Re: [Samba] XP Can't Join Domain

2004-08-26 Thread Gerald (Jerry) Carter 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Joshua Schmidlkofer wrote:
| usersdn=ou=Users,dc=mydc,dc=com
| computersdn=ou=Computers,dc=mydc,dc=com
|
| I set my nss_ldap as such:
|
| nss_base_passwd  dc=mydc,dc=com?sub
According to Luke Howard, nss_ldap 204
or later (i may be slightly off on the version)
will support
nss_base_passwd  ou=users,dc=mydc,dc=com?sub
nss_base_passwd  ou=computers,dc=mydc,dc=com?sub
rather than haveing to search from the parent.
I haven't had a chance to verify this yet though.

cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
If we're adding to the noise, turn off this song--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBLfs+IR7qMdg1EfYRAjNjAKDaqCPnHT9GCgNOfvQvm3hflRLLjgCeIckB
8kowi8BSsHD00YOEyGYhBLo=
=jNbX
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] XP Can't Join Domain

2004-08-24 Thread Joshua Schmidlkofer 
Daniel R. Meigs wrote:
Thanks for your reply. The problem was having the computers in ou=Computers.
I put them in ou=People and the problem was solved.
--Dan
Daniel:
  I deleted the following options from the smb.conf
#ldap user suffix = ou=People
#ldap machine suffix = ou=Computers
But I left the options set in my smbldap.conf.
usersdn=ou=Users,dc=mydc,dc=com
computersdn=ou=Computers,dc=mydc,dc=com
I set my nss_ldap as such:
nss_base_passwd  dc=mydc,dc=com?sub
nss_base_shadow  dc=mydc,dc=com?sub
---
The end result is some extra sub queries - which is ok for me.  I also 
get the benefit of having the logical separation between the Users and 
Computers.   I really like that.   I am still limited by uid names, and 
I can think of a few other unsavory situations.   However, I do like it 
that way and it works very nicely.

I am glad you got yours going.
thanks,
  Joshua


signature.asc
Description: OpenPGP digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] XP Can't Join Domain

2004-07-02 Thread Paul Gienger 
Daniel R. Meigs wrote:
Dan Meigs wrote:
 

I am running Samba 3.0.2 as a PDC on a Fedora Core 1 machine using openldap
as the password backend. I think I've got all the openldap stuff working. I
can log in, ssh, etc. using ldap accounts.
When I try to join an XP machine to the domain, I get an error on the XP
machine that reads: The following error occurred attempting to join the
domain TIMBERLINE: The user name could not be found.
When I check the logs, it is clear that the authentication succeeded and
   

the
 

script to add a machine account completed successfully. So I can't figure
out what is causing the error. 

Any help would be much appreciated!
   

I found the problem! It turned out to be an ldap problem after all. I had
added the machine account to ou=Computers as detailed in most of the
Samba/LDAP documentation. However, Samba was looking for the machine account
in ou=People. 

So I made the necessary change to smbldap_conf.pm, and I was able to join
the domain.
There is probably a way to make ou=Computers work, but I haven't a clue how.
 

This is actually a well known (to people that read this list for more 
than a couple weeks) bug in the design of samba.  I could swear I got it 
working once on a linux box without reconfiguring pam_nss, but I could 
be wrong.

--Dan
 

--
Paul Gienger Office:701-281-1884
Applied Engineering Inc. Cell:  701-306-6254
Information Systems Consultant   Fax:   701-281-1322
URL: www.ae-solutions.commailto:[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] XP Can't Join Domain

2004-06-29 Thread Daniel R. Meigs 
I am running Samba 3.0.2 as a PDC on a Fedora Core 1 machine using openldap
as the password backend. I think I've got all the openldap stuff working. I
can log in, ssh, etc. using ldap accounts.

When I try to join an XP machine to the domain, I get an error on the XP
machine that reads: The following error occurred attempting to join the
domain TIMBERLINE: The user name could not be found.

When I check the logs, it is clear that the authentication succeeded and the
script to add a machine account completed successfully. So I can't figure
out what is causing the error. 

Any help would be much appreciated!

Dan Meigs


My smb.conf file is as follows:


#=== Global Settings =
[global]
   log level = 3
   workgroup = TIMBERLINE
   netbios name = RAINIER
   security = user
   encrypt passwords = yes
   username map = /etc/samba/smbusers
   add user script = /usr/local/sbin/smbldap-useradd.pl -a -m '%u'
   delete user script = /usr/local/sbin/smbldap-userdel.pl '%u'
   add group script = /usr/local/sbin/smbldap-groupadd.pl -p '%g'
   delete group script = /usr/local/sbin/smbldap-groupdel.pl '%g'
   add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m '%g'
'%u'
   delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x
'%g' '%u'
   set primary group script = /usr/local/sbin/smbldap-usermod.pl -g '%g'
'%u'
   add machine script = /usr/local/sbin/smbldap-useradd.pl -w '%m'
   ldap admin dn = cn=Manager,dc=tlinenm,dc=com
   ldap ssl = start tls
   passdb backend = ldapsam:ldap://rainier.tlinenm.com
   ldap delete dn = no
   ldap user suffix = ou=People
   ldap group suffix = ou=Groups
   ldap machine suffix = ou=Computers
   ldap suffix = dc=tlinenm,dc=com
   ldap filter = ((uid=%u)(objectclass=sambaSamAccount))
   server string = Samba Server on Rainier
   hosts allow = 192.168.0. 127.
   printcap name = cups
   printing = cups
   log file = /var/log/samba/%m.log
   max log size = 500
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   os level = 35
   domain master = yes 
   preferred master = yes
   domain logons = yes
   wins support = yes
   dns proxy = yes 

# Share Definitions ==
[homes]
   comment = Home Directories
   browseable = no
   writable = yes

 [netlogon]
   comment = Network Logon Service
   path = /home/netlogon
   guest ok = yes
   writable = no
   share modes = no


[Profiles]
path = /home/profiles
browseable = no
guest ok = yes


[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
   guest ok = no
   writable = no
   printable = yes

[tmp]
   comment = Temporary file space
   path = /tmp
   read only = no
   public = yes

-
The smb log file is as follows (log level 2):

[2004/06/29 12:35:07, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
  init_sam_from_ldap: Entry found for user: root
[2004/06/29 12:35:07, 2] passdb/pdb_ldap.c:init_group_from_ldap(1697)
  init_group_from_ldap: Entry found for group: 512
[2004/06/29 12:35:07, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [Administrator] - [root] -
[root] succeeded
[2004/06/29 12:35:07, 2] lib/access.c:check_access(324)
  Allowed connection from  (192.168.0.98)
[2004/06/29 12:35:08, 2] smbd/server.c:exit_server(558)
  Closing connections
[2004/06/29 12:35:09, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
  init_sam_from_ldap: Entry found for user: root
[2004/06/29 12:35:09, 2] passdb/pdb_ldap.c:init_group_from_ldap(1697)
  init_group_from_ldap: Entry found for group: 512
[2004/06/29 12:35:09, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [Administrator] - [root] -
[root] succeeded
[2004/06/29 12:35:09, 2] lib/access.c:check_access(324)
  Allowed connection from  (192.168.0.98)
[2004/06/29 12:35:09, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2461)
  Returning domain sid for domain TIMBERLINE -
S-1-5-21-1936347354-1918943746-3536452940
[2004/06/29 12:35:10, 2] smbd/server.c:exit_server(558)
  Closing connections

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba