Adam Stokes ha scritto:
On Thu, 2005-07-21 at 15:44 +0200, Leonardo Pugliesi wrote:
Adam Stokes ha scritto:
On Thu, 2005-07-21 at 10:36 +0200, Leonardo Pugliesi wrote:
Adam Stokes ha scritto:
Leon,
I think since you have an administrator account set already, do
smbpasswd Adminsitrator
the '-a' switch tells samba to add that user without it will just change
the password and add the appropriate entries to directory server
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
if i use "smbpasswd Administrator" i get:
_______________________________
[root@fedorac4 ~]# smbpasswd Administrator
New SMB password:
Retype new SMB password:
Failed to find entry for user administrator.
Failed to modify password entry for user administrator
[root@fedorac4 ~]#
_______________________________
so it seems that i can't add Administrator because the entry alredy
exists, but i can't modify it because it doesn't exists.....
am i missing something :-)
thanx
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
What does your smb.conf look like? Also is there anything in the samba
logs?
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
This is smb.conf (global section):
[global]
workgroup = FEDORAC4
username map = /etc/samba/smbusers
enable privileges = yes
server string = Samba Server %v
security = user
encrypt passwords = Yes
min passwd length = 3
obey pam restrictions = No
ldap passwd sync = Yes
#unix password sync = Yes
passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u
#passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n"
ldap passwd sync = Yes
log level = 0
syslog = 0
log file = /var/log/samba/log.%m
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
logon script = logon.bat
logon drive = H:
logon home =
logon path =
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
passdb backend = ldapsam:ldap://fedorac4.localdomain
#passdb backend = ldap:ldap://fedorac4.localdomain
# passdb backend = ldapsam:"ldap://127.0.0.1/ ldap://slave.idealx.com";
ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
ldap admin dn = cn=Directory Manager
ldap suffix = dc=localdomain
ldap group suffix = ou=Groups
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
#ldap ssl = start tls
add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
#delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"
add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u"
add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"
#delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g"
add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u"
samba logs is empty
Leon
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
Not sure at this point, looks like you are using idealx scripts for some
of the administration maybe they created the admin account?
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
the entry "Administrator.... " has been created with the ldif2ldap
method, as shown in the how-to.
the problem, in my opinion, is that if i use "smbldap-usershow
Administrator" i get the right entry:
_____________________________
[root@fedorac4 ~]# /opt/IDEALX/sbin/smbldap-usershow Administrator
dn: uid=Administrator,ou=People,dc=localdomain
uid: Administrator
cn: Samba Admin
givenName: Samba
sn: Admin
mail: Administrator@localdomain
objectClass: person,organizationalPerson,inetOrgPerson,posixAccount,top
loginShell: /bin/bash
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: Samba Admin
userPassword: {SSHA}2b/re4djmAJmmNCWnJmKcJLGlCRqdGdU
_____________________________
if i use "ldapsearch -x -Z '(uid=Administrator)' i get the right entry,
i suppose the same entry found with the other command:
____________________
[root@fedorac4 ~]# ldapsearch -x -Z '(uid=Administrator)'
ldap_start_tls: Protocol error (2)
additional info: unsupported extended operation
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (uid=Administrator)
# requesting: ALL
#
# Administrator, People, localdomain
dn: uid=Administrator,ou=People,dc=localdomain
uid: Administrator
cn: Samba Admin
givenName: Samba
sn: Admin
mail: Administrator@localdomain
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
loginShell: /bin/bash
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: Samba Admin
# search result
search: 3
result: 0 Success
# numResponses: 2
# numEntries: 1
[root@fedorac4 ~]#
_________________________________________-
i suppose the two command give me the same entry because sghould be
querying the same database......
if i use pdbedit -u Administrator
i get
_________________
[root@fedorac4 ~]# pdbedit -u Administrator
Username not found!
[root@fedorac4 ~]#
_________________
so if only samba related commands seem not to work properly perhaps the
problem is in samba configuration,
but in the guides downloaded from the website i didn't found how to
configure the part of the file for what concern the scripts of entries
managemant such as adding users, machine, etc......
what should i do now?
bye leon
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
This is what the administrator entry should look like :
[root@directory alias]# ldapsearch -x -ZZ '(uid=administrator)'
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (uid=administrator)
# requesting: ALL
#
# Administrator, People, gsslab.rdu.redhat.com
dn: uid=Administrator,ou=People,dc=gsslab,dc=rdu,dc=redhat,dc=com
uid: Administrator
cn: Samba Administrator
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: sambaSamAccount
loginShell: /bin/bish
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: Samba Administrator
sambaSID: S-1-5-21-1803520230-1543781662-649387223-1000
sambaPrimaryGroupSID: S-1-5-21-1803520230-1543781662-649387223-1001
displayName: Samba Administrator
sambaPwdCanChange: 1120750967
sambaPwdMustChange: 2147483647
sambaLMPassword: CFA95C51F11AB11DC2265B23734E0DAC
sambaNTPassword: B2D88A4A9B0DAEE170E75F67D54918F6
sambaPasswordHistory:
00000000000000000000000000000000000000000000000000000000
00000000
sambaPwdLastSet: 1120750967
sambaAcctFlags: [U ]
# search result
search: 3
result: 0 Success
# numResponses: 2
# numEntries: 1
So it looks like perhaps the administrator account needs the objectclass
sambaSamAccount added to the entry manually then you should be able to
proceed
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
i removed all the references to smbldap-tools in the smb.conf and now
things seems to work better...
i beg your pardon for this mistake but i thought that samba would
interact with ldap through that tools.
now, for example, when i join a machine to the domain who is in charge
of adding the correct entry in ldap database without smbladp-tools?
thanks,
leon
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
