On Thu, 2005-07-21 at 15:44 +0200, Leonardo Pugliesi wrote: > Adam Stokes ha scritto: > > >On Thu, 2005-07-21 at 10:36 +0200, Leonardo Pugliesi wrote: > > > > > >>Adam Stokes ha scritto: > >> > >> > >> > >>>>>Leon, > >>>>> > >>>>>I think since you have an administrator account set already, do > >>>>> > >>>>>smbpasswd Adminsitrator > >>>>> > >>>>>the '-a' switch tells samba to add that user without it will just change > >>>>>the password and add the appropriate entries to directory server > >>>>> > >>>>>-- > >>>>>Fedora-directory-users mailing list > >>>>>Fedora-directory-users at redhat.com > >>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>if i use "smbpasswd Administrator" i get: > >>>>_______________________________ > >>>>[root at fedorac4 ~]# smbpasswd Administrator > >>>>New SMB password: > >>>>Retype new SMB password: > >>>>Failed to find entry for user administrator. > >>>>Failed to modify password entry for user administrator > >>>>[root at fedorac4 ~]# > >>>>_______________________________ > >>>>so it seems that i can't add Administrator because the entry alredy > >>>>exists, but i can't modify it because it doesn't exists..... > >>>>am i missing something :-) > >>>> > >>>>thanx > >>>> > >>>>-- > >>>>Fedora-directory-users mailing list > >>>>Fedora-directory-users at redhat.com > >>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users > >>>> > >>>> > >>>> > >>>> > >>>What does your smb.conf look like? Also is there anything in the samba > >>>logs? > >>> > >>>-- > >>>Fedora-directory-users mailing list > >>>Fedora-directory-users at redhat.com > >>>https://www.redhat.com/mailman/listinfo/fedora-directory-users > >>> > >>> > >>> > >>> > >>> > >>This is smb.conf (global section): > >> > >>[global] > >> workgroup = FEDORAC4 > >> username map = /etc/samba/smbusers > >> enable privileges = yes > >> server string = Samba Server %v > >> security = user > >> encrypt passwords = Yes > >> min passwd length = 3 > >> obey pam restrictions = No > >> ldap passwd sync = Yes > >> #unix password sync = Yes > >> passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u > >> #passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n" > >> ldap passwd sync = Yes > >> log level = 0 > >> syslog = 0 > >> log file = /var/log/samba/log.%m > >> max log size = 100000 > >> time server = Yes > >> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > >> mangling method = hash2 > >> Dos charset = 850 > >> Unix charset = ISO8859-1 > >> logon script = logon.bat > >> logon drive = H: > >> logon home = > >> logon path = > >> domain logons = Yes > >> os level = 65 > >> preferred master = Yes > >> domain master = Yes > >> wins support = Yes > >> passdb backend = ldapsam:ldap://fedorac4.localdomain > >> #passdb backend = ldap:ldap://fedorac4.localdomain > >> # passdb backend = ldapsam:"ldap://127.0.0.1/ ldap://slave.idealx.com"; > >> ldap filter = (&(objectclass=sambaSamAccount)(uid=%u)) > >> ldap admin dn = cn=Directory Manager > >> ldap suffix = dc=localdomain > >> ldap group suffix = ou=Groups > >> ldap user suffix = ou=People > >> ldap machine suffix = ou=Computers > >> ldap idmap suffix = ou=Users > >> #ldap ssl = start tls > >> add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u" > >> ldap delete dn = Yes > >> #delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u" > >> add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u" > >> add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g" > >> #delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g" > >> add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g" > >> delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g" > >> set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u" > >> > >> > >>samba logs is empty > >>Leon > >> > >> > >> > >> > >>-- > >>Fedora-directory-users mailing list > >>Fedora-directory-users at redhat.com > >>https://www.redhat.com/mailman/listinfo/fedora-directory-users > >> > >> > > > >Not sure at this point, looks like you are using idealx scripts for some > >of the administration maybe they created the admin account? > > > >-- > >Fedora-directory-users mailing list > >Fedora-directory-users at redhat.com > >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > the entry "Administrator.... " has been created with the ldif2ldap > method, as shown in the how-to. > the problem, in my opinion, is that if i use "smbldap-usershow > Administrator" i get the right entry: > > _____________________________ > [root at fedorac4 ~]# /opt/IDEALX/sbin/smbldap-usershow Administrator > dn: uid=Administrator,ou=People,dc=localdomain > uid: Administrator > cn: Samba Admin > givenName: Samba > sn: Admin > mail: Administrator at localdomain > objectClass: person,organizationalPerson,inetOrgPerson,posixAccount,top > loginShell: /bin/bash > uidNumber: 0 > gidNumber: 0 > homeDirectory: /root > gecos: Samba Admin > userPassword: {SSHA}2b/re4djmAJmmNCWnJmKcJLGlCRqdGdU > _____________________________ > > if i use "ldapsearch -x -Z '(uid=Administrator)' i get the right entry, > i suppose the same entry found with the other command: > ____________________ > [root at fedorac4 ~]# ldapsearch -x -Z '(uid=Administrator)' > ldap_start_tls: Protocol error (2) > additional info: unsupported extended operation > # extended LDIF > # > # LDAPv3 > # base <> with scope sub > # filter: (uid=Administrator) > # requesting: ALL > # > > # Administrator, People, localdomain > dn: uid=Administrator,ou=People,dc=localdomain > uid: Administrator > cn: Samba Admin > givenName: Samba > sn: Admin > mail: Administrator at localdomain > objectClass: person > objectClass: organizationalPerson > objectClass: inetOrgPerson > objectClass: posixAccount > objectClass: top > loginShell: /bin/bash > uidNumber: 0 > gidNumber: 0 > homeDirectory: /root > gecos: Samba Admin > > # search result > search: 3 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > [root at fedorac4 ~]# > _________________________________________- > > i suppose the two command give me the same entry because sghould be > querying the same database...... > > if i use pdbedit -u Administrator > i get > _________________ > [root at fedorac4 ~]# pdbedit -u Administrator > Username not found! > [root at fedorac4 ~]# > _________________ > > so if only samba related commands seem not to work properly perhaps the > problem is in samba configuration, > but in the guides downloaded from the website i didn't found how to > configure the part of the file for what concern the scripts of entries > managemant such as adding users, machine, etc...... > what should i do now? > > bye leon > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users This is what the administrator entry should look like : [root at directory alias]# ldapsearch -x -ZZ '(uid=administrator)' # extended LDIF # # LDAPv3 # base <> with scope sub # filter: (uid=administrator) # requesting: ALL # # Administrator, People, gsslab.rdu.redhat.com dn: uid=Administrator,ou=People,dc=gsslab,dc=rdu,dc=redhat,dc=com uid: Administrator cn: Samba Administrator objectClass: account objectClass: posixAccount objectClass: top objectClass: sambaSamAccount loginShell: /bin/bish uidNumber: 0 gidNumber: 0 homeDirectory: /root gecos: Samba Administrator sambaSID: S-1-5-21-1803520230-1543781662-649387223-1000 sambaPrimaryGroupSID: S-1-5-21-1803520230-1543781662-649387223-1001 displayName: Samba Administrator sambaPwdCanChange: 1120750967 sambaPwdMustChange: 2147483647 sambaLMPassword: CFA95C51F11AB11DC2265B23734E0DAC sambaNTPassword: B2D88A4A9B0DAEE170E75F67D54918F6 sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaPwdLastSet: 1120750967 sambaAcctFlags: [U ] # search result search: 3 result: 0 Success # numResponses: 2 # numEntries: 1 So it looks like perhaps the administrator account needs the objectclass sambaSamAccount added to the entry manually then you should be able to proceed
