Re: Samba machine object in LDAP (smbldap-tools vs. ldapsam:editposix)
Hi Alejandro, On So 28 Aug 2011 01:54:18 CEST Alejandro wrote: Well we have: top -- account top -- person -- organizationalPerson -- inetOrgPerson The two are STRUCTURAL and not compatible in a object. Sure, Samba ldapsam:editposix uses top -- account as structural objectClass, GOsa expects top -- person -- organizationalPerson -- inetOrgPerson (it seems). From where is coming the object account, I can't find in in my samba Workstations. When using ldapsam:editposix, GOsa adds objectclasses like this: objectClass: account (structural) objectClass: posixAccount objectClass: sambaSamAcount including the corresponding attributes... When using smbldap-tools, also the objectClasses used are: objectClass: account (structural) objectClass: posixAccount objectClass: sambaSamAcount Whichever way I use, it ends up with the earlier reported error when editing the account in GOsa (e.g. for adding MAC address or IP address). Thus, I have forked smbldap-useradd for debian-edu-config: http://anonscm.debian.org/viewvc/debian-edu/trunk/src/debian-edu-config/etc/samba/smbldap-machineadd-gosa?view=log The forked script smbldap-machineadd-gosa uses these objectClasses: objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: sambaSamAccount If these objectClasses are used, then everything works well with the GOsa version (2.6) in Debian squeeze. Thanks+Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 GnuPG Key ID 0xB588399B mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgpKWWVTDDEaw.pgp Description: Digitale PGP-Unterschrift
Re: Samba machine object in LDAP (smbldap-tools vs. ldapsam:editposix)
Hi Alejandro, On So 28 Aug 2011 02:20:30 CEST Alejandro wrote: How I do to add the samba machines to GOsa2: I use a modified version of smb-tools, this version only add a gosaAccount and gotoWorkstation object classes when add a machine to the domain. So my approach in debian-edu-config is actually very similar to yours (refer to my former posting that explains the way...). Thanks, Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 GnuPG Key ID 0xB588399B mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgph5Rx2sDdte.pgp Description: Digitale PGP-Unterschrift
Re: Samba machine object in LDAP (smbldap-tools vs. ldapsam:editposix)
Well we have: top -- account top -- person -- organizationalPerson -- inetOrgPerson The two are STRUCTURAL and not compatible in a object. From where is coming the object account, I can't find in in my samba Workstations. Greets. 2011/8/25 Mike Gabriel mike.gabr...@das-netzwerkteam.de: Hi again, I forgot to send the error messages, that appears in GOsa when editing the faulty samba machine entries... On Do 25 Aug 2011 22:41:07 CEST Mike Gabriel wrote: I currently have ldapsam:trusted/ldapsam:editposix working, but GOsa complains about the objects being created when editing the objects (it moans when clicking on the [ Save ] button after editing): HERE IS THE ERROR... quote LDAP operation failed! Object: uid=TEST-VM-WINXP$,ou=winstations,ou=systems,ou=Computers,dc=skole,dc=skolelinux,dc=no Error: Object class violation (invalid structural object class chain (account/person), while operating on 'uid=TEST-VM-WINXP$,ou=winstations,ou=systems,ou=Computers,dc=skole,dc=skolelinux,dc=no' using LDAP server 'ldap://ldap.intern') /quote Below again the LDAP object that causes this error... # TEST-VM-WINXP$, winstations, systems, Computers, skole.skolelinux.no dn: uid=TEST-VM-WINXP$,ou=winstations,ou=systems,ou=Computers,dc=skole,dc=skol elinux,dc=no uid: TEST-VM-WINXP$ sambaSID: S-1-5-21-4199393816-265220-888217501-1016 sambaAcctFlags: [W ] cn: TEST-VM-WINXP$ uidNumber: 20019 gidNumber: 513 homeDirectory: /home/SCHULE/SMB_workstations_home loginShell: /bin/false sambaPwdLastSet: 1314220476 ipHostNumber: 10.0.2.86 macAddress: 52:54:00:3c:d8:bd objectClass: account objectClass: gotoWorkstation objectClass: ieee802Device objectClass: ipHost objectClass: posixAccount objectClass: sambaSamAccount Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 GnuPG Key ID 0xB588399B mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb -- Alejandro Escanero Blanco Administrador de Sistemas GNU/Linux Desarrollador de FusionDirectory (http://www.fusiondirectory.org) Blog: http://www.mylifebetweencomputers.com Jabber: blain...@jabberes.com -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAKGP=dUyuxsAmiQBKFP=PJ4tkygWHeaa2B=xngy-2lv46vd...@mail.gmail.com
Samba machine object in LDAP (smbldap-tools vs. ldapsam:editposix)
Hi Alejandro, I have looked at automagic Samba machine creation in Debian Edu squeeze more closely and I have compared two different methods: using smbldap-tools or using Samba itself with samba options ldapsam:trusted = yes and ldapsam:editposix=yes (in combination with windbind for id allocation). I currently have ldapsam:trusted/ldapsam:editposix working, but GOsa complains about the objects being created when editing the objects (it moans when clicking on the [ Save ] button after editing): # TEST-VM-WINXP$, winstations, systems, Computers, skole.skolelinux.no dn: uid=TEST-VM-WINXP$,ou=winstations,ou=systems,ou=Computers,dc=skole,dc=skol elinux,dc=no uid: TEST-VM-WINXP$ sambaSID: S-1-5-21-4199393816-265220-888217501-1016 sambaAcctFlags: [W ] cn: TEST-VM-WINXP$ uidNumber: 20019 gidNumber: 513 homeDirectory: /home/SCHULE/SMB_workstations_home loginShell: /bin/false sambaPwdLastSet: 1314220476 ipHostNumber: 10.0.2.86 macAddress: 52:54:00:3c:d8:bd objectClass: account objectClass: gotoWorkstation objectClass: ieee802Device objectClass: ipHost objectClass: posixAccount objectClass: sambaSamAccount I have other machine account objects that I migrated from an old ARKTUR server, these look like this: # CR1-01$, winstations, systems, CR01, Computers, skole.skolelinux.no dn: uid=CR1-01$,ou=winstations,ou=systems,ou=CR01,ou=Computers,dc=skole,dc=sko lelinux,dc=no macAddress: aa:bb:cc:dd:ee:ff ipHostNumber: 10.0.2.65 uidNumber: 11016 gidNumber: 10006 homeDirectory: /dev/null gecos: Windows-Maschinen-Account sn: Windows-Maschine loginShell: /bin/false sambaSID: S-1-5-21-4199393816-265220-888217501-23032 sambaPrimaryGroupSID: S-1-5-21-4199393816-265220-888217501-10006 displayName: Windows-Maschinenaccount cr1-01 sambaPwdMustChange: 2147483647 sambaAcctFlags: [W ] sambaPwdCanChange: 1112274625 sambaPwdLastSet: 1112274625 description: (ungenutzt) objectClass: top objectClass: inetOrgPerson objectClass: ieee802Device objectClass: ipHost objectClass: posixAccount objectClass: sambaSamAccount objectClass: gotoWorkstation objectClass: person objectClass: organizationalPerson objectClass: gosaAccount objectClass: shadowAccount uid: CR1-01$ cn: CR1-01$ These object work fine, but it is not an option to post-edit all machine accounts with ldapvi after they have been added by Samba. Question (a): Is any of the LDAP objects above correct? Or do they miss anythin??? Question (b): Could you send an optimal Samba machine account object? Question (c): Do you have any idea for a generic way of adapting GOsa and/or Samba (ldapsam:editposix) in a way that both like each other??? THANKS!!! Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 GnuPG Key ID 0xB588399B mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgphi6MGYtXfP.pgp Description: Digitale PGP-Unterschrift
Re: Samba machine object in LDAP (smbldap-tools vs. ldapsam:editposix)
Hi again, I forgot to send the error messages, that appears in GOsa when editing the faulty samba machine entries... On Do 25 Aug 2011 22:41:07 CEST Mike Gabriel wrote: I currently have ldapsam:trusted/ldapsam:editposix working, but GOsa complains about the objects being created when editing the objects (it moans when clicking on the [ Save ] button after editing): HERE IS THE ERROR... quote LDAP operation failed! Object: uid=TEST-VM-WINXP$,ou=winstations,ou=systems,ou=Computers,dc=skole,dc=skolelinux,dc=no Error: Object class violation (invalid structural object class chain (account/person), while operating on 'uid=TEST-VM-WINXP$,ou=winstations,ou=systems,ou=Computers,dc=skole,dc=skolelinux,dc=no' using LDAP server 'ldap://ldap.intern') /quote Below again the LDAP object that causes this error... # TEST-VM-WINXP$, winstations, systems, Computers, skole.skolelinux.no dn: uid=TEST-VM-WINXP$,ou=winstations,ou=systems,ou=Computers,dc=skole,dc=skol elinux,dc=no uid: TEST-VM-WINXP$ sambaSID: S-1-5-21-4199393816-265220-888217501-1016 sambaAcctFlags: [W ] cn: TEST-VM-WINXP$ uidNumber: 20019 gidNumber: 513 homeDirectory: /home/SCHULE/SMB_workstations_home loginShell: /bin/false sambaPwdLastSet: 1314220476 ipHostNumber: 10.0.2.86 macAddress: 52:54:00:3c:d8:bd objectClass: account objectClass: gotoWorkstation objectClass: ieee802Device objectClass: ipHost objectClass: posixAccount objectClass: sambaSamAccount Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 GnuPG Key ID 0xB588399B mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgpJD54BBJBTQ.pgp Description: Digitale PGP-Unterschrift