On Thu, 2005-07-21 at 17:05 +0200, Leonardo Pugliesi wrote: > Adam Stokes ha scritto: > > >On Thu, 2005-07-21 at 15:44 +0200, Leonardo Pugliesi wrote: > > > > > >>Adam Stokes ha scritto: > >> > >> > >> > >>>On Thu, 2005-07-21 at 10:36 +0200, Leonardo Pugliesi wrote: > >>> > >>> > >>> > >>> > >>>>Adam Stokes ha scritto: > >>>> > >>>> > >>>> > >>>> > >>>> > >>>>>>>Leon, > >>>>>>> > >>>>>>>I think since you have an administrator account set already, do > >>>>>>> > >>>>>>>smbpasswd Adminsitrator > >>>>>>> > >>>>>>>the '-a' switch tells samba to add that user without it will just change > >>>>>>>the password and add the appropriate entries to directory server > >>>>>>> > >>>>>>>-- > >>>>>>>Fedora-directory-users mailing list > >>>>>>>Fedora-directory-users at redhat.com > >>>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>if i use "smbpasswd Administrator" i get: > >>>>>>_______________________________ > >>>>>>[root at fedorac4 ~]# smbpasswd Administrator > >>>>>>New SMB password: > >>>>>>Retype new SMB password: > >>>>>>Failed to find entry for user administrator. > >>>>>>Failed to modify password entry for user administrator > >>>>>>[root at fedorac4 ~]# > >>>>>>_______________________________ > >>>>>>so it seems that i can't add Administrator because the entry alredy > >>>>>>exists, but i can't modify it because it doesn't exists..... > >>>>>>am i missing something :-) > >>>>>> > >>>>>>thanx > >>>>>> > >>>>>>-- > >>>>>>Fedora-directory-users mailing list > >>>>>>Fedora-directory-users at redhat.com > >>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>What does your smb.conf look like? Also is there anything in the samba > >>>>>logs? > >>>>> > >>>>>-- > >>>>>Fedora-directory-users mailing list > >>>>>Fedora-directory-users at redhat.com > >>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>This is smb.conf (global section): > >>>> > >>>>[global] > >>>> workgroup = FEDORAC4 > >>>> username map = /etc/samba/smbusers > >>>> enable privileges = yes > >>>> server string = Samba Server %v > >>>> security = user > >>>> encrypt passwords = Yes > >>>> min passwd length = 3 > >>>> obey pam restrictions = No > >>>> ldap passwd sync = Yes > >>>> #unix password sync = Yes > >>>> passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u > >>>> #passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n" > >>>> ldap passwd sync = Yes > >>>> log level = 0 > >>>> syslog = 0 > >>>> log file = /var/log/samba/log.%m > >>>> max log size = 100000 > >>>> time server = Yes > >>>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > >>>> mangling method = hash2 > >>>> Dos charset = 850 > >>>> Unix charset = ISO8859-1 > >>>> logon script = logon.bat > >>>> logon drive = H: > >>>> logon home = > >>>> logon path = > >>>> domain logons = Yes > >>>> os level = 65 > >>>> preferred master = Yes > >>>> domain master = Yes > >>>> wins support = Yes > >>>> passdb backend = ldapsam:ldap://fedorac4.localdomain > >>>> #passdb backend = ldap:ldap://fedorac4.localdomain > >>>> # passdb backend = ldapsam:"ldap://127.0.0.1/ ldap://slave.idealx.com"; > >>>> ldap filter = (&(objectclass=sambaSamAccount)(uid=%u)) > >>>> ldap admin dn = cn=Directory Manager > >>>> ldap suffix = dc=localdomain > >>>> ldap group suffix = ou=Groups > >>>> ldap user suffix = ou=People > >>>> ldap machine suffix = ou=Computers > >>>> ldap idmap suffix = ou=Users > >>>> #ldap ssl = start tls > >>>> add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u" > >>>> ldap delete dn = Yes > >>>> #delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u" > >>>> add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u" > >>>> add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g" > >>>> #delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g" > >>>> add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g" > >>>> delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g" > >>>> set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u" > >>>> > >>>> > >>>>samba logs is empty > >>>>Leon > >>>> > >>>> > >>>> > >>>> > >>>>-- > >>>>Fedora-directory-users mailing list > >>>>Fedora-directory-users at redhat.com > >>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users > >>>> > >>>> > >>>> > >>>> > >>>Not sure at this point, looks like you are using idealx scripts for some > >>>of the administration maybe they created the admin account? > >>> > >>>-- > >>>Fedora-directory-users mailing list > >>>Fedora-directory-users at redhat.com > >>>https://www.redhat.com/mailman/listinfo/fedora-directory-users > >>> > >>> > >>> > >>> > >>> > >>the entry "Administrator.... " has been created with the ldif2ldap > >>method, as shown in the how-to. > >>the problem, in my opinion, is that if i use "smbldap-usershow > >>Administrator" i get the right entry: > >> > >>_____________________________ > >>[root at fedorac4 ~]# /opt/IDEALX/sbin/smbldap-usershow Administrator > >>dn: uid=Administrator,ou=People,dc=localdomain > >>uid: Administrator > >>cn: Samba Admin > >>givenName: Samba > >>sn: Admin > >>mail: Administrator at localdomain > >>objectClass: person,organizationalPerson,inetOrgPerson,posixAccount,top > >>loginShell: /bin/bash > >>uidNumber: 0 > >>gidNumber: 0 > >>homeDirectory: /root > >>gecos: Samba Admin > >>userPassword: {SSHA}2b/re4djmAJmmNCWnJmKcJLGlCRqdGdU > >>_____________________________ > >> > >>if i use "ldapsearch -x -Z '(uid=Administrator)' i get the right entry, > >>i suppose the same entry found with the other command: > >>____________________ > >>[root at fedorac4 ~]# ldapsearch -x -Z '(uid=Administrator)' > >>ldap_start_tls: Protocol error (2) > >> additional info: unsupported extended operation > >># extended LDIF > >># > >># LDAPv3 > >># base <> with scope sub > >># filter: (uid=Administrator) > >># requesting: ALL > >># > >> > >># Administrator, People, localdomain > >>dn: uid=Administrator,ou=People,dc=localdomain > >>uid: Administrator > >>cn: Samba Admin > >>givenName: Samba > >>sn: Admin > >>mail: Administrator at localdomain > >>objectClass: person > >>objectClass: organizationalPerson > >>objectClass: inetOrgPerson > >>objectClass: posixAccount > >>objectClass: top > >>loginShell: /bin/bash > >>uidNumber: 0 > >>gidNumber: 0 > >>homeDirectory: /root > >>gecos: Samba Admin > >> > >># search result > >>search: 3 > >>result: 0 Success > >> > >># numResponses: 2 > >># numEntries: 1 > >>[root at fedorac4 ~]# > >>_________________________________________- > >> > >>i suppose the two command give me the same entry because sghould be > >>querying the same database...... > >> > >>if i use pdbedit -u Administrator > >>i get > >>_________________ > >>[root at fedorac4 ~]# pdbedit -u Administrator > >>Username not found! > >>[root at fedorac4 ~]# > >>_________________ > >> > >>so if only samba related commands seem not to work properly perhaps the > >>problem is in samba configuration, > >>but in the guides downloaded from the website i didn't found how to > >>configure the part of the file for what concern the scripts of entries > >>managemant such as adding users, machine, etc...... > >>what should i do now? > >> > >>bye leon > >> > >> > >>-- > >>Fedora-directory-users mailing list > >>Fedora-directory-users at redhat.com > >>https://www.redhat.com/mailman/listinfo/fedora-directory-users > >> > >> > > > >This is what the administrator entry should look like : > > > >[root at directory alias]# ldapsearch -x -ZZ '(uid=administrator)' > ># extended LDIF > ># > ># LDAPv3 > ># base <> with scope sub > ># filter: (uid=administrator) > ># requesting: ALL > ># > > > ># Administrator, People, gsslab.rdu.redhat.com > >dn: uid=Administrator,ou=People,dc=gsslab,dc=rdu,dc=redhat,dc=com > >uid: Administrator > >cn: Samba Administrator > >objectClass: account > >objectClass: posixAccount > >objectClass: top > >objectClass: sambaSamAccount > >loginShell: /bin/bish > >uidNumber: 0 > >gidNumber: 0 > >homeDirectory: /root > >gecos: Samba Administrator > >sambaSID: S-1-5-21-1803520230-1543781662-649387223-1000 > >sambaPrimaryGroupSID: S-1-5-21-1803520230-1543781662-649387223-1001 > >displayName: Samba Administrator > >sambaPwdCanChange: 1120750967 > >sambaPwdMustChange: 2147483647 > >sambaLMPassword: CFA95C51F11AB11DC2265B23734E0DAC > >sambaNTPassword: B2D88A4A9B0DAEE170E75F67D54918F6 > >sambaPasswordHistory: > >00000000000000000000000000000000000000000000000000000000 > > 00000000 > >sambaPwdLastSet: 1120750967 > >sambaAcctFlags: [U ] > > > ># search result > >search: 3 > >result: 0 Success > > > ># numResponses: 2 > ># numEntries: 1 > > > >So it looks like perhaps the administrator account needs the objectclass > >sambaSamAccount added to the entry manually then you should be able to > >proceed > > > >-- > >Fedora-directory-users mailing list > >Fedora-directory-users at redhat.com > >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > i removed all the references to smbldap-tools in the smb.conf and now > things seems to work better... > i beg your pardon for this mistake but i thought that samba would > interact with ldap through that tools. > now, for example, when i join a machine to the domain who is in charge > of adding the correct entry in ldap database without smbladp-tools? > > thanks, > leon > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users Unfortunately, it has to be done manually without the proper ldap tools.. I haven't gotten that far in testing just a preliminary how-to for this. IDEALX scripts do work with openldap again I haven't tested with FDS. My suggestion to you or someone who is good in C is to write a plugin for FDS probably a Pre-operation plugin to allow for the adding/removing of entries in the FDS db. More information on plugins can be found : http://directory.fedora.redhat.com/wiki/Plugins Sorry I couldn't be of further assistance thanks
