On Thu, 2005-07-21 at 15:44 +0200, Leonardo Pugliesi wrote:
>Adam Stokes ha scritto:
>
>
>
>>On Thu, 2005-07-21 at 10:36 +0200, Leonardo Pugliesi wrote:
>>
>>
>>
>>
>>>Adam Stokes ha scritto:
>>>
>>>
>>>
>>>
>>>
>>>>>>Leon,
>>>>>>
>>>>>>I think since you have an administrator account set already, do
>>>>>>
>>>>>>smbpasswd Adminsitrator
>>>>>>
>>>>>>the '-a' switch tells samba to add that user without it
will just change
>>>>>>the password and add the appropriate entries to directory server
>>>>>>
>>>>>>--
>>>>>>Fedora-directory-users mailing list
>>>>>>Fedora-directory-users(a)redhat.com
>>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>if i use "smbpasswd Administrator" i get:
>>>>>_______________________________
>>>>>[root@fedorac4 ~]# smbpasswd Administrator
>>>>>New SMB password:
>>>>>Retype new SMB password:
>>>>>Failed to find entry for user administrator.
>>>>>Failed to modify password entry for user administrator
>>>>>[root@fedorac4 ~]#
>>>>>_______________________________
>>>>>so it seems that i can't add Administrator because the entry
alredy
>>>>>exists, but i can't modify it because it doesn't exists.....
>>>>>am i missing something :-)
>>>>>
>>>>>thanx
>>>>>
>>>>>--
>>>>>Fedora-directory-users mailing list
>>>>>Fedora-directory-users(a)redhat.com
>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>What does your smb.conf look like? Also is there anything in the samba
>>>>logs?
>>>>
>>>>--
>>>>Fedora-directory-users mailing list
>>>>Fedora-directory-users(a)redhat.com
>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>This is smb.conf (global section):
>>>
>>>[global]
>>> workgroup = FEDORAC4
>>> username map = /etc/samba/smbusers
>>> enable privileges = yes
>>> server string = Samba Server %v
>>> security = user
>>> encrypt passwords = Yes
>>> min passwd length = 3
>>> obey pam restrictions = No
>>> ldap passwd sync = Yes
>>> #unix password sync = Yes
>>> passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u
>>> #passwd chat = "Changing password for*\nNew password*" %n\n
"*Retype new password*" %n\n"
>>> ldap passwd sync = Yes
>>> log level = 0
>>> syslog = 0
>>> log file = /var/log/samba/log.%m
>>> max log size = 100000
>>> time server = Yes
>>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>> mangling method = hash2
>>> Dos charset = 850
>>> Unix charset = ISO8859-1
>>> logon script = logon.bat
>>> logon drive = H:
>>> logon home =
>>> logon path =
>>> domain logons = Yes
>>> os level = 65
>>> preferred master = Yes
>>> domain master = Yes
>>> wins support = Yes
>>> passdb backend = ldapsam:ldap://fedorac4.localdomain
>>> #passdb backend = ldap:ldap://fedorac4.localdomain
>>> # passdb backend = ldapsam:"ldap://127.0.0.1/
ldap://slave.idealx.com"
>>> ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
>>> ldap admin dn = cn=Directory Manager
>>> ldap suffix = dc=localdomain
>>> ldap group suffix = ou=Groups
>>> ldap user suffix = ou=People
>>> ldap machine suffix = ou=Computers
>>> ldap idmap suffix = ou=Users
>>> #ldap ssl = start tls
>>> add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"
>>> ldap delete dn = Yes
>>> #delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"
>>> add machine script = /opt/IDEALX/sbin/smbldap-useradd -w
"%u"
>>> add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"
>>> #delete group script = /opt/IDEALX/sbin/smbldap-groupdel
"%g"
>>> add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m
"%u" "%g"
>>> delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x
"%u" "%g"
>>> set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g
"%g" "%u"
>>>
>>>
>>>samba logs is empty
>>>Leon
>>>
>>>
>>>
>>>
>>>--
>>>Fedora-directory-users mailing list
>>>Fedora-directory-users(a)redhat.com
>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>>
>>>
>>>
>>Not sure at this point, looks like you are using idealx scripts for some
>>of the administration maybe they created the admin account?
>>
>>--
>>Fedora-directory-users mailing list
>>Fedora-directory-users(a)redhat.com
>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>
>>
>>
>>
>the entry "Administrator.... " has been created with the ldif2ldap
>method, as shown in the how-to.
>the problem, in my opinion, is that if i use "smbldap-usershow
>Administrator" i get the right entry:
>
>_____________________________
>[root@fedorac4 ~]# /opt/IDEALX/sbin/smbldap-usershow Administrator
>dn: uid=Administrator,ou=People,dc=localdomain
>uid: Administrator
>cn: Samba Admin
>givenName: Samba
>sn: Admin
>mail: Administrator@localdomain
>objectClass: person,organizationalPerson,inetOrgPerson,posixAccount,top
>loginShell: /bin/bash
>uidNumber: 0
>gidNumber: 0
>homeDirectory: /root
>gecos: Samba Admin
>userPassword: {SSHA}2b/re4djmAJmmNCWnJmKcJLGlCRqdGdU
>_____________________________
>
>if i use "ldapsearch -x -Z '(uid=Administrator)' i get the right entry,
>i suppose the same entry found with the other command:
>____________________
>[root@fedorac4 ~]# ldapsearch -x -Z '(uid=Administrator)'
>ldap_start_tls: Protocol error (2)
> additional info: unsupported extended operation
># extended LDIF
>#
># LDAPv3
># base <> with scope sub
># filter: (uid=Administrator)
># requesting: ALL
>#
>
># Administrator, People, localdomain
>dn: uid=Administrator,ou=People,dc=localdomain
>uid: Administrator
>cn: Samba Admin
>givenName: Samba
>sn: Admin
>mail: Administrator@localdomain
>objectClass: person
>objectClass: organizationalPerson
>objectClass: inetOrgPerson
>objectClass: posixAccount
>objectClass: top
>loginShell: /bin/bash
>uidNumber: 0
>gidNumber: 0
>homeDirectory: /root
>gecos: Samba Admin
>
># search result
>search: 3
>result: 0 Success
>
># numResponses: 2
># numEntries: 1
>[root@fedorac4 ~]#
>_________________________________________-
>
>i suppose the two command give me the same entry because sghould be
>querying the same database......
>
>if i use pdbedit -u Administrator
>i get
>_________________
>[root@fedorac4 ~]# pdbedit -u Administrator
>Username not found!
>[root@fedorac4 ~]#
>_________________
>
>so if only samba related commands seem not to work properly perhaps the
>problem is in samba configuration,
>but in the guides downloaded from the website i didn't found how to
>configure the part of the file for what concern the scripts of entries
>managemant such as adding users, machine, etc......
>what should i do now?
>
>bye leon
>
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users(a)redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
This is what the administrator entry should look like :
[root@directory alias]# ldapsearch -x -ZZ '(uid=administrator)'
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (uid=administrator)
# requesting: ALL
#
# Administrator, People,
gsslab.rdu.redhat.com
dn: uid=Administrator,ou=People,dc=gsslab,dc=rdu,dc=redhat,dc=com
uid: Administrator
cn: Samba Administrator
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: sambaSamAccount
loginShell: /bin/bish
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: Samba Administrator
sambaSID: S-1-5-21-1803520230-1543781662-649387223-1000
sambaPrimaryGroupSID: S-1-5-21-1803520230-1543781662-649387223-1001
displayName: Samba Administrator
sambaPwdCanChange: 1120750967
sambaPwdMustChange: 2147483647
sambaLMPassword: CFA95C51F11AB11DC2265B23734E0DAC
sambaNTPassword: B2D88A4A9B0DAEE170E75F67D54918F6
sambaPasswordHistory:
00000000000000000000000000000000000000000000000000000000
00000000
sambaPwdLastSet: 1120750967
sambaAcctFlags: [U ]
# search result
search: 3
result: 0 Success
# numResponses: 2
# numEntries: 1
So it looks like perhaps the administrator account needs the objectclass
sambaSamAccount added to the entry manually then you should be able to
proceed
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
i removed all the references to smbldap-tools in the smb.conf and now
things seems to work better...
i beg your pardon for this mistake but i thought that samba would
interact with ldap through that tools.
now, for example, when i join a machine to the domain who is in charge
of adding the correct entry in ldap database without smbladp-tools?
thanks,
leon