Adam Stokes ha scritto: >On Thu, 2005-07-21 at 15:44 +0200, Leonardo Pugliesi wrote: > > >>Adam Stokes ha scritto: >> >> >> >>>On Thu, 2005-07-21 at 10:36 +0200, Leonardo Pugliesi wrote: >>> >>> >>> >>> >>>>Adam Stokes ha scritto: >>>> >>>> >>>> >>>> >>>> >>>>>>>Leon, >>>>>>> >>>>>>>I think since you have an administrator account set already, do >>>>>>> >>>>>>>smbpasswd Adminsitrator >>>>>>> >>>>>>>the '-a' switch tells samba to add that user without it will just change >>>>>>>the password and add the appropriate entries to directory server >>>>>>> >>>>>>>-- >>>>>>>Fedora-directory-users mailing list >>>>>>>Fedora-directory-users at redhat.com >>>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>if i use "smbpasswd Administrator" i get: >>>>>>_______________________________ >>>>>>[root at fedorac4 ~]# smbpasswd Administrator >>>>>>New SMB password: >>>>>>Retype new SMB password: >>>>>>Failed to find entry for user administrator. >>>>>>Failed to modify password entry for user administrator >>>>>>[root at fedorac4 ~]# >>>>>>_______________________________ >>>>>>so it seems that i can't add Administrator because the entry alredy >>>>>>exists, but i can't modify it because it doesn't exists..... >>>>>>am i missing something :-) >>>>>> >>>>>>thanx >>>>>> >>>>>>-- >>>>>>Fedora-directory-users mailing list >>>>>>Fedora-directory-users at redhat.com >>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>What does your smb.conf look like? Also is there anything in the samba >>>>>logs? >>>>> >>>>>-- >>>>>Fedora-directory-users mailing list >>>>>Fedora-directory-users at redhat.com >>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>This is smb.conf (global section): >>>> >>>>[global] >>>> workgroup = FEDORAC4 >>>> username map = /etc/samba/smbusers >>>> enable privileges = yes >>>> server string = Samba Server %v >>>> security = user >>>> encrypt passwords = Yes >>>> min passwd length = 3 >>>> obey pam restrictions = No >>>> ldap passwd sync = Yes >>>> #unix password sync = Yes >>>> passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u >>>> #passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n" >>>> ldap passwd sync = Yes >>>> log level = 0 >>>> syslog = 0 >>>> log file = /var/log/samba/log.%m >>>> max log size = 100000 >>>> time server = Yes >>>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 >>>> mangling method = hash2 >>>> Dos charset = 850 >>>> Unix charset = ISO8859-1 >>>> logon script = logon.bat >>>> logon drive = H: >>>> logon home = >>>> logon path = >>>> domain logons = Yes >>>> os level = 65 >>>> preferred master = Yes >>>> domain master = Yes >>>> wins support = Yes >>>> passdb backend = ldapsam:ldap://fedorac4.localdomain >>>> #passdb backend = ldap:ldap://fedorac4.localdomain >>>> # passdb backend = ldapsam:"ldap://127.0.0.1/ ldap://slave.idealx.com"; >>>> ldap filter = (&(objectclass=sambaSamAccount)(uid=%u)) >>>> ldap admin dn = cn=Directory Manager >>>> ldap suffix = dc=localdomain >>>> ldap group suffix = ou=Groups >>>> ldap user suffix = ou=People >>>> ldap machine suffix = ou=Computers >>>> ldap idmap suffix = ou=Users >>>> #ldap ssl = start tls >>>> add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u" >>>> ldap delete dn = Yes >>>> #delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u" >>>> add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u" >>>> add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g" >>>> #delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g" >>>> add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g" >>>> delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g" >>>> set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u" >>>> >>>> >>>>samba logs is empty >>>>Leon >>>> >>>> >>>> >>>> >>>>-- >>>>Fedora-directory-users mailing list >>>>Fedora-directory-users at redhat.com >>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>>> >>>> >>>Not sure at this point, looks like you are using idealx scripts for some >>>of the administration maybe they created the admin account? >>> >>>-- >>>Fedora-directory-users mailing list >>>Fedora-directory-users at redhat.com >>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> >>> >>> >>the entry "Administrator.... " has been created with the ldif2ldap >>method, as shown in the how-to. >>the problem, in my opinion, is that if i use "smbldap-usershow >>Administrator" i get the right entry: >> >>_____________________________ >>[root at fedorac4 ~]# /opt/IDEALX/sbin/smbldap-usershow Administrator >>dn: uid=Administrator,ou=People,dc=localdomain >>uid: Administrator >>cn: Samba Admin >>givenName: Samba >>sn: Admin >>mail: Administrator at localdomain >>objectClass: person,organizationalPerson,inetOrgPerson,posixAccount,top >>loginShell: /bin/bash >>uidNumber: 0 >>gidNumber: 0 >>homeDirectory: /root >>gecos: Samba Admin >>userPassword: {SSHA}2b/re4djmAJmmNCWnJmKcJLGlCRqdGdU >>_____________________________ >> >>if i use "ldapsearch -x -Z '(uid=Administrator)' i get the right entry, >>i suppose the same entry found with the other command: >>____________________ >>[root at fedorac4 ~]# ldapsearch -x -Z '(uid=Administrator)' >>ldap_start_tls: Protocol error (2) >> additional info: unsupported extended operation >># extended LDIF >># >># LDAPv3 >># base <> with scope sub >># filter: (uid=Administrator) >># requesting: ALL >># >> >># Administrator, People, localdomain >>dn: uid=Administrator,ou=People,dc=localdomain >>uid: Administrator >>cn: Samba Admin >>givenName: Samba >>sn: Admin >>mail: Administrator at localdomain >>objectClass: person >>objectClass: organizationalPerson >>objectClass: inetOrgPerson >>objectClass: posixAccount >>objectClass: top >>loginShell: /bin/bash >>uidNumber: 0 >>gidNumber: 0 >>homeDirectory: /root >>gecos: Samba Admin >> >># search result >>search: 3 >>result: 0 Success >> >># numResponses: 2 >># numEntries: 1 >>[root at fedorac4 ~]# >>_________________________________________- >> >>i suppose the two command give me the same entry because sghould be >>querying the same database...... >> >>if i use pdbedit -u Administrator >>i get >>_________________ >>[root at fedorac4 ~]# pdbedit -u Administrator >>Username not found! >>[root at fedorac4 ~]# >>_________________ >> >>so if only samba related commands seem not to work properly perhaps the >>problem is in samba configuration, >>but in the guides downloaded from the website i didn't found how to >>configure the part of the file for what concern the scripts of entries >>managemant such as adding users, machine, etc...... >>what should i do now? >> >>bye leon >> >> >>-- >>Fedora-directory-users mailing list >>Fedora-directory-users at redhat.com >>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > >This is what the administrator entry should look like : > >[root at directory alias]# ldapsearch -x -ZZ '(uid=administrator)' ># extended LDIF ># ># LDAPv3 ># base <> with scope sub ># filter: (uid=administrator) ># requesting: ALL ># > ># Administrator, People, gsslab.rdu.redhat.com >dn: uid=Administrator,ou=People,dc=gsslab,dc=rdu,dc=redhat,dc=com >uid: Administrator >cn: Samba Administrator >objectClass: account >objectClass: posixAccount >objectClass: top >objectClass: sambaSamAccount >loginShell: /bin/bish >uidNumber: 0 >gidNumber: 0 >homeDirectory: /root >gecos: Samba Administrator >sambaSID: S-1-5-21-1803520230-1543781662-649387223-1000 >sambaPrimaryGroupSID: S-1-5-21-1803520230-1543781662-649387223-1001 >displayName: Samba Administrator >sambaPwdCanChange: 1120750967 >sambaPwdMustChange: 2147483647 >sambaLMPassword: CFA95C51F11AB11DC2265B23734E0DAC >sambaNTPassword: B2D88A4A9B0DAEE170E75F67D54918F6 >sambaPasswordHistory: >00000000000000000000000000000000000000000000000000000000 > 00000000 >sambaPwdLastSet: 1120750967 >sambaAcctFlags: [U ] > ># search result >search: 3 >result: 0 Success > ># numResponses: 2 ># numEntries: 1 > >So it looks like perhaps the administrator account needs the objectclass >sambaSamAccount added to the entry manually then you should be able to >proceed > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > i removed all the references to smbldap-tools in the smb.conf and now things seems to work better... i beg your pardon for this mistake but i thought that samba would interact with ldap through that tools. now, for example, when i join a machine to the domain who is in charge of adding the correct entry in ldap database without smbladp-tools? thanks, leon
