Re: Samba and FDS 7.1 on Fedora Core 4 Error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Adam Stokes ha scritto:


On Thu, 2005-07-21 at 17:05 +0200, Leonardo Pugliesi wrote:

Adam Stokes ha scritto:


On Thu, 2005-07-21 at 15:44 +0200, Leonardo Pugliesi wrote:



Adam Stokes ha scritto:


On Thu, 2005-07-21 at 10:36 +0200, Leonardo Pugliesi wrote:



Adam Stokes ha scritto:


Leon,

I think since you have an administrator account set already, do

smbpasswd Adminsitrator

the '-a' switch tells samba to add that user without it will just change
the password and add the appropriate entries to directory server

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users




if i use "smbpasswd Administrator" i get:
_______________________________
[root@fedorac4 ~]# smbpasswd Administrator
New SMB password:
Retype new SMB password:
Failed to find entry for user administrator.
Failed to modify password entry for user administrator
[root@fedorac4 ~]#
_______________________________
so it seems that i can't add Administrator because the entry alredy exists, but i can't modify it because it doesn't exists..... 
am i missing something :-)

thanx

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users



What does your smb.conf look like? Also is there anything in the samba
logs?

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users




This is smb.conf (global section):

[global]
workgroup = FEDORAC4
     username map = /etc/samba/smbusers
	enable privileges = yes
     server string = Samba Server %v
	security = user
     encrypt passwords = Yes
     min passwd length = 3
     obey pam restrictions = No
     ldap passwd sync = Yes
     #unix password sync = Yes
     passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u
     #passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n"
     ldap passwd sync = Yes
     log level = 0
     syslog = 0
     log file = /var/log/samba/log.%m
     max log size = 100000
     time server = Yes
     socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
     mangling method = hash2
     Dos charset = 850
     Unix charset = ISO8859-1
     logon script = logon.bat
     logon drive = H:
     logon home =
     logon path =
     domain logons = Yes
     os level = 65
     preferred master = Yes
     domain master = Yes
     wins support = Yes
     passdb backend = ldapsam:ldap://fedorac4.localdomain
     #passdb backend = ldap:ldap://fedorac4.localdomain
     # passdb backend = ldapsam:"ldap://127.0.0.1/ ldap://slave.idealx.com";
	ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
     ldap admin dn = cn=Directory Manager
     ldap suffix = dc=localdomain
     ldap group suffix = ou=Groups
     ldap user suffix = ou=People
     ldap machine suffix = ou=Computers
     ldap idmap suffix = ou=Users
     #ldap ssl = start tls
     add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"
     ldap delete dn = Yes
     #delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"
     add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u"
add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g" #delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g" 
     add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"
     delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"
     set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u"


samba logs is empty
Leon




--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Not sure at this point, looks like you are using idealx scripts for some
of the administration maybe they created the admin account?

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
the entry "Administrator.... " has been created with the ldif2ldap method, as shown in the how-to. the problem, in my opinion, is that if i use "smbldap-usershow Administrator" i get the right entry: 

_____________________________
[root@fedorac4 ~]# /opt/IDEALX/sbin/smbldap-usershow Administrator
dn: uid=Administrator,ou=People,dc=localdomain
uid: Administrator
cn: Samba Admin
givenName: Samba
sn: Admin
mail: Administrator@localdomain
objectClass: person,organizationalPerson,inetOrgPerson,posixAccount,top
loginShell: /bin/bash
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: Samba Admin
userPassword: {SSHA}2b/re4djmAJmmNCWnJmKcJLGlCRqdGdU
_____________________________
if i use "ldapsearch -x -Z '(uid=Administrator)' i get the right entry, i suppose the same entry found with the other command: 
____________________
[root@fedorac4 ~]# ldapsearch -x -Z '(uid=Administrator)'
ldap_start_tls: Protocol error (2)
      additional info: unsupported extended operation
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (uid=Administrator)
# requesting: ALL
#

# Administrator, People, localdomain
dn: uid=Administrator,ou=People,dc=localdomain
uid: Administrator
cn: Samba Admin
givenName: Samba
sn: Admin
mail: Administrator@localdomain
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
loginShell: /bin/bash
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: Samba Admin

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1
[root@fedorac4 ~]#
_________________________________________-
i suppose the two command give me the same entry because sghould be querying the same database...... 

if i use pdbedit -u Administrator
i get
_________________
[root@fedorac4 ~]# pdbedit -u Administrator
Username not found!
[root@fedorac4 ~]#
_________________
so if only samba related commands seem not to work properly perhaps the problem is in samba configuration, but in the guides downloaded from the website i didn't found how to configure the part of the file for what concern the scripts of entries managemant such as adding users, machine, etc...... 
what should i do now?

bye leon


--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

This is what the administrator entry should look like :

[root@directory alias]# ldapsearch -x -ZZ '(uid=administrator)'
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (uid=administrator)
# requesting: ALL
#

# Administrator, People, gsslab.rdu.redhat.com
dn: uid=Administrator,ou=People,dc=gsslab,dc=rdu,dc=redhat,dc=com
uid: Administrator
cn: Samba Administrator
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: sambaSamAccount
loginShell: /bin/bish
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: Samba Administrator
sambaSID: S-1-5-21-1803520230-1543781662-649387223-1000
sambaPrimaryGroupSID: S-1-5-21-1803520230-1543781662-649387223-1001
displayName: Samba Administrator
sambaPwdCanChange: 1120750967
sambaPwdMustChange: 2147483647
sambaLMPassword: CFA95C51F11AB11DC2265B23734E0DAC
sambaNTPassword: B2D88A4A9B0DAEE170E75F67D54918F6
sambaPasswordHistory:
00000000000000000000000000000000000000000000000000000000
00000000
sambaPwdLastSet: 1120750967
sambaAcctFlags: [U          ]

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1

So it looks like perhaps the administrator account needs the objectclass
sambaSamAccount added to the entry manually then you should be able to
proceed

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
i removed all the references to smbldap-tools in the smb.conf and now things seems to work better... i beg your pardon for this mistake but i thought that samba would interact with ldap through that tools. now, for example, when i join a machine to the domain who is in charge of adding the correct entry in ldap database without smbladp-tools? 

thanks,
leon


--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users


Unfortunately, it has to be done manually without the proper ldap
tools.. I haven't gotten that far in testing just a preliminary how-to
for this. 
IDEALX scripts do work with openldap again I haven't tested with FDS. My
suggestion to you or someone who is good in C is to write a plugin for
FDS probably a Pre-operation plugin to allow for the adding/removing of
entries in the FDS db.

More information on plugins can be found :
http://directory.fedora.redhat.com/wiki/Plugins

Sorry I couldn't be of further assistance

thanks


--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
now i have to users configured in ldap: testuser and admnistrator (as u do in the how-to) when i try to enter in a samba share with testuser i have no problems but if i use administrator and its password i can't enter, 
is this normal?

thanx,
leon

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux