[Samba] problems on join domain on Samba3 + ldap

[Vanni Della Ricca]

Hello,

I' have problems with samba3 + ldap PDC.
in particular can't join more then 2 workstation at domain.
i thinks that problems is on generating the UID part on SID (the final part)
the first Computer then join on domain have SID 
S-1-5-21-3642312925-2943760701-1776766777-3000

the second have evere SID

S-1-5-21-3642312925-2943760701-1776766777-2052

after never workstation succeed join on domain, samba adds corectly a posix 
account on LDAP directory,but not complete it with sambaSamAttributes

my configuration is
samba 3.0.2 
openldap2-2.1.22
smbldap-tools-0.8.3

on SuSE 9.0

my final scenario is
1 master-ldap
10 slave-ldap with samba PDC with different domain

follow configuration files

/etc/ldap.conf

# Your LDAP server. Must be resolvable without using LDAP.
host127.0.0.1

# The distinguished name of the search base.
baseou=People,dc=xxx,dc=it

# The LDAP version to use (defaults to 3
# if supported by client library)
ldap_version3

# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
#binddn cn=Manager,dc=example,dc=it

# The credentials to bind with. 
# Optional: default is no credential.
#bindpw secret

# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/ldap.secret (mode 600)
#rootbinddn cn=Manager,dc=example,dc=it


pam_passwordcrypt


# OpenLDAP SSL mechanism
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
ssl no
nss_base_passwd dc=xxx,dc=it
nss_base_shadow dc=xxx,dc=it
nss_base_group  dc=xxx,dc=it
#ssl on

smb.conf
# Global parameters
[global]
workgroup = DEPARTMENT1
netbios name = SERVER-DEPARTMENT1
security = user
passdb backend = ldapsam:ldap://localhost
log level = 2
time server = Yes
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
printcap name = CUPS
add user script = /usr/local/sbin/smbldap-useradd -a %u
add machine script = /usr/local/sbin/smbldap-useradd -w %u
logon script = logon.bat
logon path = \\%L\homes\.windows_profile
logon drive = Y:
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
ldap suffix = dc=xxx,dc=it
ldap machine suffix = ou=depart1,ou=Computers
ldap user suffix = ou=depart1,ou=People
ldap group suffix = ou=depart1,ou=Groups
ldap filter = ((uid=%u)(objectclass=sambaSamAccount))
ldap admin dn = cn=Manager,dc=uaf,dc=it
ldap ssl = no
printing = cups
veto files = /*.eml/*.nws/riched20.dll/*.{*}/

[netlogon]
path = /home/netlogon
browseable = No

[profiles]
path = /home/samba-ntprof
read only = No
create mask = 0600
directory mask = 0700
browseable = No

[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0640
directory mask = 0750
browseable = No

/etc/openldap/slap.conf

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 23:19:14 
kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema

# Define global ACLs to disable default read access.


pidfile /var/run/slapd/slapd.pid
argsfile/var/run/slapd/slapd.args



###
# ldbm database definitions
###

databaseldbm
suffix  dc=xxx,dc=it
rootdn  cn=Manager,dc=uaf,dc=it
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw  secret
# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory   /var/lib/ldap

# Indices to maintain
index   objectClass eq
index cn  pres,sub,eq
index sn  pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber   eq
index gidNumber   eq
index memberUid   eq
index   sambaSID  eq
index   sambaPrimaryGroupSID  eq
index   sambaDomainName   eq
index   default   sub

/etc/smbtools/smbtools.conf

# $Source: /opt/cvs/samba/smbldap-tools/smbldap.conf,v $
# $Id: smbldap.conf,v 1.2 2004/01/14 22:24:44 jtournier Exp $
#
# smbldap-tools.conf : Q  D configuration file for smbldap-tools

#  This code was developped by 

Re: [Samba] problems on join domain on Samba3 + ldap

[Jérôme Tournier]

Le Fri, Feb 20, 2004 at 11:49:23AM +0100, Vanni Della Ricca a ecrit:
   add user script = /usr/local/sbin/smbldap-useradd -a %u
You do not have to set the '-a' option :
add user script = /usr/local/sbin/smbldap-useradd %u
Samba will add the sambaSAMAccount when joining the domain.

   ldap filter = ((uid=%u)(objectclass=sambaSamAccount))
Test without the 'ldap filter' directive ...

 userSmbHome=\\PDC-SMB3\homes
are you sure :)
  userSmbHome=\\SERVER-DEPARTMENT1\homes

Did you configured pam ?
-- 
Jérôme


pgp0.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] problems on join domain on Samba3 + ldap

[Vanni Della Ricca]

Alle 12:25, venerdì 20 febbraio 2004, Jérôme Tournier ha scritto:


 You do not have to set the '-a' option :
   add user script = /usr/local/sbin/smbldap-useradd %u
 Samba will add the sambaSAMAccount when joining the domain.
this entry is for userScript when I join a in domain Samba call 
add macchine script. 

  ldap filter = ((uid=%u)(objectclass=sambaSamAccount))

 Test without the 'ldap filter' directive ...
i have try this without changes :(

 Did you configured pam ?
Yes i did
-- 
***
* Un Anello per domarli,Un Anello per trovarli
* Un Anello per ghermirli e nel buio incatenarli
*   (J.R.R. Tolkien) 
***
   
* E-Mail: [EMAIL PROTECTED]
*
* ICQ:   43066840
* PGP_KEY
* http://tagliamento.sci.uniud.it/~dricca/vanni.asc
***



pgp0.pgp
Description: signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba