On Thu, 2005-07-21 at 17:05 +0200, Leonardo Pugliesi wrote:
>Adam Stokes ha scritto:
>
>
>
>>On Thu, 2005-07-21 at 15:44 +0200, Leonardo Pugliesi wrote:
>>
>>
>>
>>
>>>Adam Stokes ha scritto:
>>>
>>>
>>>
>>>
>>>
>>>>On Thu, 2005-07-21 at 10:36 +0200, Leonardo Pugliesi wrote:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>Adam Stokes ha scritto:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>>>Leon,
>>>>>>>>
>>>>>>>>I think since you have an administrator account set
already, do
>>>>>>>>
>>>>>>>>smbpasswd Adminsitrator
>>>>>>>>
>>>>>>>>the '-a' switch tells samba to add that user
without it will just change
>>>>>>>>the password and add the appropriate entries to directory
server
>>>>>>>>
>>>>>>>>--
>>>>>>>>Fedora-directory-users mailing list
>>>>>>>>Fedora-directory-users(a)redhat.com
>>>>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>if i use "smbpasswd Administrator" i get:
>>>>>>>_______________________________
>>>>>>>[root@fedorac4 ~]# smbpasswd Administrator
>>>>>>>New SMB password:
>>>>>>>Retype new SMB password:
>>>>>>>Failed to find entry for user administrator.
>>>>>>>Failed to modify password entry for user administrator
>>>>>>>[root@fedorac4 ~]#
>>>>>>>_______________________________
>>>>>>>so it seems that i can't add Administrator because the
entry alredy
>>>>>>>exists, but i can't modify it because it doesn't
exists.....
>>>>>>>am i missing something :-)
>>>>>>>
>>>>>>>thanx
>>>>>>>
>>>>>>>--
>>>>>>>Fedora-directory-users mailing list
>>>>>>>Fedora-directory-users(a)redhat.com
>>>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>What does your smb.conf look like? Also is there anything in the
samba
>>>>>>logs?
>>>>>>
>>>>>>--
>>>>>>Fedora-directory-users mailing list
>>>>>>Fedora-directory-users(a)redhat.com
>>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>This is smb.conf (global section):
>>>>>
>>>>>[global]
>>>>> workgroup = FEDORAC4
>>>>> username map = /etc/samba/smbusers
>>>>> enable privileges = yes
>>>>> server string = Samba Server %v
>>>>> security = user
>>>>> encrypt passwords = Yes
>>>>> min passwd length = 3
>>>>> obey pam restrictions = No
>>>>> ldap passwd sync = Yes
>>>>> #unix password sync = Yes
>>>>> passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u
>>>>> #passwd chat = "Changing password for*\nNew password*"
%n\n "*Retype new password*" %n\n"
>>>>> ldap passwd sync = Yes
>>>>> log level = 0
>>>>> syslog = 0
>>>>> log file = /var/log/samba/log.%m
>>>>> max log size = 100000
>>>>> time server = Yes
>>>>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>>>> mangling method = hash2
>>>>> Dos charset = 850
>>>>> Unix charset = ISO8859-1
>>>>> logon script = logon.bat
>>>>> logon drive = H:
>>>>> logon home =
>>>>> logon path =
>>>>> domain logons = Yes
>>>>> os level = 65
>>>>> preferred master = Yes
>>>>> domain master = Yes
>>>>> wins support = Yes
>>>>> passdb backend = ldapsam:ldap://fedorac4.localdomain
>>>>> #passdb backend = ldap:ldap://fedorac4.localdomain
>>>>> # passdb backend = ldapsam:"ldap://127.0.0.1/
ldap://slave.idealx.com"
>>>>> ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
>>>>> ldap admin dn = cn=Directory Manager
>>>>> ldap suffix = dc=localdomain
>>>>> ldap group suffix = ou=Groups
>>>>> ldap user suffix = ou=People
>>>>> ldap machine suffix = ou=Computers
>>>>> ldap idmap suffix = ou=Users
>>>>> #ldap ssl = start tls
>>>>> add user script = /opt/IDEALX/sbin/smbldap-useradd -m
"%u"
>>>>> ldap delete dn = Yes
>>>>> #delete user script = /opt/IDEALX/sbin/smbldap-userdel
"%u"
>>>>> add machine script = /opt/IDEALX/sbin/smbldap-useradd -w
"%u"
>>>>> add group script = /opt/IDEALX/sbin/smbldap-groupadd -p
"%g"
>>>>> #delete group script = /opt/IDEALX/sbin/smbldap-groupdel
"%g"
>>>>> add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m
"%u" "%g"
>>>>> delete user from group script =
/opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"
>>>>> set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g
"%g" "%u"
>>>>>
>>>>>
>>>>>samba logs is empty
>>>>>Leon
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>--
>>>>>Fedora-directory-users mailing list
>>>>>Fedora-directory-users(a)redhat.com
>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>Not sure at this point, looks like you are using idealx scripts for some
>>>>of the administration maybe they created the admin account?
>>>>
>>>>--
>>>>Fedora-directory-users mailing list
>>>>Fedora-directory-users(a)redhat.com
>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>the entry "Administrator.... " has been created with the ldif2ldap
>>>method, as shown in the how-to.
>>>the problem, in my opinion, is that if i use "smbldap-usershow
>>>Administrator" i get the right entry:
>>>
>>>_____________________________
>>>[root@fedorac4 ~]# /opt/IDEALX/sbin/smbldap-usershow Administrator
>>>dn: uid=Administrator,ou=People,dc=localdomain
>>>uid: Administrator
>>>cn: Samba Admin
>>>givenName: Samba
>>>sn: Admin
>>>mail: Administrator@localdomain
>>>objectClass: person,organizationalPerson,inetOrgPerson,posixAccount,top
>>>loginShell: /bin/bash
>>>uidNumber: 0
>>>gidNumber: 0
>>>homeDirectory: /root
>>>gecos: Samba Admin
>>>userPassword: {SSHA}2b/re4djmAJmmNCWnJmKcJLGlCRqdGdU
>>>_____________________________
>>>
>>>if i use "ldapsearch -x -Z '(uid=Administrator)' i get the right
entry,
>>>i suppose the same entry found with the other command:
>>>____________________
>>>[root@fedorac4 ~]# ldapsearch -x -Z '(uid=Administrator)'
>>>ldap_start_tls: Protocol error (2)
>>> additional info: unsupported extended operation
>>># extended LDIF
>>>#
>>># LDAPv3
>>># base <> with scope sub
>>># filter: (uid=Administrator)
>>># requesting: ALL
>>>#
>>>
>>># Administrator, People, localdomain
>>>dn: uid=Administrator,ou=People,dc=localdomain
>>>uid: Administrator
>>>cn: Samba Admin
>>>givenName: Samba
>>>sn: Admin
>>>mail: Administrator@localdomain
>>>objectClass: person
>>>objectClass: organizationalPerson
>>>objectClass: inetOrgPerson
>>>objectClass: posixAccount
>>>objectClass: top
>>>loginShell: /bin/bash
>>>uidNumber: 0
>>>gidNumber: 0
>>>homeDirectory: /root
>>>gecos: Samba Admin
>>>
>>># search result
>>>search: 3
>>>result: 0 Success
>>>
>>># numResponses: 2
>>># numEntries: 1
>>>[root@fedorac4 ~]#
>>>_________________________________________-
>>>
>>>i suppose the two command give me the same entry because sghould be
>>>querying the same database......
>>>
>>>if i use pdbedit -u Administrator
>>>i get
>>>_________________
>>>[root@fedorac4 ~]# pdbedit -u Administrator
>>>Username not found!
>>>[root@fedorac4 ~]#
>>>_________________
>>>
>>>so if only samba related commands seem not to work properly perhaps the
>>>problem is in samba configuration,
>>>but in the guides downloaded from the website i didn't found how to
>>>configure the part of the file for what concern the scripts of entries
>>>managemant such as adding users, machine, etc......
>>>what should i do now?
>>>
>>>bye leon
>>>
>>>
>>>--
>>>Fedora-directory-users mailing list
>>>Fedora-directory-users(a)redhat.com
>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>>
>>>
>>>
>>This is what the administrator entry should look like :
>>
>>[root@directory alias]# ldapsearch -x -ZZ '(uid=administrator)'
>># extended LDIF
>>#
>># LDAPv3
>># base <> with scope sub
>># filter: (uid=administrator)
>># requesting: ALL
>>#
>>
>># Administrator, People,
gsslab.rdu.redhat.com
>>dn: uid=Administrator,ou=People,dc=gsslab,dc=rdu,dc=redhat,dc=com
>>uid: Administrator
>>cn: Samba Administrator
>>objectClass: account
>>objectClass: posixAccount
>>objectClass: top
>>objectClass: sambaSamAccount
>>loginShell: /bin/bish
>>uidNumber: 0
>>gidNumber: 0
>>homeDirectory: /root
>>gecos: Samba Administrator
>>sambaSID: S-1-5-21-1803520230-1543781662-649387223-1000
>>sambaPrimaryGroupSID: S-1-5-21-1803520230-1543781662-649387223-1001
>>displayName: Samba Administrator
>>sambaPwdCanChange: 1120750967
>>sambaPwdMustChange: 2147483647
>>sambaLMPassword: CFA95C51F11AB11DC2265B23734E0DAC
>>sambaNTPassword: B2D88A4A9B0DAEE170E75F67D54918F6
>>sambaPasswordHistory:
>>00000000000000000000000000000000000000000000000000000000
>>00000000
>>sambaPwdLastSet: 1120750967
>>sambaAcctFlags: [U ]
>>
>># search result
>>search: 3
>>result: 0 Success
>>
>># numResponses: 2
>># numEntries: 1
>>
>>So it looks like perhaps the administrator account needs the objectclass
>>sambaSamAccount added to the entry manually then you should be able to
>>proceed
>>
>>--
>>Fedora-directory-users mailing list
>>Fedora-directory-users(a)redhat.com
>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>
>>
>>
>>
>i removed all the references to smbldap-tools in the smb.conf and now
>things seems to work better...
>i beg your pardon for this mistake but i thought that samba would
>interact with ldap through that tools.
>now, for example, when i join a machine to the domain who is in charge
>of adding the correct entry in ldap database without smbladp-tools?
>
>thanks,
>leon
>
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users(a)redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
Unfortunately, it has to be done manually without the proper ldap
tools.. I haven't gotten that far in testing just a preliminary how-to
for this.
IDEALX scripts do work with openldap again I haven't tested with FDS. My
suggestion to you or someone who is good in C is to write a plugin for
FDS probably a Pre-operation plugin to allow for the adding/removing of
entries in the FDS db.
More information on plugins can be found :
http://directory.fedora.redhat.com/wiki/Plugins
Sorry I couldn't be of further assistance
thanks
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
now i have to users configured in ldap: testuser and admnistrator (as u
do in the how-to)
when i try to enter in a samba share with testuser i have no problems
but if i use administrator and its password i can't enter,
is this normal?
thanx,
leon