Re: [Samba] Re: smbldap-tools don't create machine account properlly
Hi Igor,
my slapd.conf
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/samba.schema
include /usr/local/etc/openldap/schema/qmail.schema
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
database bdb
suffix dc=unimix,dc=com,dc=br
rootdn cn=suporte,dc=unimix,dc=com,dc=br
rootpw {SSHA}pass
directory /usr/local/var/openldap-data
password-hash {CRYPT}
password-crypt-salt-format $1$.8s
index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName eq
index
memberUid,mail,mailAlternateAddress,givenname,accountStatus,mailHost,deliveryMode eq
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
index default sub
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by anonymous auth
by * read
access to *
by * read
My ldap.conf
base dc=unimix,dc=com,dc=br
host ldap.unimix.com.br
rootbinddn cn=suporte,dc=unimix,dc=com,dc=br
nss_base_passwd ou=Usuarios,dc=unimix,dc=com,dc=br?one
nss_base_shadow ou=Usuarios,dc=unimix,dc=com,dc=br?one
nss_base_group ou=Grupos,dc=unimix,dc=com,dc=br?one
My smb.conf
[global]
workgroup = UNIMIX
netbios name = PDC
server string = PDC
security = user
encrypt passwords = yes
load printers = yes
log file = /var/log/samba/%m.log
max log size = 50
log level = 2
os level = 255
local master = yes
domain master = yes
preferred master = yes
domain logons = yes
admin users = Administrador, Administrator, fernando.ribeiro
logon script = %U.bat
logon path = \\%L\profiles\%U
ldap passwd sync = yes
ldap delete dn = Yes
passdb backend = ldapsam:ldap://ldap.unimix.com.br/
ldap admin dn = cn=suporte,dc=unimix,dc=com,dc=br
ldap suffix = dc=unimix,dc=com,dc=br
ldap group suffix = ou=Grupos
ldap user suffix = ou=Usuarios
ldap machine suffix = ou=Computadores
idmap uid = 1-15000
idmap gid = 1-15000
nt acl support = yes
create mask = 600
directory mask = 0700
force directory mode = 0700
passwd chat = *New*password* %n\n *Retype*new*password*
%n\n*passwd:*all*authentication*tokens*updated*successfully*
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add user script = /usr/local/sbin/smbldap-useradd -m %u
add machine script = /usr/local/sbin/smbldap-useradd -w %u
add group script = /usr/local/sbin/smbldap-groupadd -p %g
add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g
delete user script = /usr/local/sbin/smbldap-userdel %u
delete group script = /usr/local/sbin/smbldap-groupdel %g
delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g
set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u
dos charset = UTF-8
unix charset = UTF-8
cups server = 10.0.0.11
[homes]
comment = Diretorio Home
browseable = no
writable = yes
force user = %U
[profiles]
path = /home/profiles
read only = No
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = Yes
csc policy = disable
force user = %U
valid users = %U @Domain Admins
[netlogon]
path = /home/netlogon
browseable = No
read only = yes
[printers]
comment = Impressoras
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
My samba return this errors:
[2004/10/22 10:48:34, 5] lib/smbldap.c:smbldap_search(963)
smbldap_search: base = [dc=unimix,dc=com,dc=br], filter =
[((uid=suporte$)(objectclass=sambaSamAccount))], scope = [2]
[2004/10/22 10:48:34, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1266)
ldapsam_getsampwnam: Unable to locate user [suporte$] count=0
[2004/10/22 10:48:34, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 1000) - sec_ctx_stack_ndx = 0
[2004/10/22 10:48:34, 5] lib/username.c:Get_Pwnam(293)
Finding user suporte$
[2004/10/22 10:48:34, 5] lib/username.c:Get_Pwnam_internals(223)
Trying _Get_Pwnam(), username as lowercase is suporte$
[2004/10/22 10:48:34, 5] lib/username.c:Get_Pwnam_internals(239)
Trying _Get_Pwnam(), username as uppercase is SUPORTE$
[2004/10/22 10:48:34, 5] lib/username.c:Get_Pwnam_internals(247)
Checking combinations of 0 uppercase letters in suporte$
[2004/10/22 10:48:34, 5] lib/username.c:Get_Pwnam_internals(251)
Get_Pwnam_internals didn't find user [suporte$]!
[2004/10/22 10:48:35, 3] rpc_server/srv_samr_nt.c:_samr_create_user(2245)
_samr_create_user:
Re: [Samba] Re: smbldap-tools don't create machine account properlly
Your ldap.conf
nss_base_passwd ou=Usuarios,dc=unimix,dc=com,dc=br?one
Your smb.conf
ldap machine suffix = ou=Computadores
Your search on ldap base by nsswitch is restrict at ou=Usuarios,
dc=unimix,dc=com,dc=br ...
You need change your machine suffix to the same suffix used by
nss_base_passwd or leave nsswitch search in machine suffix base
---
Emerson Henrique Kfuri Pereira
Divisão de Atendimento e Consultoria
CECOM - Reitoria - UFMG
Telefone: 34994009
---
Fernando Ribeiro [EMAIL PROTECTED]
Enviado Por: [EMAIL PROTECTED]
22/10/2004 11:52
Para
[EMAIL PROTECTED]
cc
Assunto
Re: [Samba] Re: smbldap-tools don't create machine account properlly
Hi Igor,
my slapd.conf
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/samba.schema
include /usr/local/etc/openldap/schema/qmail.schema
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
database bdb
suffix dc=unimix,dc=com,dc=br
rootdn cn=suporte,dc=unimix,dc=com,dc=br
rootpw {SSHA}pass
directory /usr/local/var/openldap-data
password-hash {CRYPT}
password-crypt-salt-format $1$.8s
index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName eq
index memberUid,mail,mailAlternateAddress,givenname,
accountStatus,mailHost,deliveryMode eq
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
index default sub
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by anonymous auth
by * read
access to *
by * read
My ldap.conf
base dc=unimix,dc=com,dc=br
host ldap.unimix.com.br
rootbinddn cn=suporte,dc=unimix,dc=com,dc=br
nss_base_passwd ou=Usuarios,dc=unimix,dc=com,dc=br?one
nss_base_shadow ou=Usuarios,dc=unimix,dc=com,dc=br?one
nss_base_group ou=Grupos,dc=unimix,dc=com,dc=br?one
My smb.conf
[global]
workgroup = UNIMIX
netbios name = PDC
server string = PDC
security = user
encrypt passwords = yes
load printers = yes
log file = /var/log/samba/%m.log
max log size = 50
log level = 2
os level = 255
local master = yes
domain master = yes
preferred master = yes
domain logons = yes
admin users = Administrador, Administrator, fernando.ribeiro
logon script = %U.bat
logon path = \\%L\profiles\%U
ldap passwd sync = yes
ldap delete dn = Yes
passdb backend = ldapsam:ldap://ldap.unimix.com.br/
ldap admin dn = cn=suporte,dc=unimix,dc=com,dc=br
ldap suffix = dc=unimix,dc=com,dc=br
ldap group suffix = ou=Grupos
ldap user suffix = ou=Usuarios
ldap machine suffix = ou=Computadores
idmap uid = 1-15000
idmap gid = 1-15000
nt acl support = yes
create mask = 600
directory mask = 0700
force directory mode = 0700
passwd chat = *New*password* %n\n *Retype*new*password* %
n\n*passwd:*all*authentication*tokens*updated*successfully*
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192
SO_SNDBUF=8192
add user script = /usr/local/sbin/smbldap-useradd -m %u
add machine script = /usr/local/sbin/smbldap-useradd -w %u
add group script = /usr/local/sbin/smbldap-groupadd -p %g
add user to group script = /usr/local/sbin/smbldap-groupmod -m %u
%g
delete user script = /usr/local/sbin/smbldap-userdel %u
delete group script = /usr/local/sbin/smbldap-groupdel %g
delete user from group script = /usr/local/sbin/smbldap-groupmod
-x %u %g
set primary group script = /usr/local/sbin/smbldap-usermod -g %g
%u
dos charset = UTF-8
unix charset = UTF-8
cups server = 10.0.0.11
[homes]
comment = Diretorio Home
browseable = no
writable = yes
force user = %U
[profiles]
path = /home/profiles
read only = No
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = Yes
csc policy = disable
force user = %U
valid users = %U @Domain Admins
[netlogon]
path = /home/netlogon
browseable = No
read only = yes
[printers]
comment = Impressoras
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
My samba return this errors:
[2004/10/22 10:48:34, 5] lib/smbldap.c:smbldap_search(963)
smbldap_search: base = [dc=unimix,dc=com,dc=br], filter =
[((uid=suporte$)(objectclass=sambaSamAccount))], scope = [2]
[2004/10/22 10:48:34, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1266)
ldapsam_getsampwnam: Unable to locate user [suporte$] count=0
[2004/10/22 10:48:34, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 1000) - sec_ctx_stack_ndx = 0
[2004/10/22 10:48:34
Re: [Samba] Re: smbldap-tools don't create machine account properlly
My ldap.conf restrict search to ou=Usuarios
only comment nss_base options and it work fine
Thanks all
Palavras de [EMAIL PROTECTED] [Fri, Oct 22, 2004 at 11:22:12AM -0300]:
Your ldap.conf
nss_base_passwd ou=Usuarios,dc=unimix,dc=com,dc=br?one
Your smb.conf
ldap machine suffix = ou=Computadores
Your search on ldap base by nsswitch is restrict at ou=Usuarios,
dc=unimix,dc=com,dc=br ...
You need change your machine suffix to the same suffix used by
nss_base_passwd or leave nsswitch search in machine suffix base
---
Emerson Henrique Kfuri Pereira
Divisão de Atendimento e Consultoria
CECOM - Reitoria - UFMG
Telefone: 34994009
---
Fernando Ribeiro [EMAIL PROTECTED]
Enviado Por: [EMAIL PROTECTED]
22/10/2004 11:52
Para
[EMAIL PROTECTED]
cc
Assunto
Re: [Samba] Re: smbldap-tools don't create machine account properlly
Hi Igor,
my slapd.conf
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/samba.schema
include /usr/local/etc/openldap/schema/qmail.schema
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
database bdb
suffix dc=unimix,dc=com,dc=br
rootdn cn=suporte,dc=unimix,dc=com,dc=br
rootpw {SSHA}pass
directory /usr/local/var/openldap-data
password-hash {CRYPT}
password-crypt-salt-format $1$.8s
index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName eq
index memberUid,mail,mailAlternateAddress,givenname,
accountStatus,mailHost,deliveryMode eq
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
index default sub
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by anonymous auth
by * read
access to *
by * read
My ldap.conf
base dc=unimix,dc=com,dc=br
host ldap.unimix.com.br
rootbinddn cn=suporte,dc=unimix,dc=com,dc=br
nss_base_passwd ou=Usuarios,dc=unimix,dc=com,dc=br?one
nss_base_shadow ou=Usuarios,dc=unimix,dc=com,dc=br?one
nss_base_group ou=Grupos,dc=unimix,dc=com,dc=br?one
My smb.conf
[global]
workgroup = UNIMIX
netbios name = PDC
server string = PDC
security = user
encrypt passwords = yes
load printers = yes
log file = /var/log/samba/%m.log
max log size = 50
log level = 2
os level = 255
local master = yes
domain master = yes
preferred master = yes
domain logons = yes
admin users = Administrador, Administrator, fernando.ribeiro
logon script = %U.bat
logon path = \\%L\profiles\%U
ldap passwd sync = yes
ldap delete dn = Yes
passdb backend = ldapsam:ldap://ldap.unimix.com.br/
ldap admin dn = cn=suporte,dc=unimix,dc=com,dc=br
ldap suffix = dc=unimix,dc=com,dc=br
ldap group suffix = ou=Grupos
ldap user suffix = ou=Usuarios
ldap machine suffix = ou=Computadores
idmap uid = 1-15000
idmap gid = 1-15000
nt acl support = yes
create mask = 600
directory mask = 0700
force directory mode = 0700
passwd chat = *New*password* %n\n *Retype*new*password* %
n\n*passwd:*all*authentication*tokens*updated*successfully*
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192
SO_SNDBUF=8192
add user script = /usr/local/sbin/smbldap-useradd -m %u
add machine script = /usr/local/sbin/smbldap-useradd -w %u
add group script = /usr/local/sbin/smbldap-groupadd -p %g
add user to group script = /usr/local/sbin/smbldap-groupmod -m %u
%g
delete user script = /usr/local/sbin/smbldap-userdel %u
delete group script = /usr/local/sbin/smbldap-groupdel %g
delete user from group script = /usr/local/sbin/smbldap-groupmod
-x %u %g
set primary group script = /usr/local/sbin/smbldap-usermod -g %g
%u
dos charset = UTF-8
unix charset = UTF-8
cups server = 10.0.0.11
[homes]
comment = Diretorio Home
browseable = no
writable = yes
force user = %U
[profiles]
path = /home/profiles
read only = No
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = Yes
csc policy = disable
force user = %U
valid users = %U @Domain Admins
[netlogon]
path = /home/netlogon
browseable = No
read only = yes
[printers]
comment = Impressoras
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
My samba return this errors:
[2004/10/22 10:48:34, 5] lib/smbldap.c:smbldap_search(963)
smbldap_search: base = [dc=unimix,dc
Re: [Samba] Re: smbldap-tools don't create machine account properlly
On Friday 22 October 2004 07:52, Fernando Ribeiro wrote:
Hi Igor,
my slapd.conf
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/samba.schema
include /usr/local/etc/openldap/schema/qmail.schema
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
database bdb
suffix dc=unimix,dc=com,dc=br
rootdn cn=suporte,dc=unimix,dc=com,dc=br
rootpw {SSHA}pass
directory /usr/local/var/openldap-data
password-hash {CRYPT}
password-crypt-salt-format $1$.8s
index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName eq
index
memberUid,mail,mailAlternateAddress,givenname,accountStatus,mailHost,delive
ryMode eq index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
index default sub
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by anonymous auth
by * read
access to *
by * read
My ldap.conf
base dc=unimix,dc=com,dc=br
host ldap.unimix.com.br
rootbinddn cn=suporte,dc=unimix,dc=com,dc=br
nss_base_passwd ou=Usuarios,dc=unimix,dc=com,dc=br?one
nss_base_shadow ou=Usuarios,dc=unimix,dc=com,dc=br?one
nss_base_group ou=Grupos,dc=unimix,dc=com,dc=br?one
Change these to:
nss_base_passwd dc=unimix,dc=com,dc=br?sub
nss_base_shadow dc=unimix,dc=com,dc=br?sub
nss_base_group ou=Grupos,dc=unimix,dc=com,dc=br?one
- John T.
My smb.conf
[global]
workgroup = UNIMIX
netbios name = PDC
server string = PDC
security = user
encrypt passwords = yes
load printers = yes
log file = /var/log/samba/%m.log
max log size = 50
log level = 2
os level = 255
local master = yes
domain master = yes
preferred master = yes
domain logons = yes
admin users = Administrador, Administrator, fernando.ribeiro
logon script = %U.bat
logon path = \\%L\profiles\%U
ldap passwd sync = yes
ldap delete dn = Yes
passdb backend = ldapsam:ldap://ldap.unimix.com.br/
ldap admin dn = cn=suporte,dc=unimix,dc=com,dc=br
ldap suffix = dc=unimix,dc=com,dc=br
ldap group suffix = ou=Grupos
ldap user suffix = ou=Usuarios
ldap machine suffix = ou=Computadores
idmap uid = 1-15000
idmap gid = 1-15000
nt acl support = yes
create mask = 600
directory mask = 0700
force directory mode = 0700
passwd chat = *New*password* %n\n *Retype*new*password*
%n\n*passwd:*all*authentication*tokens*updated*successfully* socket options
= TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script
= /usr/local/sbin/smbldap-useradd -m %u
add machine script = /usr/local/sbin/smbldap-useradd -w %u
add group script = /usr/local/sbin/smbldap-groupadd -p %g
add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g
delete user script = /usr/local/sbin/smbldap-userdel %u
delete group script = /usr/local/sbin/smbldap-groupdel %g
delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u
%g set primary group script = /usr/local/sbin/smbldap-usermod -g %g
%u dos charset = UTF-8
unix charset = UTF-8
cups server = 10.0.0.11
[homes]
comment = Diretorio Home
browseable = no
writable = yes
force user = %U
[profiles]
path = /home/profiles
read only = No
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = Yes
csc policy = disable
force user = %U
valid users = %U @Domain Admins
[netlogon]
path = /home/netlogon
browseable = No
read only = yes
[printers]
comment = Impressoras
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
My samba return this errors:
[2004/10/22 10:48:34, 5] lib/smbldap.c:smbldap_search(963)
smbldap_search: base = [dc=unimix,dc=com,dc=br], filter =
[((uid=suporte$)(objectclass=sambaSamAccount))], scope = [2]
[2004/10/22 10:48:34, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1266)
ldapsam_getsampwnam: Unable to locate user [suporte$] count=0
[2004/10/22 10:48:34, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 1000) - sec_ctx_stack_ndx = 0
[2004/10/22 10:48:34, 5] lib/username.c:Get_Pwnam(293)
Finding user suporte$
[2004/10/22 10:48:34, 5] lib/username.c:Get_Pwnam_internals(223)
Trying _Get_Pwnam(), username as lowercase is suporte$
[2004/10/22 10:48:34, 5] lib/username.c:Get_Pwnam_internals(239)
Trying _Get_Pwnam(), username as uppercase is SUPORTE$
[2004/10/22 10:48:34, 5] lib/username.c:Get_Pwnam_internals(247)
Checking combinations of 0 uppercase letters in suporte$
[Samba] Re: smbldap-tools don't create machine account properlly
Is it possible that 'ldap admin dn' used in your smb.conf does not have write access to 'ou=Computers,dc=unimix,dc=com,dc=br'? What was the error in smbd log when machine failed to join the Domain? Igor Fernando Ribeiro wrote: Hi all, I have smb.conf with: add machine script = /usr/local/sbin/smbldap-useradd -w %u add user script = /usr/local/sbin/smbldap-useradd -m %u add machine script = /usr/local/sbin/smbldap-useradd -w %u add group script = /usr/local/sbin/smbldap-groupadd -p %g add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g delete user script = /usr/local/sbin/smbldap-userdel %u delete group script = /usr/local/sbin/smbldap-groupdel %g delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u while i try include the w2k machine in samba domain it create the ldap machine account entry: dn: uid=suporte$,ou=Computers,dc=unimix,dc=com,dc=br objectClass: top objectClass: inetOrgPerson objectClass: posixAccount cn: suporte$ sn: suporte$ uid: suporte$ uidNumber: 1020 gidNumber: 1000 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer And don't join in samba domain. While i create a machine account manually with: dn: uid=suporte$,ou=Computadores,dc=unimix,dc=com,dc=br gidNumber: 3 uidNumber: 1022 uid: suporte$ sambaSID: S-1-5-21-715268823-1473299472-2771147885-3044 sambaAcctFlags: [W ] cn: suporte homeDirectory: /dev/null objectClass: top objectClass: sambaSamAccount objectClass: posixAccount objectClass: account It join in the samba domain without problem. Anyone know why it don't create sambaSamAccount ? Machine account need inetOrgPerson ? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
