA1412ABAAD3B435B51404EE sambaNTPassword: B9D2D4955B330B503CC792EB6A55BB1F userPassword:: e01ENX00bm1LOFNwNkQwOXd0TmFlKzhKZlRRPT0= sambaPwdMustChange: 2147483647 sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaAcctFlags: [U ] sambaPwdCanChange: 1134804146 sambaPwdLastSet: 1134804146 entryCSN: 20051217072226Z#000001#00#000000 modifiersName: cn=manager,dc=msdpl,dc=com modifyTimestamp: 20051217072226Z dn: uid=nobody,ou=People,dc=msdpl,dc=com cn: nobody sn: nobody objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: posixAccount objectClass: shadowAccount gidNumber: 514 uid: nobody uidNumber: 999 homeDirectory: /dev/null sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaHomePath: \\medhapdc\nobody sambaHomeDrive: X: sambaProfilePath: \\%L\profiles\nobody sambaPrimaryGroupSID: S-1-5-21-733529158-2951540498-1078206000-514 sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX sambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX sambaAcctFlags: [NUD ] sambaSID: S-1-5-21-733529158-2951540498-1078206000-2998 loginShell: /bin/false structuralObjectClass: inetOrgPerson entryUUID: 0536d040-0313-102a-8c72-af84211c8b74 creatorsName: cn=manager,dc=msdpl,dc=com createTimestamp: 20051217063512Z entryCSN: 20051217063512Z#000007#00#000000 modifiersName: cn=manager,dc=msdpl,dc=com modifyTimestamp: 20051217063512Z dn: cn=Domain Admins,ou=Groups,dc=msdpl,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 512 cn: Domain Admins memberUid: root description: Netbios Domain Administrators sambaSID: S-1-5-21-733529158-2951540498-1078206000-512 sambaGroupType: 2 displayName: Domain Admins structuralObjectClass: posixGroup entryUUID: 05396d64-0313-102a-8c73-af84211c8b74 creatorsName: cn=manager,dc=msdpl,dc=com createTimestamp: 20051217063512Z entryCSN: 20051217063512Z#000008#00#000000 modifiersName: cn=manager,dc=msdpl,dc=com modifyTimestamp: 20051217063512Z dn: cn=Domain Users,ou=Groups,dc=msdpl,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 513 cn: Domain Users description: Netbios Domain Users sambaSID: S-1-5-21-733529158-2951540498-1078206000-513 sambaGroupType: 2 displayName: Domain Users structuralObjectClass: posixGroup entryUUID: 053c775c-0313-102a-8c74-af84211c8b74 creatorsName: cn=manager,dc=msdpl,dc=com createTimestamp: 20051217063512Z memberUid: nir memberUid: administrator memberUid: test entryCSN: 20051217065939Z#000003#00#000000 modifiersName: cn=manager,dc=msdpl,dc=com modifyTimestamp: 20051217065939Z dn: cn=Domain Guests,ou=Groups,dc=msdpl,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 514 cn: Domain Guests description: Netbios Domain Guests Users sambaSID: S-1-5-21-733529158-2951540498-1078206000-514 sambaGroupType: 2 displayName: Domain Guests structuralObjectClass: posixGroup entryUUID: 053ec534-0313-102a-8c75-af84211c8b74 creatorsName: cn=manager,dc=msdpl,dc=com createTimestamp: 20051217063512Z entryCSN: 20051217063512Z#00000a#00#000000 modifiersName: cn=manager,dc=msdpl,dc=com modifyTimestamp: 20051217063512Z dn: cn=Domain Computers,ou=Groups,dc=msdpl,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 515 cn: Domain Computers description: Netbios Domain Computers accounts sambaSID: S-1-5-21-733529158-2951540498-1078206000-515 sambaGroupType: 2 displayName: Domain Computers structuralObjectClass: posixGroup entryUUID: 05416aa0-0313-102a-8c76-af84211c8b74 creatorsName: cn=manager,dc=msdpl,dc=com createTimestamp: 20051217063512Z entryCSN: 20051217063512Z#00000b#00#000000 modifiersName: cn=manager,dc=msdpl,dc=com modifyTimestamp: 20051217063512Z dn: cn=Administrators,ou=Groups,dc=msdpl,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 544 cn: Administrators description: Netbios Domain Members can fully administer the computer/sambaDom ainName sambaSID: S-1-5-32-544 sambaGroupType: 5 displayName: Administrators structuralObjectClass: posixGroup entryUUID: 0545b024-0313-102a-8c77-af84211c8b74 creatorsName: cn=manager,dc=msdpl,dc=com createTimestamp: 20051217063512Z entryCSN: 20051217063512Z#00000c#00#000000 modifiersName: cn=manager,dc=msdpl,dc=com modifyTimestamp: 20051217063512Z dn: cn=Account Operators,ou=Groups,dc=msdpl,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 548 cn: Account Operators description: Netbios Domain Users to manipulate users accounts sambaSID: S-1-5-32-548 sambaGroupType: 5 displayName: Account Operators structuralObjectClass: posixGroup entryUUID: 054771a2-0313-102a-8c78-af84211c8b74 creatorsName: cn=manager,dc=msdpl,dc=com createTimestamp: 20051217063512Z entryCSN: 20051217063512Z#00000d#00#000000 modifiersName: cn=manager,dc=msdpl,dc=com modifyTimestamp: 20051217063512Z dn: cn=Print Operators,ou=Groups,dc=msdpl,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 550 cn: Print Operators description: Netbios Domain Print Operators sambaSID: S-1-5-32-550 sambaGroupType: 5 displayName: Print Operators structuralObjectClass: posixGroup entryUUID: 0549871c-0313-102a-8c79-af84211c8b74 creatorsName: cn=manager,dc=msdpl,dc=com createTimestamp: 20051217063512Z entryCSN: 20051217063512Z#00000e#00#000000 modifiersName: cn=manager,dc=msdpl,dc=com modifyTimestamp: 20051217063512Z dn: cn=Backup Operators,ou=Groups,dc=msdpl,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 551 cn: Backup Operators description: Netbios Domain Members can bypass file security to back up files sambaSID: S-1-5-32-551 sambaGroupType: 5 displayName: Backup Operators structuralObjectClass: posixGroup entryUUID: 054bf2b8-0313-102a-8c7a-af84211c8b74 creatorsName: cn=manager,dc=msdpl,dc=com createTimestamp: 20051217063512Z entryCSN: 20051217063512Z#00000f#00#000000 modifiersName: cn=manager,dc=msdpl,dc=com modifyTimestamp: 20051217063512Z dn: cn=Replicators,ou=Groups,dc=msdpl,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 552 cn: Replicators description: Netbios Domain Supports file replication in a sambaDomainName sambaSID: S-1-5-32-552 sambaGroupType: 5 displayName: Replicators structuralObjectClass: posixGroup entryUUID: 054d366e-0313-102a-8c7b-af84211c8b74 creatorsName: cn=manager,dc=msdpl,dc=com createTimestamp: 20051217063512Z entryCSN: 20051217063512Z#000010#00#000000 modifiersName: cn=manager,dc=msdpl,dc=com modifyTimestamp: 20051217063512Z dn: sambaDomainName=testdomain.com,dc=msdpl,dc=com objectClass: sambaDomain objectClass: sambaUnixIdPool sambaDomainName: testdomain.com sambaSID: S-1-5-21-733529158-2951540498-1078206000 gidNumber: 1000 structuralObjectClass: sambaDomain entryUUID: 054e7f7e-0313-102a-8c7c-af84211c8b74 creatorsName: cn=manager,dc=msdpl,dc=com createTimestamp: 20051217063512Z uidNumber: 1005 entryCSN: 20051217070029Z#000001#00#000000 modifiersName: cn=manager,dc=msdpl,dc=com modifyTimestamp: 20051217070029Z dn: uid=nir,ou=People,dc=msdpl,dc=com objectClass: top objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount cn: nir sn: nir uid: nir uidNumber: 1000 gidNumber: 513 homeDirectory: /home/nir loginShell: /bin/bash gecos: System User description: System User structuralObjectClass: inetOrgPerson entryUUID: bff5d9d0-0313-102a-8c7d-af84211c8b74 creatorsName: cn=manager,dc=msdpl,dc=com createTimestamp: 20051217064025Z sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 displayName: System User sambaSID: S-1-5-21-733529158-2951540498-1078206000-3000 sambaPrimaryGroupSID: S-1-5-21-733529158-2951540498-1078206000-513 sambaLogonScript: scripts\logon.bat sambaProfilePath: \\%L\profiles\nir sambaHomePath: \\medhapdc\nir sambaHomeDrive: X: sambaLMPassword: D2FEEB4DBDDFD0B3AAD3B435B51404EE sambaAcctFlags: [U] sambaNTPassword: 8595B41B79E65B25B9A79DDFB96616F5 sambaPwdLastSet: 1134801635 sambaPwdMustChange: 1136097635 userPassword:: e01ENX10TURlbUFQUVh1QUhObUFwMHFmUFlnPT0= entryCSN: 20051217064035Z#000002#00#000000 modifiersName: cn=manager,dc=msdpl,dc=com modifyTimestamp: 20051217064035Z dn: uid=test,ou=People,dc=msdpl,dc=com objectClass: top objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount cn: test sn: test uid: test uidNumber: 1003 gidNumber: 513 homeDirectory: /home/test loginShell: /bin/bash gecos: System User description: System User structuralObjectClass: inetOrgPerson entryUUID: 6f6edfc2-0316-102a-8c80-af84211c8b74 creatorsName: cn=manager,dc=msdpl,dc=com createTimestamp: 20051217065939Z sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 displayName: System User sambaSID: S-1-5-21-733529158-2951540498-1078206000-3006 sambaPrimaryGroupSID: S-1-5-21-733529158-2951540498-1078206000-513 sambaLogonScript: scripts\logon.bat sambaProfilePath: \\%L\profiles\test sambaHomePath: \\medhapdc\test sambaHomeDrive: X: sambaLMPassword: 01FC5A6BE7BC6929AAD3B435B51404EE sambaNTPassword: 0CB6948805F797BF2A82807973B89537 userPassword:: e01ENX1DWTlyelVZaDAzUEszazZESmllMDlnPT0= sambaPwdCanChange: 1134802809 sambaPwdMustChange: 2147483647 sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaPwdLastSet: 1134802809 sambaAcctFlags: [U ] entryCSN: 20051217070009Z#000001#00#000000 modifiersName: cn=manager,dc=msdpl,dc=com modifyTimestamp: 20051217070009Z dn: uid=testing$,ou=Computers,dc=msdpl,dc=com objectClass: top objectClass: inetOrgPerson objectClass: posixAccount objectClass: sambaSamAccount cn: testing$ sn: testing$ uid: testing$ uidNumber: 1004 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer structuralObjectClass: inetOrgPerson entryUUID: 8d5fede6-0316-102a-8c81-af84211c8b74 creatorsName: cn=manager,dc=msdpl,dc=com createTimestamp: 20051217070029Z sambaSID: S-1-5-21-733529158-2951540498-1078206000-3362 sambaPrimaryGroupSID: S-1-5-21-733529158-2951540498-1078206000-3365 sambaPwdMustChange: 2147483647 sambaAcctFlags: [W ] sambaPwdCanChange: 1134804365 sambaNTPassword: EC1097FD6D0B4969885C587BAE1E0AA7 sambaPwdLastSet: 1134804365 entryCSN: 20051217072605Z#000001#00#000000 modifiersName: cn=manager,dc=msdpl,dc=com modifyTimestamp: 20051217072605Z ####################################################################################### Regards Niranjan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
