[Fedora-directory-users] Samba and FDS 7.1 on Fedora Core 4 Error
Adam Stokes
astokes at redhat.com
Thu Jul 21 15:37:11 UTC 2005
On Thu, 2005-07-21 at 17:05 +0200, Leonardo Pugliesi wrote:
> Adam Stokes ha scritto:
>
> >On Thu, 2005-07-21 at 15:44 +0200, Leonardo Pugliesi wrote:
> >
> >
> >>Adam Stokes ha scritto:
> >>
> >>
> >>
> >>>On Thu, 2005-07-21 at 10:36 +0200, Leonardo Pugliesi wrote:
> >>>
> >>>
> >>>
> >>>
> >>>>Adam Stokes ha scritto:
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>>>Leon,
> >>>>>>>
> >>>>>>>I think since you have an administrator account set already, do
> >>>>>>>
> >>>>>>>smbpasswd Adminsitrator
> >>>>>>>
> >>>>>>>the '-a' switch tells samba to add that user without it will just change
> >>>>>>>the password and add the appropriate entries to directory server
> >>>>>>>
> >>>>>>>--
> >>>>>>>Fedora-directory-users mailing list
> >>>>>>>Fedora-directory-users at redhat.com
> >>>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>if i use "smbpasswd Administrator" i get:
> >>>>>>_______________________________
> >>>>>>[root at fedorac4 ~]# smbpasswd Administrator
> >>>>>>New SMB password:
> >>>>>>Retype new SMB password:
> >>>>>>Failed to find entry for user administrator.
> >>>>>>Failed to modify password entry for user administrator
> >>>>>>[root at fedorac4 ~]#
> >>>>>>_______________________________
> >>>>>>so it seems that i can't add Administrator because the entry alredy
> >>>>>>exists, but i can't modify it because it doesn't exists.....
> >>>>>>am i missing something :-)
> >>>>>>
> >>>>>>thanx
> >>>>>>
> >>>>>>--
> >>>>>>Fedora-directory-users mailing list
> >>>>>>Fedora-directory-users at redhat.com
> >>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>What does your smb.conf look like? Also is there anything in the samba
> >>>>>logs?
> >>>>>
> >>>>>--
> >>>>>Fedora-directory-users mailing list
> >>>>>Fedora-directory-users at redhat.com
> >>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>This is smb.conf (global section):
> >>>>
> >>>>[global]
> >>>> workgroup = FEDORAC4
> >>>> username map = /etc/samba/smbusers
> >>>> enable privileges = yes
> >>>> server string = Samba Server %v
> >>>> security = user
> >>>> encrypt passwords = Yes
> >>>> min passwd length = 3
> >>>> obey pam restrictions = No
> >>>> ldap passwd sync = Yes
> >>>> #unix password sync = Yes
> >>>> passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u
> >>>> #passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n"
> >>>> ldap passwd sync = Yes
> >>>> log level = 0
> >>>> syslog = 0
> >>>> log file = /var/log/samba/log.%m
> >>>> max log size = 100000
> >>>> time server = Yes
> >>>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> >>>> mangling method = hash2
> >>>> Dos charset = 850
> >>>> Unix charset = ISO8859-1
> >>>> logon script = logon.bat
> >>>> logon drive = H:
> >>>> logon home =
> >>>> logon path =
> >>>> domain logons = Yes
> >>>> os level = 65
> >>>> preferred master = Yes
> >>>> domain master = Yes
> >>>> wins support = Yes
> >>>> passdb backend = ldapsam:ldap://fedorac4.localdomain
> >>>> #passdb backend = ldap:ldap://fedorac4.localdomain
> >>>> # passdb backend = ldapsam:"ldap://127.0.0.1/ ldap://slave.idealx.com"
> >>>> ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
> >>>> ldap admin dn = cn=Directory Manager
> >>>> ldap suffix = dc=localdomain
> >>>> ldap group suffix = ou=Groups
> >>>> ldap user suffix = ou=People
> >>>> ldap machine suffix = ou=Computers
> >>>> ldap idmap suffix = ou=Users
> >>>> #ldap ssl = start tls
> >>>> add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"
> >>>> ldap delete dn = Yes
> >>>> #delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"
> >>>> add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u"
> >>>> add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"
> >>>> #delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g"
> >>>> add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"
> >>>> delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"
> >>>> set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u"
> >>>>
> >>>>
> >>>>samba logs is empty
> >>>>Leon
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>--
> >>>>Fedora-directory-users mailing list
> >>>>Fedora-directory-users at redhat.com
> >>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>>>
> >>>>
> >>>>
> >>>>
> >>>Not sure at this point, looks like you are using idealx scripts for some
> >>>of the administration maybe they created the admin account?
> >>>
> >>>--
> >>>Fedora-directory-users mailing list
> >>>Fedora-directory-users at redhat.com
> >>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>>
> >>>
> >>>
> >>>
> >>>
> >>the entry "Administrator.... " has been created with the ldif2ldap
> >>method, as shown in the how-to.
> >>the problem, in my opinion, is that if i use "smbldap-usershow
> >>Administrator" i get the right entry:
> >>
> >>_____________________________
> >>[root at fedorac4 ~]# /opt/IDEALX/sbin/smbldap-usershow Administrator
> >>dn: uid=Administrator,ou=People,dc=localdomain
> >>uid: Administrator
> >>cn: Samba Admin
> >>givenName: Samba
> >>sn: Admin
> >>mail: Administrator at localdomain
> >>objectClass: person,organizationalPerson,inetOrgPerson,posixAccount,top
> >>loginShell: /bin/bash
> >>uidNumber: 0
> >>gidNumber: 0
> >>homeDirectory: /root
> >>gecos: Samba Admin
> >>userPassword: {SSHA}2b/re4djmAJmmNCWnJmKcJLGlCRqdGdU
> >>_____________________________
> >>
> >>if i use "ldapsearch -x -Z '(uid=Administrator)' i get the right entry,
> >>i suppose the same entry found with the other command:
> >>____________________
> >>[root at fedorac4 ~]# ldapsearch -x -Z '(uid=Administrator)'
> >>ldap_start_tls: Protocol error (2)
> >> additional info: unsupported extended operation
> >># extended LDIF
> >>#
> >># LDAPv3
> >># base <> with scope sub
> >># filter: (uid=Administrator)
> >># requesting: ALL
> >>#
> >>
> >># Administrator, People, localdomain
> >>dn: uid=Administrator,ou=People,dc=localdomain
> >>uid: Administrator
> >>cn: Samba Admin
> >>givenName: Samba
> >>sn: Admin
> >>mail: Administrator at localdomain
> >>objectClass: person
> >>objectClass: organizationalPerson
> >>objectClass: inetOrgPerson
> >>objectClass: posixAccount
> >>objectClass: top
> >>loginShell: /bin/bash
> >>uidNumber: 0
> >>gidNumber: 0
> >>homeDirectory: /root
> >>gecos: Samba Admin
> >>
> >># search result
> >>search: 3
> >>result: 0 Success
> >>
> >># numResponses: 2
> >># numEntries: 1
> >>[root at fedorac4 ~]#
> >>_________________________________________-
> >>
> >>i suppose the two command give me the same entry because sghould be
> >>querying the same database......
> >>
> >>if i use pdbedit -u Administrator
> >>i get
> >>_________________
> >>[root at fedorac4 ~]# pdbedit -u Administrator
> >>Username not found!
> >>[root at fedorac4 ~]#
> >>_________________
> >>
> >>so if only samba related commands seem not to work properly perhaps the
> >>problem is in samba configuration,
> >>but in the guides downloaded from the website i didn't found how to
> >>configure the part of the file for what concern the scripts of entries
> >>managemant such as adding users, machine, etc......
> >>what should i do now?
> >>
> >>bye leon
> >>
> >>
> >>--
> >>Fedora-directory-users mailing list
> >>Fedora-directory-users at redhat.com
> >>https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>
> >>
> >
> >This is what the administrator entry should look like :
> >
> >[root at directory alias]# ldapsearch -x -ZZ '(uid=administrator)'
> ># extended LDIF
> >#
> ># LDAPv3
> ># base <> with scope sub
> ># filter: (uid=administrator)
> ># requesting: ALL
> >#
> >
> ># Administrator, People, gsslab.rdu.redhat.com
> >dn: uid=Administrator,ou=People,dc=gsslab,dc=rdu,dc=redhat,dc=com
> >uid: Administrator
> >cn: Samba Administrator
> >objectClass: account
> >objectClass: posixAccount
> >objectClass: top
> >objectClass: sambaSamAccount
> >loginShell: /bin/bish
> >uidNumber: 0
> >gidNumber: 0
> >homeDirectory: /root
> >gecos: Samba Administrator
> >sambaSID: S-1-5-21-1803520230-1543781662-649387223-1000
> >sambaPrimaryGroupSID: S-1-5-21-1803520230-1543781662-649387223-1001
> >displayName: Samba Administrator
> >sambaPwdCanChange: 1120750967
> >sambaPwdMustChange: 2147483647
> >sambaLMPassword: CFA95C51F11AB11DC2265B23734E0DAC
> >sambaNTPassword: B2D88A4A9B0DAEE170E75F67D54918F6
> >sambaPasswordHistory:
> >00000000000000000000000000000000000000000000000000000000
> > 00000000
> >sambaPwdLastSet: 1120750967
> >sambaAcctFlags: [U ]
> >
> ># search result
> >search: 3
> >result: 0 Success
> >
> ># numResponses: 2
> ># numEntries: 1
> >
> >So it looks like perhaps the administrator account needs the objectclass
> >sambaSamAccount added to the entry manually then you should be able to
> >proceed
> >
> >--
> >Fedora-directory-users mailing list
> >Fedora-directory-users at redhat.com
> >https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
> >
> >
> i removed all the references to smbldap-tools in the smb.conf and now
> things seems to work better...
> i beg your pardon for this mistake but i thought that samba would
> interact with ldap through that tools.
> now, for example, when i join a machine to the domain who is in charge
> of adding the correct entry in ldap database without smbladp-tools?
>
> thanks,
> leon
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
Unfortunately, it has to be done manually without the proper ldap
tools.. I haven't gotten that far in testing just a preliminary how-to
for this.
IDEALX scripts do work with openldap again I haven't tested with FDS. My
suggestion to you or someone who is good in C is to write a plugin for
FDS probably a Pre-operation plugin to allow for the adding/removing of
entries in the FDS db.
More information on plugins can be found :
http://directory.fedora.redhat.com/wiki/Plugins
Sorry I couldn't be of further assistance
thanks
More information about the 389-users
mailing list