Adam Stokes ha scritto: >On Thu, 2005-07-21 at 17:05 +0200, Leonardo Pugliesi wrote: > > >>Adam Stokes ha scritto: >> >> >> >>>On Thu, 2005-07-21 at 15:44 +0200, Leonardo Pugliesi wrote: >>> >>> >>> >>> >>>>Adam Stokes ha scritto: >>>> >>>> >>>> >>>> >>>> >>>>>On Thu, 2005-07-21 at 10:36 +0200, Leonardo Pugliesi wrote: >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>>Adam Stokes ha scritto: >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>>>Leon, >>>>>>>>> >>>>>>>>>I think since you have an administrator account set already, do >>>>>>>>> >>>>>>>>>smbpasswd Adminsitrator >>>>>>>>> >>>>>>>>>the '-a' switch tells samba to add that user without it will just change >>>>>>>>>the password and add the appropriate entries to directory server >>>>>>>>> >>>>>>>>>-- >>>>>>>>>Fedora-directory-users mailing list >>>>>>>>>Fedora-directory-users at redhat.com >>>>>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>if i use "smbpasswd Administrator" i get: >>>>>>>>_______________________________ >>>>>>>>[root at fedorac4 ~]# smbpasswd Administrator >>>>>>>>New SMB password: >>>>>>>>Retype new SMB password: >>>>>>>>Failed to find entry for user administrator. >>>>>>>>Failed to modify password entry for user administrator >>>>>>>>[root at fedorac4 ~]# >>>>>>>>_______________________________ >>>>>>>>so it seems that i can't add Administrator because the entry alredy >>>>>>>>exists, but i can't modify it because it doesn't exists..... >>>>>>>>am i missing something :-) >>>>>>>> >>>>>>>>thanx >>>>>>>> >>>>>>>>-- >>>>>>>>Fedora-directory-users mailing list >>>>>>>>Fedora-directory-users at redhat.com >>>>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>What does your smb.conf look like? Also is there anything in the samba >>>>>>>logs? >>>>>>> >>>>>>>-- >>>>>>>Fedora-directory-users mailing list >>>>>>>Fedora-directory-users at redhat.com >>>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>This is smb.conf (global section): >>>>>> >>>>>>[global] >>>>>> workgroup = FEDORAC4 >>>>>> username map = /etc/samba/smbusers >>>>>> enable privileges = yes >>>>>> server string = Samba Server %v >>>>>> security = user >>>>>> encrypt passwords = Yes >>>>>> min passwd length = 3 >>>>>> obey pam restrictions = No >>>>>> ldap passwd sync = Yes >>>>>> #unix password sync = Yes >>>>>> passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u >>>>>> #passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n" >>>>>> ldap passwd sync = Yes >>>>>> log level = 0 >>>>>> syslog = 0 >>>>>> log file = /var/log/samba/log.%m >>>>>> max log size = 100000 >>>>>> time server = Yes >>>>>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 >>>>>> mangling method = hash2 >>>>>> Dos charset = 850 >>>>>> Unix charset = ISO8859-1 >>>>>> logon script = logon.bat >>>>>> logon drive = H: >>>>>> logon home = >>>>>> logon path = >>>>>> domain logons = Yes >>>>>> os level = 65 >>>>>> preferred master = Yes >>>>>> domain master = Yes >>>>>> wins support = Yes >>>>>> passdb backend = ldapsam:ldap://fedorac4.localdomain >>>>>> #passdb backend = ldap:ldap://fedorac4.localdomain >>>>>> # passdb backend = ldapsam:"ldap://127.0.0.1/ ldap://slave.idealx.com" >>>>>> ldap filter = (&(objectclass=sambaSamAccount)(uid=%u)) >>>>>> ldap admin dn = cn=Directory Manager >>>>>> ldap suffix = dc=localdomain >>>>>> ldap group suffix = ou=Groups >>>>>> ldap user suffix = ou=People >>>>>> ldap machine suffix = ou=Computers >>>>>> ldap idmap suffix = ou=Users >>>>>> #ldap ssl = start tls >>>>>> add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u" >>>>>> ldap delete dn = Yes >>>>>> #delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u" >>>>>> add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u" >>>>>> add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g" >>>>>> #delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g" >>>>>> add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g" >>>>>> delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g" >>>>>> set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u" >>>>>> >>>>>> >>>>>>samba logs is empty >>>>>>Leon >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>-- >>>>>>Fedora-directory-users mailing list >>>>>>Fedora-directory-users at redhat.com >>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>Not sure at this point, looks like you are using idealx scripts for some >>>>>of the administration maybe they created the admin account? >>>>> >>>>>-- >>>>>Fedora-directory-users mailing list >>>>>Fedora-directory-users at redhat.com >>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>the entry "Administrator.... " has been created with the ldif2ldap >>>>method, as shown in the how-to. >>>>the problem, in my opinion, is that if i use "smbldap-usershow >>>>Administrator" i get the right entry: >>>> >>>>_____________________________ >>>>[root at fedorac4 ~]# /opt/IDEALX/sbin/smbldap-usershow Administrator >>>>dn: uid=Administrator,ou=People,dc=localdomain >>>>uid: Administrator >>>>cn: Samba Admin >>>>givenName: Samba >>>>sn: Admin >>>>mail: Administrator at localdomain >>>>objectClass: person,organizationalPerson,inetOrgPerson,posixAccount,top >>>>loginShell: /bin/bash >>>>uidNumber: 0 >>>>gidNumber: 0 >>>>homeDirectory: /root >>>>gecos: Samba Admin >>>>userPassword: {SSHA}2b/re4djmAJmmNCWnJmKcJLGlCRqdGdU >>>>_____________________________ >>>> >>>>if i use "ldapsearch -x -Z '(uid=Administrator)' i get the right entry, >>>>i suppose the same entry found with the other command: >>>>____________________ >>>>[root at fedorac4 ~]# ldapsearch -x -Z '(uid=Administrator)' >>>>ldap_start_tls: Protocol error (2) >>>> additional info: unsupported extended operation >>>># extended LDIF >>>># >>>># LDAPv3 >>>># base <> with scope sub >>>># filter: (uid=Administrator) >>>># requesting: ALL >>>># >>>> >>>># Administrator, People, localdomain >>>>dn: uid=Administrator,ou=People,dc=localdomain >>>>uid: Administrator >>>>cn: Samba Admin >>>>givenName: Samba >>>>sn: Admin >>>>mail: Administrator at localdomain >>>>objectClass: person >>>>objectClass: organizationalPerson >>>>objectClass: inetOrgPerson >>>>objectClass: posixAccount >>>>objectClass: top >>>>loginShell: /bin/bash >>>>uidNumber: 0 >>>>gidNumber: 0 >>>>homeDirectory: /root >>>>gecos: Samba Admin >>>> >>>># search result >>>>search: 3 >>>>result: 0 Success >>>> >>>># numResponses: 2 >>>># numEntries: 1 >>>>[root at fedorac4 ~]# >>>>_________________________________________- >>>> >>>>i suppose the two command give me the same entry because sghould be >>>>querying the same database...... >>>> >>>>if i use pdbedit -u Administrator >>>>i get >>>>_________________ >>>>[root at fedorac4 ~]# pdbedit -u Administrator >>>>Username not found! >>>>[root at fedorac4 ~]# >>>>_________________ >>>> >>>>so if only samba related commands seem not to work properly perhaps the >>>>problem is in samba configuration, >>>>but in the guides downloaded from the website i didn't found how to >>>>configure the part of the file for what concern the scripts of entries >>>>managemant such as adding users, machine, etc...... >>>>what should i do now? >>>> >>>>bye leon >>>> >>>> >>>>-- >>>>Fedora-directory-users mailing list >>>>Fedora-directory-users at redhat.com >>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>>> >>>> >>>This is what the administrator entry should look like : >>> >>>[root at directory alias]# ldapsearch -x -ZZ '(uid=administrator)' >>># extended LDIF >>># >>># LDAPv3 >>># base <> with scope sub >>># filter: (uid=administrator) >>># requesting: ALL >>># >>> >>># Administrator, People, gsslab.rdu.redhat.com >>>dn: uid=Administrator,ou=People,dc=gsslab,dc=rdu,dc=redhat,dc=com >>>uid: Administrator >>>cn: Samba Administrator >>>objectClass: account >>>objectClass: posixAccount >>>objectClass: top >>>objectClass: sambaSamAccount >>>loginShell: /bin/bish >>>uidNumber: 0 >>>gidNumber: 0 >>>homeDirectory: /root >>>gecos: Samba Administrator >>>sambaSID: S-1-5-21-1803520230-1543781662-649387223-1000 >>>sambaPrimaryGroupSID: S-1-5-21-1803520230-1543781662-649387223-1001 >>>displayName: Samba Administrator >>>sambaPwdCanChange: 1120750967 >>>sambaPwdMustChange: 2147483647 >>>sambaLMPassword: CFA95C51F11AB11DC2265B23734E0DAC >>>sambaNTPassword: B2D88A4A9B0DAEE170E75F67D54918F6 >>>sambaPasswordHistory: >>>00000000000000000000000000000000000000000000000000000000 >>>00000000 >>>sambaPwdLastSet: 1120750967 >>>sambaAcctFlags: [U ] >>> >>># search result >>>search: 3 >>>result: 0 Success >>> >>># numResponses: 2 >>># numEntries: 1 >>> >>>So it looks like perhaps the administrator account needs the objectclass >>>sambaSamAccount added to the entry manually then you should be able to >>>proceed >>> >>>-- >>>Fedora-directory-users mailing list >>>Fedora-directory-users at redhat.com >>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> >>> >>> >>i removed all the references to smbldap-tools in the smb.conf and now >>things seems to work better... >>i beg your pardon for this mistake but i thought that samba would >>interact with ldap through that tools. >>now, for example, when i join a machine to the domain who is in charge >>of adding the correct entry in ldap database without smbladp-tools? >> >>thanks, >>leon >> >> >>-- >>Fedora-directory-users mailing list >>Fedora-directory-users at redhat.com >>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > >Unfortunately, it has to be done manually without the proper ldap >tools.. I haven't gotten that far in testing just a preliminary how-to >for this. > >IDEALX scripts do work with openldap again I haven't tested with FDS. My >suggestion to you or someone who is good in C is to write a plugin for >FDS probably a Pre-operation plugin to allow for the adding/removing of >entries in the FDS db. > >More information on plugins can be found : >http://directory.fedora.redhat.com/wiki/Plugins > >Sorry I couldn't be of further assistance > >thanks > > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > now i have to users configured in ldap: testuser and admnistrator (as u do in the how-to) when i try to enter in a samba share with testuser i have no problems but if i use administrator and its password i can't enter, is this normal? thanx, leon