-----Original Message-----
From: Greg Zartman [mailto:[EMAIL PROTECTED]]
Sent: Friday, 26 October 2001 4:19 PM
To: Greg Zartman; e-smith-devinfo
Subject: RE: [e-smith-devinfo] Samba add user fragment
I believe there is an error in the Samba 2.2.2 add user script
fragment. I was unable to join machines to a SME 5.0 domain on
two separate servers here in my office. Additionally, a user
from the e-smith experienced users discussion group ran into a
similar issue (see the PDC discussion line).
A little history of the steps I performed to setup my Samba 2.2.2
PDC: Using the approach outlined in Darrel May's most recent
work with the Samba 2.2.2 "fragments RPM". I installed the
dmc-mitel-samba-2.2.2-0.noarch.rpm rpm on my SME 5.0 sever
running Samba 2.2.2, expanded the fragments and restarted the
Samba daemons. When I attempted to join a Win2k client to the
domain, I repeatedly received the error message: "The account
used is a computer account. Use your global user account or local
user account to access this server." Up until now, I always
thought this meant that you tried to use a username other than
root to authenticate a domain join. I'm now 100% convinced that
this can also indicates a problem with the add machine process
(at least the samba logs seem to indicate this).
To get an idea what was going on, I ran my samba log level up to
10 and attempted repeatedly to join multiple machines to the
domain, without success. It was apparent from the Samba logs on
my machines that Samba was unable to "handshake" with the process
initiated by the add user script. In looking at the
dmc-machine-account-create script and the add user script
parameter, I found two things:
1. The script goes too far in the machine account creation
process by creating both an entry in the passwd database and the
smbpasswd database. Following the approach for creating machine
accounts manually, this script should only add an entry in the
passwd database and let samba create the smbpasswd entry.
2. "Splicing" two commands together in the Samba add user script
parameter really throws Samba. An example can be seen by viewing
the smb_create_user log entry.
Given these two finding, I rewrote the dmc-machine-account-create
script (attached) and the [12adduser] smg.conf parameter as follows:
# [12adduers]
# Added for correct Windows domain user account set up
# Updated script used (gjz-machine-account-create)
add user script =
/etc/e-smith/events/actions/gjz-machine-account-create samba %u
Please note the "samba" line argument after the script. This
indicates that the script is running within samba. For manual
(i.e., command line machine account creation) you would use the
"commandline" argument: gjz-machine-account-create commandline
doppy$ . You'd use this option for creating machine accounts for
other Samba machines that you want to add to a domain.
Maybe others are able to get this to work with the previous
setup, but after spending the better part of a day working on it,
I can't see how it's possible. The attached script and add user
script parameter listed above work without fail on two separate
SME 5.0 machines running Samba 2.2.2.
Comments/suggestions??
Thank you.
Regards,
Greg J. Zartman
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
