Re: [Samba] add machine script -problem
This has been working for me since 3.0.10: add machine script = /usr/sbin/useradd -d /dev/null -g domaincomputers -s /bin/false -M %u;passwd -l %u Jim when i was trying to add (join) windows xp client(gari$) to samba pdc by using samba adminuser and passwd ,i got the error invalid username.In serverside log file(/var/log/samba/gari.loh) it shows gari$ invalid username.i am using samba 3.0.10 and RHEL4 as samba server.my configuration file is here below. # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command testparm # to check that you have not made any basic syntactic errors. # #=== Global Settings = [global] # workgroup = NT-Domain-Name or Workgroup-Name workgroup = example.com # server string is the equivalent of the NT Description field server string = Samba Server # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the loopback interface. For more examples of the syntax see # the smb.conf man page ; hosts allow = 192.168.1. 192.168.2. 127. # if you want to automatically load your printer list rather # than setting them up individually then you'll need this printcap name = /etc/printcap load printers = yes # It should not be necessary to spell out the print system type unless # yours is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx printing = cups # This option tells cups that the data has already been rasterized cups options = raw # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user nobody is used ; guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/%m.log # all log information in one file # log file = /var/log/samba/smbd.log # Put a capping on the size of the log files (in Kb). max log size = 50 # Security mode. Most people will want user level security. See # security_level.txt for details. security = user # Use password server option only with security = server ; password server = NT-Server-Name # Password Level allows matching of _n_ characters of the password for # all combinations of upper and lower case. ; password level = 8 ; username level = 8 # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd # The following are needed to allow password changing from Windows to # update the Linux system password also. # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. # NOTE2: You do NOT need these to allow workstations to change only #the encrypted SMB passwords. They allow the Unix password #to be kept in sync with the SMB password. ; unix password sync = Yes ; passwd program = /usr/bin/passwd %u ; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* # Unix users can map to different SMB User names ; username map = /etc/samba/smbusers # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /etc/samba/smb.conf.%m # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. ; interfaces = 192.168.12.2/24 192.168.13.2/24 # Configure remote browse list synchronisation here # request announcement to, or browse list sync from: # a specific host or from / to a whole subnet (see below) ; remote browse sync = 192.168.3.25 192.168.5.255 # Cause this host to announce itself to local subnets here ; remote announce = 192.168.1.255 192.168.2.44 # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise
[Samba] add machine script -problem
when i was trying to add (join) windows xp client(gari$) to samba pdc by using samba adminuser and passwd ,i got the error invalid username.In serverside log file(/var/log/samba/gari.loh) it shows gari$ invalid username.i am using samba 3.0.10 and RHEL4 as samba server.my configuration file is here below. # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command testparm # to check that you have not made any basic syntactic errors. # #=== Global Settings = [global] # workgroup = NT-Domain-Name or Workgroup-Name workgroup = example.com # server string is the equivalent of the NT Description field server string = Samba Server # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the loopback interface. For more examples of the syntax see # the smb.conf man page ; hosts allow = 192.168.1. 192.168.2. 127. # if you want to automatically load your printer list rather # than setting them up individually then you'll need this printcap name = /etc/printcap load printers = yes # It should not be necessary to spell out the print system type unless # yours is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx printing = cups # This option tells cups that the data has already been rasterized cups options = raw # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user nobody is used ; guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/%m.log # all log information in one file # log file = /var/log/samba/smbd.log # Put a capping on the size of the log files (in Kb). max log size = 50 # Security mode. Most people will want user level security. See # security_level.txt for details. security = user # Use password server option only with security = server ; password server = NT-Server-Name # Password Level allows matching of _n_ characters of the password for # all combinations of upper and lower case. ; password level = 8 ; username level = 8 # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd # The following are needed to allow password changing from Windows to # update the Linux system password also. # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. # NOTE2: You do NOT need these to allow workstations to change only #the encrypted SMB passwords. They allow the Unix password #to be kept in sync with the SMB password. ; unix password sync = Yes ; passwd program = /usr/bin/passwd %u ; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* # Unix users can map to different SMB User names ; username map = /etc/samba/smbusers # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /etc/samba/smb.conf.%m # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. ; interfaces = 192.168.12.2/24 192.168.13.2/24 # Configure remote browse list synchronisation here # request announcement to, or browse list sync from: # a specific host or from / to a whole subnet (see below) ; remote browse sync = 192.168.3.25 192.168.5.255 # Cause this host to announce itself to local subnets here ; remote announce = 192.168.1.255 192.168.2.44 # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply local master = yes # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable os level = 65 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to
Re: [Samba] add machine script -problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/11/2006 01:01 PM, ravi kumar escreveu: when i was trying to add (join) windows xp client(gari$) to samba pdc by using samba adminuser and passwd ,i got the error invalid username.In serverside log file(/var/log/samba/gari.loh) it shows gari$ invalid username.i am using samba 3.0.10 and RHEL4 as samba server.my configuration file is here below. Please, next time you post your config file, try to not wrap it... # Be very careful with case sensitivity - it can break things! auth methods = guest sam winbind case sensitive = no add machine script = /usr/sbin/adduser -n -g machines -s /bin/false -d /dev/null %m$ From the [1]Samba Documentatio: add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s /bin/false -M %u 1. http://us2.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html Of course it can change from distro to distro, but I don't think you should use the %m$. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFfafmCj65ZxU4gPQRAh6FAJ97yd7Cns+H1GyDmUGXSITyojouSQCaAqH7 /wlhn3vI4VA8+5Oyx9byBbw= =9OuP -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] add machine script problem with Fedora core 5
I am having some trouble with Samba 3.0.21b-2 as a PDC running on Fedora core 5. In particular, on-the-fly creation of machine accounts using the add machine script parameter does not seem to work. In smb.conf, I have the following line: add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u When I try to join a new WinXP machine to the domain, it fails to create the machine account. The error log for the client host reports: [2006/03/31 15:19:31, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M embera$' gave 82 According to the man pages for 'useradd', there is no error code 82. If I try to manually run the useradd command myself, it works fine, and the machine is subsequently able to join the domain. Furthermore, no matter what I specify for the 'add machine script' parameter, it ALWAYS fails with gave 82. For example, I tried: add machine script = /usr/sbin/addMachine.sh addMachine.sh: echo this is a test /usr/sbin/test.txt This script never gets called (test.txt is not created), and the error log STILL reports gave 82: [2006/03/31 15:19:31, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/bin/addMachine.sh' gave 82 Any help is greatly appreciated. Below is my smb.conf for reference. Thanks, James smb.conf [global] # workgroup = NT-Domain-Name or Workgroup-Name netbios name = kuna workgroup = PANAMA domain logons = yes domain master = yes security = user add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u domain admin users = root # server string is the equivalent of the NT Description field server string = Samba Server # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the loopback interface. For more examples of the syntax see # the smb.conf man page ; hosts allow = 192.168.1. 192.168.2. 127. # if you want to automatically load your printer list rather # than setting them up individually then you'll need this printcap name = /etc/printcap load printers = yes # It should not be necessary to spell out the print system type unless # yours is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx ; printing = cups # This option tells cups that the data has already been rasterized cups options = raw # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user nobody is used ; guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/%m.log # all log information in one file # log file = /var/log/samba/log.smbd # Put a capping on the size of the log files (in Kb). max log size = 50 # Security mode. Most people will want user level security. See # security_level.txt for details. ; security = user # Use password server option only with security = server ; password server = NT-Server-Name # Password Level allows matching of _n_ characters of the password for # all combinations of upper and lower case. ; password level = 8 ; username level = 8 # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd # The following are needed to allow password changing from Windows to # update the Linux system password also. # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. # NOTE2: You do NOT need these to allow workstations to change only #the encrypted SMB passwords. They allow the Unix password #to be kept in sync with the SMB password. ; unix password sync = Yes ; passwd program = /usr/bin/passwd %u ; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passw d:*all*authentication*tokens*updated*successfully* # Unix users can map to different SMB User names ; username map = /etc/samba/smbusers # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /etc/samba/smb.conf.%m # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. ; interfaces = 192.168.12.2/24 192.168.13.2/24 # Configure remote browse list synchronisation here # request announcement
[Samba] add machine script problem
I am having trouble getting samba to execute the add machine script properly. It seems to be executing this script as a non-root user. I am running trustix with the 2.4.30 kernel. Samba is version 3.0.14a. Here is the output from testparm: Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [netlogon] Processing section [backup] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions # Global parameters [global] workgroup = EE server string = Trustix Secure Linux Samba Server passdb backend = ldapsam:ldap://localhost/ log file = /var/log/samba/log.%I max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/local/sbin/smbldap-useradd -m %u delete user script = /usr/local/sbin/smbldap-userdel %u add group script = /usr/local/sbin/smbldap-groupadd -p %g delete group script = /usr/local/sbin/smbldap-groupdel %g add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u add machine script = /usr/local/sbin/smbldap-useradd -w %u logon script = logon.bat logon path = logon drive = H: domain logons = Yes os level = 32 preferred master = Yes domain master = Yes wins proxy = Yes wins support = Yes ldap admin dn = cn=admin,dc=experts-exchange,dc=com ldap delete dn = Yes ldap group suffix = ou=Groups ldap idmap suffix = ou=People ldap machine suffix = ou=Computers ldap passwd sync = Yes ldap suffix = dc=experts-exchange,dc=com ldap user suffix = ou=People [homes] comment = Home Directories path = /home/users/%S valid users = %S read only = No create mask = 0600 directory mask = 0700 browseable = No [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = Yes share modes = No [backup] comment = Backups path = /backup browseable = No When in run `net join EE -U root` I get the following error: [2005/07/07 17:06:26, 0] utils/net_ads.c:ads_startup(191) ads_connect: No results returned Creation of workstation account failed Unable to join domain EE. Here is a snippit of part of the log that is generated when i run that command. As you can see from the last lines, smbldap-useradd did not run properly because it could not open the smbldap.conf file. The permissions on this file are 0600; it is owned by root. [2005/07/07 16:59:56, 5] lib/smbldap.c:smbldap_search(1038) smbldap_search: base = [dc=experts-exchange,dc=com], filter = [((uid=filese rver$)(objectclass=sambaSamAccount))], scope = [2] [2005/07/07 16:59:56, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1334) ldapsam_getsampwnam: Unable to locate user [fileserver$] count=0 [2005/07/07 16:59:56, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (1, 513) - sec_ctx_stack_ndx = 0 [2005/07/07 16:59:56, 5] lib/username.c:Get_Pwnam(293) Finding user fileserver$ [2005/07/07 16:59:56, 5] lib/username.c:Get_Pwnam_internals(223) Trying _Get_Pwnam(), username as lowercase is fileserver$ [2005/07/07 16:59:56, 5] lib/username.c:Get_Pwnam_internals(239) Trying _Get_Pwnam(), username as uppercase is FILESERVER$ [2005/07/07 16:59:56, 5] lib/username.c:Get_Pwnam_internals(247) Checking combinations of 0 uppercase letters in fileserver$ [2005/07/07 16:59:56, 5] lib/username.c:Get_Pwnam_internals(251) Get_Pwnam_internals didn't find user [fileserver$]! [2005/07/07 16:59:56, 5] rpc_server/srv_samr_nt.c:_samr_create_user(2311) _samr_create_user: can add this account : False Unable to open /etc/opt/IDEALX/smbldap-tools/smbldap.conf for reading ! Compilation failed in require at /usr/local/sbin/smbldap-useradd line 33. BEGIN failed--compilation aborted at /usr/local/sbin/smbldap-useradd line 33. [2005/07/07 16:59:56, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2324) _samr_create_user: Running the command `/usr/local/sbin/smbldap-useradd -w fi leserver$' gave 2 How can I get this script to run as root? Brian Abreu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] add machine script problem
Hello I set up a Samba 3 PDC with ldap backend. I created an script that adds machine accounts. First it adds the machine account to /etc/passwd and then it creates the user in ldap with smbpasswd -a -m machine. If I run the script by hand, it works and the account has been added. After that I can join the domain without any problems. Now I want to make this machine account creation on the fly. So I added the script to smb.conf as add user script = /path/to/createmachineaccount.sh. If I try to join a domain with a workstation that hasn't any account, the script creates the machine account but on error occurs that I can't log in because the account doesn't exist. After that if I try to join again, the logon process works because it found the machine account. So I have to join every workstation twice, first for user creation and second for joining the domain. Why doesn't this work in one step? On our old samba 2.2.8a PDC with ldap backend, the whole things worked with the same machine add script. I welcome any suggestions. best regards Lukas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] add machine script problem
* Lukas Meyer [EMAIL PROTECTED] nulis: Hello I set up a Samba 3 PDC with ldap backend. I created an script that adds machine accounts. First it adds the machine account to /etc/passwd and then it creates the user in ldap with smbpasswd -a -m machine. If I run the script by hand, it works and the account has been added. After that I can join the domain without any problems. Now I want to make this machine account creation on the fly. So I added the script to smb.conf as add user script = /path/to/createmachineaccount.sh. If I try to join a domain with a workstation that hasn't any account, the script creates the machine account but on error occurs that I can't log in because the account doesn't exist. After that if I try to join again, the logon process works because it found the machine account. IMO it was because samba can not 'see' changes in ldap. You have to set sleep time in add machine script? btw, why not putting posix account in ldap directory intead of file? --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] add machine script problem
Beast wrote: * Lukas Meyer [EMAIL PROTECTED] nulis: Hello I set up a Samba 3 PDC with ldap backend. I created an script that adds machine accounts. First it adds the machine account to /etc/passwd and then it creates the user in ldap with smbpasswd -a -m machine. If I run the script by hand, it works and the account has been added. After that I can join the domain without any problems. Now I want to make this machine account creation on the fly. So I added the script to smb.conf as add user script = /path/to/createmachineaccount.sh. If I try to join a domain with a workstation that hasn't any account, the script creates the machine account but on error occurs that I can't log in because the account doesn't exist. After that if I try to join again, the logon process works because it found the machine account. IMO it was because samba can not 'see' changes in ldap. You have to set sleep time in add machine script? btw, why not putting posix account in ldap directory intead of file? --beast Hello I added a sleep time to the add machine script but there's no success. How do you mean putting a posix account in ldap instead of file? If I add a posix account to the machine-account, what file won't I need? regards lm -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] add machine script problem
* Lukas Meyer [EMAIL PROTECTED] nulis: Hello I added a sleep time to the add machine script but there's no success. IMO you really turn on log level to 5 or higher and check also ldap.log file. If it's slave ldap server, then set ldap replication sleep option. How do you mean putting a posix account in ldap instead of file? If I add a posix account to the machine-account, what file won't I need? I mean using pam/nss ldap, you won't need to store account in /etc/passwd anymore. --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] add machine script problem
Am Donnerstag, 11. März 2004 13:28 schrieb Lukas Meyer: Hello I set up a Samba 3 PDC with ldap backend. I created an script that adds machine accounts. First it adds the machine account to /etc/passwd and then it creates the user in ldap with smbpasswd -a -m machine. If I run the script by hand, it works and the account has been added. After that I can join the domain without any problems. Now I want to make this machine account creation on the fly. So I added the script to smb.conf as add user script = /path/to/createmachineaccount.sh. If I try to join a domain with a workstation that hasn't any account, the script creates the machine account but on error occurs that I can't log in because the account doesn't exist. After that if I try to join again, the logon process works because it found the machine account. So I have to join every workstation twice, first for user creation and second for joining the domain. Why doesn't this work in one step? On our old samba 2.2.8a PDC with ldap backend, the whole things worked with the same machine add script. I welcome any suggestions. best regards Lukas hi lucas, can U please support me with the addmachine script ? we want to do the same - but i don't really know how. maybe we find the the little failure together. thanks for your support. best regards -- Jörn Fenzel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba