Re: [Samba] Re: smbldap-tools don't create machine account properlly
Hi Igor, my slapd.conf include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/samba.schema include /usr/local/etc/openldap/schema/qmail.schema pidfile /usr/local/var/run/slapd.pid argsfile /usr/local/var/run/slapd.args database bdb suffix dc=unimix,dc=com,dc=br rootdn cn=suporte,dc=unimix,dc=com,dc=br rootpw {SSHA}pass directory /usr/local/var/openldap-data password-hash {CRYPT} password-crypt-salt-format $1$.8s index objectClass,uidNumber,gidNumber eq index cn,sn,uid,displayName eq index memberUid,mail,mailAlternateAddress,givenname,accountStatus,mailHost,deliveryMode eq index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq index default sub access to attrs=userPassword,sambaLMPassword,sambaNTPassword by self write by anonymous auth by * read access to * by * read My ldap.conf base dc=unimix,dc=com,dc=br host ldap.unimix.com.br rootbinddn cn=suporte,dc=unimix,dc=com,dc=br nss_base_passwd ou=Usuarios,dc=unimix,dc=com,dc=br?one nss_base_shadow ou=Usuarios,dc=unimix,dc=com,dc=br?one nss_base_group ou=Grupos,dc=unimix,dc=com,dc=br?one My smb.conf [global] workgroup = UNIMIX netbios name = PDC server string = PDC security = user encrypt passwords = yes load printers = yes log file = /var/log/samba/%m.log max log size = 50 log level = 2 os level = 255 local master = yes domain master = yes preferred master = yes domain logons = yes admin users = Administrador, Administrator, fernando.ribeiro logon script = %U.bat logon path = \\%L\profiles\%U ldap passwd sync = yes ldap delete dn = Yes passdb backend = ldapsam:ldap://ldap.unimix.com.br/ ldap admin dn = cn=suporte,dc=unimix,dc=com,dc=br ldap suffix = dc=unimix,dc=com,dc=br ldap group suffix = ou=Grupos ldap user suffix = ou=Usuarios ldap machine suffix = ou=Computadores idmap uid = 1-15000 idmap gid = 1-15000 nt acl support = yes create mask = 600 directory mask = 0700 force directory mode = 0700 passwd chat = *New*password* %n\n *Retype*new*password* %n\n*passwd:*all*authentication*tokens*updated*successfully* socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/local/sbin/smbldap-useradd -m %u add machine script = /usr/local/sbin/smbldap-useradd -w %u add group script = /usr/local/sbin/smbldap-groupadd -p %g add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g delete user script = /usr/local/sbin/smbldap-userdel %u delete group script = /usr/local/sbin/smbldap-groupdel %g delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u dos charset = UTF-8 unix charset = UTF-8 cups server = 10.0.0.11 [homes] comment = Diretorio Home browseable = no writable = yes force user = %U [profiles] path = /home/profiles read only = No create mask = 0600 directory mask = 0700 browseable = No guest ok = Yes profile acls = Yes csc policy = disable force user = %U valid users = %U @Domain Admins [netlogon] path = /home/netlogon browseable = No read only = yes [printers] comment = Impressoras path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes My samba return this errors: [2004/10/22 10:48:34, 5] lib/smbldap.c:smbldap_search(963) smbldap_search: base = [dc=unimix,dc=com,dc=br], filter = [((uid=suporte$)(objectclass=sambaSamAccount))], scope = [2] [2004/10/22 10:48:34, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1266) ldapsam_getsampwnam: Unable to locate user [suporte$] count=0 [2004/10/22 10:48:34, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 1000) - sec_ctx_stack_ndx = 0 [2004/10/22 10:48:34, 5] lib/username.c:Get_Pwnam(293) Finding user suporte$ [2004/10/22 10:48:34, 5] lib/username.c:Get_Pwnam_internals(223) Trying _Get_Pwnam(), username as lowercase is suporte$ [2004/10/22 10:48:34, 5] lib/username.c:Get_Pwnam_internals(239) Trying _Get_Pwnam(), username as uppercase is SUPORTE$ [2004/10/22 10:48:34, 5] lib/username.c:Get_Pwnam_internals(247) Checking combinations of 0 uppercase letters in suporte$ [2004/10/22 10:48:34, 5] lib/username.c:Get_Pwnam_internals(251) Get_Pwnam_internals didn't find user [suporte$]! [2004/10/22 10:48:35, 3] rpc_server/srv_samr_nt.c:_samr_create_user(2245) _samr_create_user:
Re: [Samba] Re: smbldap-tools don't create machine account properlly
Your ldap.conf nss_base_passwd ou=Usuarios,dc=unimix,dc=com,dc=br?one Your smb.conf ldap machine suffix = ou=Computadores Your search on ldap base by nsswitch is restrict at ou=Usuarios, dc=unimix,dc=com,dc=br ... You need change your machine suffix to the same suffix used by nss_base_passwd or leave nsswitch search in machine suffix base --- Emerson Henrique Kfuri Pereira Divisão de Atendimento e Consultoria CECOM - Reitoria - UFMG Telefone: 34994009 --- Fernando Ribeiro [EMAIL PROTECTED] Enviado Por: [EMAIL PROTECTED] 22/10/2004 11:52 Para [EMAIL PROTECTED] cc Assunto Re: [Samba] Re: smbldap-tools don't create machine account properlly Hi Igor, my slapd.conf include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/samba.schema include /usr/local/etc/openldap/schema/qmail.schema pidfile /usr/local/var/run/slapd.pid argsfile /usr/local/var/run/slapd.args database bdb suffix dc=unimix,dc=com,dc=br rootdn cn=suporte,dc=unimix,dc=com,dc=br rootpw {SSHA}pass directory /usr/local/var/openldap-data password-hash {CRYPT} password-crypt-salt-format $1$.8s index objectClass,uidNumber,gidNumber eq index cn,sn,uid,displayName eq index memberUid,mail,mailAlternateAddress,givenname, accountStatus,mailHost,deliveryMode eq index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq index default sub access to attrs=userPassword,sambaLMPassword,sambaNTPassword by self write by anonymous auth by * read access to * by * read My ldap.conf base dc=unimix,dc=com,dc=br host ldap.unimix.com.br rootbinddn cn=suporte,dc=unimix,dc=com,dc=br nss_base_passwd ou=Usuarios,dc=unimix,dc=com,dc=br?one nss_base_shadow ou=Usuarios,dc=unimix,dc=com,dc=br?one nss_base_group ou=Grupos,dc=unimix,dc=com,dc=br?one My smb.conf [global] workgroup = UNIMIX netbios name = PDC server string = PDC security = user encrypt passwords = yes load printers = yes log file = /var/log/samba/%m.log max log size = 50 log level = 2 os level = 255 local master = yes domain master = yes preferred master = yes domain logons = yes admin users = Administrador, Administrator, fernando.ribeiro logon script = %U.bat logon path = \\%L\profiles\%U ldap passwd sync = yes ldap delete dn = Yes passdb backend = ldapsam:ldap://ldap.unimix.com.br/ ldap admin dn = cn=suporte,dc=unimix,dc=com,dc=br ldap suffix = dc=unimix,dc=com,dc=br ldap group suffix = ou=Grupos ldap user suffix = ou=Usuarios ldap machine suffix = ou=Computadores idmap uid = 1-15000 idmap gid = 1-15000 nt acl support = yes create mask = 600 directory mask = 0700 force directory mode = 0700 passwd chat = *New*password* %n\n *Retype*new*password* % n\n*passwd:*all*authentication*tokens*updated*successfully* socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/local/sbin/smbldap-useradd -m %u add machine script = /usr/local/sbin/smbldap-useradd -w %u add group script = /usr/local/sbin/smbldap-groupadd -p %g add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g delete user script = /usr/local/sbin/smbldap-userdel %u delete group script = /usr/local/sbin/smbldap-groupdel %g delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u dos charset = UTF-8 unix charset = UTF-8 cups server = 10.0.0.11 [homes] comment = Diretorio Home browseable = no writable = yes force user = %U [profiles] path = /home/profiles read only = No create mask = 0600 directory mask = 0700 browseable = No guest ok = Yes profile acls = Yes csc policy = disable force user = %U valid users = %U @Domain Admins [netlogon] path = /home/netlogon browseable = No read only = yes [printers] comment = Impressoras path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes My samba return this errors: [2004/10/22 10:48:34, 5] lib/smbldap.c:smbldap_search(963) smbldap_search: base = [dc=unimix,dc=com,dc=br], filter = [((uid=suporte$)(objectclass=sambaSamAccount))], scope = [2] [2004/10/22 10:48:34, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1266) ldapsam_getsampwnam: Unable to locate user [suporte$] count=0 [2004/10/22 10:48:34, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 1000) - sec_ctx_stack_ndx = 0 [2004/10/22 10:48:34
Re: [Samba] Re: smbldap-tools don't create machine account properlly
My ldap.conf restrict search to ou=Usuarios only comment nss_base options and it work fine Thanks all Palavras de [EMAIL PROTECTED] [Fri, Oct 22, 2004 at 11:22:12AM -0300]: Your ldap.conf nss_base_passwd ou=Usuarios,dc=unimix,dc=com,dc=br?one Your smb.conf ldap machine suffix = ou=Computadores Your search on ldap base by nsswitch is restrict at ou=Usuarios, dc=unimix,dc=com,dc=br ... You need change your machine suffix to the same suffix used by nss_base_passwd or leave nsswitch search in machine suffix base --- Emerson Henrique Kfuri Pereira Divisão de Atendimento e Consultoria CECOM - Reitoria - UFMG Telefone: 34994009 --- Fernando Ribeiro [EMAIL PROTECTED] Enviado Por: [EMAIL PROTECTED] 22/10/2004 11:52 Para [EMAIL PROTECTED] cc Assunto Re: [Samba] Re: smbldap-tools don't create machine account properlly Hi Igor, my slapd.conf include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/samba.schema include /usr/local/etc/openldap/schema/qmail.schema pidfile /usr/local/var/run/slapd.pid argsfile /usr/local/var/run/slapd.args database bdb suffix dc=unimix,dc=com,dc=br rootdn cn=suporte,dc=unimix,dc=com,dc=br rootpw {SSHA}pass directory /usr/local/var/openldap-data password-hash {CRYPT} password-crypt-salt-format $1$.8s index objectClass,uidNumber,gidNumber eq index cn,sn,uid,displayName eq index memberUid,mail,mailAlternateAddress,givenname, accountStatus,mailHost,deliveryMode eq index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq index default sub access to attrs=userPassword,sambaLMPassword,sambaNTPassword by self write by anonymous auth by * read access to * by * read My ldap.conf base dc=unimix,dc=com,dc=br host ldap.unimix.com.br rootbinddn cn=suporte,dc=unimix,dc=com,dc=br nss_base_passwd ou=Usuarios,dc=unimix,dc=com,dc=br?one nss_base_shadow ou=Usuarios,dc=unimix,dc=com,dc=br?one nss_base_group ou=Grupos,dc=unimix,dc=com,dc=br?one My smb.conf [global] workgroup = UNIMIX netbios name = PDC server string = PDC security = user encrypt passwords = yes load printers = yes log file = /var/log/samba/%m.log max log size = 50 log level = 2 os level = 255 local master = yes domain master = yes preferred master = yes domain logons = yes admin users = Administrador, Administrator, fernando.ribeiro logon script = %U.bat logon path = \\%L\profiles\%U ldap passwd sync = yes ldap delete dn = Yes passdb backend = ldapsam:ldap://ldap.unimix.com.br/ ldap admin dn = cn=suporte,dc=unimix,dc=com,dc=br ldap suffix = dc=unimix,dc=com,dc=br ldap group suffix = ou=Grupos ldap user suffix = ou=Usuarios ldap machine suffix = ou=Computadores idmap uid = 1-15000 idmap gid = 1-15000 nt acl support = yes create mask = 600 directory mask = 0700 force directory mode = 0700 passwd chat = *New*password* %n\n *Retype*new*password* % n\n*passwd:*all*authentication*tokens*updated*successfully* socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/local/sbin/smbldap-useradd -m %u add machine script = /usr/local/sbin/smbldap-useradd -w %u add group script = /usr/local/sbin/smbldap-groupadd -p %g add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g delete user script = /usr/local/sbin/smbldap-userdel %u delete group script = /usr/local/sbin/smbldap-groupdel %g delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u dos charset = UTF-8 unix charset = UTF-8 cups server = 10.0.0.11 [homes] comment = Diretorio Home browseable = no writable = yes force user = %U [profiles] path = /home/profiles read only = No create mask = 0600 directory mask = 0700 browseable = No guest ok = Yes profile acls = Yes csc policy = disable force user = %U valid users = %U @Domain Admins [netlogon] path = /home/netlogon browseable = No read only = yes [printers] comment = Impressoras path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes My samba return this errors: [2004/10/22 10:48:34, 5] lib/smbldap.c:smbldap_search(963) smbldap_search: base = [dc=unimix,dc
Re: [Samba] Re: smbldap-tools don't create machine account properlly
On Friday 22 October 2004 07:52, Fernando Ribeiro wrote: Hi Igor, my slapd.conf include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/samba.schema include /usr/local/etc/openldap/schema/qmail.schema pidfile /usr/local/var/run/slapd.pid argsfile /usr/local/var/run/slapd.args database bdb suffix dc=unimix,dc=com,dc=br rootdn cn=suporte,dc=unimix,dc=com,dc=br rootpw {SSHA}pass directory /usr/local/var/openldap-data password-hash {CRYPT} password-crypt-salt-format $1$.8s index objectClass,uidNumber,gidNumber eq index cn,sn,uid,displayName eq index memberUid,mail,mailAlternateAddress,givenname,accountStatus,mailHost,delive ryMode eq index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq index default sub access to attrs=userPassword,sambaLMPassword,sambaNTPassword by self write by anonymous auth by * read access to * by * read My ldap.conf base dc=unimix,dc=com,dc=br host ldap.unimix.com.br rootbinddn cn=suporte,dc=unimix,dc=com,dc=br nss_base_passwd ou=Usuarios,dc=unimix,dc=com,dc=br?one nss_base_shadow ou=Usuarios,dc=unimix,dc=com,dc=br?one nss_base_group ou=Grupos,dc=unimix,dc=com,dc=br?one Change these to: nss_base_passwd dc=unimix,dc=com,dc=br?sub nss_base_shadow dc=unimix,dc=com,dc=br?sub nss_base_group ou=Grupos,dc=unimix,dc=com,dc=br?one - John T. My smb.conf [global] workgroup = UNIMIX netbios name = PDC server string = PDC security = user encrypt passwords = yes load printers = yes log file = /var/log/samba/%m.log max log size = 50 log level = 2 os level = 255 local master = yes domain master = yes preferred master = yes domain logons = yes admin users = Administrador, Administrator, fernando.ribeiro logon script = %U.bat logon path = \\%L\profiles\%U ldap passwd sync = yes ldap delete dn = Yes passdb backend = ldapsam:ldap://ldap.unimix.com.br/ ldap admin dn = cn=suporte,dc=unimix,dc=com,dc=br ldap suffix = dc=unimix,dc=com,dc=br ldap group suffix = ou=Grupos ldap user suffix = ou=Usuarios ldap machine suffix = ou=Computadores idmap uid = 1-15000 idmap gid = 1-15000 nt acl support = yes create mask = 600 directory mask = 0700 force directory mode = 0700 passwd chat = *New*password* %n\n *Retype*new*password* %n\n*passwd:*all*authentication*tokens*updated*successfully* socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/local/sbin/smbldap-useradd -m %u add machine script = /usr/local/sbin/smbldap-useradd -w %u add group script = /usr/local/sbin/smbldap-groupadd -p %g add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g delete user script = /usr/local/sbin/smbldap-userdel %u delete group script = /usr/local/sbin/smbldap-groupdel %g delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u dos charset = UTF-8 unix charset = UTF-8 cups server = 10.0.0.11 [homes] comment = Diretorio Home browseable = no writable = yes force user = %U [profiles] path = /home/profiles read only = No create mask = 0600 directory mask = 0700 browseable = No guest ok = Yes profile acls = Yes csc policy = disable force user = %U valid users = %U @Domain Admins [netlogon] path = /home/netlogon browseable = No read only = yes [printers] comment = Impressoras path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes My samba return this errors: [2004/10/22 10:48:34, 5] lib/smbldap.c:smbldap_search(963) smbldap_search: base = [dc=unimix,dc=com,dc=br], filter = [((uid=suporte$)(objectclass=sambaSamAccount))], scope = [2] [2004/10/22 10:48:34, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1266) ldapsam_getsampwnam: Unable to locate user [suporte$] count=0 [2004/10/22 10:48:34, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 1000) - sec_ctx_stack_ndx = 0 [2004/10/22 10:48:34, 5] lib/username.c:Get_Pwnam(293) Finding user suporte$ [2004/10/22 10:48:34, 5] lib/username.c:Get_Pwnam_internals(223) Trying _Get_Pwnam(), username as lowercase is suporte$ [2004/10/22 10:48:34, 5] lib/username.c:Get_Pwnam_internals(239) Trying _Get_Pwnam(), username as uppercase is SUPORTE$ [2004/10/22 10:48:34, 5] lib/username.c:Get_Pwnam_internals(247) Checking combinations of 0 uppercase letters in suporte$
[Samba] Re: smbldap-tools don't create machine account properlly
Is it possible that 'ldap admin dn' used in your smb.conf does not have write access to 'ou=Computers,dc=unimix,dc=com,dc=br'? What was the error in smbd log when machine failed to join the Domain? Igor Fernando Ribeiro wrote: Hi all, I have smb.conf with: add machine script = /usr/local/sbin/smbldap-useradd -w %u add user script = /usr/local/sbin/smbldap-useradd -m %u add machine script = /usr/local/sbin/smbldap-useradd -w %u add group script = /usr/local/sbin/smbldap-groupadd -p %g add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g delete user script = /usr/local/sbin/smbldap-userdel %u delete group script = /usr/local/sbin/smbldap-groupdel %g delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u while i try include the w2k machine in samba domain it create the ldap machine account entry: dn: uid=suporte$,ou=Computers,dc=unimix,dc=com,dc=br objectClass: top objectClass: inetOrgPerson objectClass: posixAccount cn: suporte$ sn: suporte$ uid: suporte$ uidNumber: 1020 gidNumber: 1000 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer And don't join in samba domain. While i create a machine account manually with: dn: uid=suporte$,ou=Computadores,dc=unimix,dc=com,dc=br gidNumber: 3 uidNumber: 1022 uid: suporte$ sambaSID: S-1-5-21-715268823-1473299472-2771147885-3044 sambaAcctFlags: [W ] cn: suporte homeDirectory: /dev/null objectClass: top objectClass: sambaSamAccount objectClass: posixAccount objectClass: account It join in the samba domain without problem. Anyone know why it don't create sambaSamAccount ? Machine account need inetOrgPerson ? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba