[Fedora-directory-users] can't lookup UNIX group Domain Admins

Craig White craigwhite at azapple.com
Sat Dec 16 16:30:57 UTC 2006 

On Fri, 2006-12-15 at 22:24 -0800, listman wrote:
> >> On Fri, 2006-12-15 at 16:35 -0800, listman wrote:
> >>> Can some one please point me in the right direction to fix this? I’ve
> >>> searched samba group and the only thing I can find is something about
> >>> having the right scripts but they don’t tell you where to get them or
> >>> how
> >>> to run them.
> >>> Any help would be greatly appreciated.
> >> ----
> >> sounds like you are looking for smbldap-tools from idealx
> >>
> >> Perhaps you are using packaging from a distribution that offers these
> >> tools or start here if that is indeed what you are looking for...
> >>
> >> http://sourceforge.net/projects/smbldap-tools
> >>
> >> Craig
> >>
> > Thanks Craig
> > That does explain the scripts that I read about but it's not helping my
> > problem any.
> > I'm going through the samba doc on the FDS site and keep running into
> > problems here and no one seems to know the answer. I have installed
> > everything I need, configurd samba, ldap, bind, and everything else
> > refrenced from the FDS site. I'm missing something thats isn't covered on
> > the site but I dont know enough to figure out what it is. Heres my
> > smb.conf file if that helps any..
> >
> > [global]
> > workgroup = DEPFYFFER
> > security = user
> > passdb backend = ldapsam:ldap://depfyffer.com
> > ldap admin dn = cn=Directory Manager
> > ldap suffix = dc=depfyffer,dc=com
> > ldap user suffix = ou=People
> > ldap machine suffix = ou=Computers
> > ldap group suffix = ou=Groups
> >
> > add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
> > add user script = /usr/local/sbin/smbldap-useradd -m "%u"
> > ldap delete dn = Yes
> > #delete user script = /usr/local/sbin/smbldap-userdel "%u"
> > add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
> > #delete group script = /usr/local/sbin/smbldap-groupdel "%g"
> > add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
> > delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u"
> > "%g"
> > set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
> > add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
> >
> > log file = /var/log/%m.log
> > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> >
> > os level = 33
> > domain logons = yes
> > domain master = yes
> > local master = yes
> > preferred master = yes
> >
> > wins support = yes
> >
> > logon home = \\%L\%u\profiles
> > logon path = \\%L\profiles\%u
> > logon drive = H:
> >
> > template shell = /bin/false
> > winbind use default domain = no
> >
> > [netlogon]
> > path = /var/lib/samba/netlogon
> > read only = yes
> > browsable = no
> >
> > [profiles]
> > path = /var/lib/samba/profiles
> > read only = no
> > create mask = 0600
> > directory mask = 0700
> >
> > [homes]
> > browsable = no
> > writable = yes
> >
> 
> This may help also??
> 
> [root at depfyffer log]# smbpasswd -D 10 -a -m
> Netbios name list:-
> my_netbios_names[0]="DEPFYFFER"
> Attempting to register passdb backend ldapsam
> Successfully added passdb backend 'ldapsam'
> Attempting to register passdb backend ldapsam_compat
> Successfully added passdb backend 'ldapsam_compat'
> Attempting to register passdb backend NDS_ldapsam
> Successfully added passdb backend 'NDS_ldapsam'
> Attempting to register passdb backend NDS_ldapsam_compat
> Successfully added passdb backend 'NDS_ldapsam_compat'
> Attempting to register passdb backend smbpasswd
> Successfully added passdb backend 'smbpasswd'
> Attempting to register passdb backend tdbsam
> Successfully added passdb backend 'tdbsam'
> Attempting to find an passdb backend to match ldapsam:ldap://depfyffer.com
> (ldapsam)
> Found pdb backend ldapsam
> smbldap_search_domain_info: Searching
> for:[(&(objectClass=sambaDomain)(sambaDomainName=DEPFYFFER))]
> smbldap_search_ext: base => [dc=depfyffer,dc=com], filter =>
> [(&(objectClass=sambaDomain)(sambaDomainName=DEPFYFFER))], scope => [2]
> The connection to the LDAP server was closed
> smb_ldap_setup_connection: ldap://depfyffer.com
> smbldap_open_connection: connection opened
> ldap_connect_system: Binding to ldap server ldap://depfyffer.com as
> "cn=Directory Manager"
> ldap_connect_system: succesful connection to the LDAP server
> ldap_connect_system: LDAP server does not support paged results
> The LDAP server is succesfully connected
> smbldap_get_single_attribute: [sambaAlgorithmicRidBase] = [<does not exist>]
> pdb backend ldapsam:ldap://depfyffer.com has a valid init
> smbldap_search_ext: base => [dc=depfyffer,dc=com], filter =>
> [(&(uid=root$)(objectclass=sambaSamAccount))], scope => [2]
> ldapsam_getsampwnam: Unable to locate user [root$] count=0
> Failed to modify password entry for user root$
----
assuming that you have installed smbldap-tools installed and configured
properly (assuming facts not in evidence from the above), you would need
to run smblpdap_populate which will automatically populate your LDAP
with the needed configuration entries for Samba to work properly.

Official Samba documentation lists the idealx tools (smbldap-tools)
information here...
http://samba.org/samba/docs/man/Samba-Guide/happy.html#sbeidealx

and consider this section on making happy users...
http://samba.org/samba/docs/man/Samba-Guide/happy.html#id2574922

Craig

More information about the 389-users mailing list