Henrik Dige Semark skrev:
Adam Tauno WIlliams skrev:
[2009/08/14 18:22:24, 0] passdb/pdb_get_set.c:pdb_get_group_sid(210)
pdb_get_group_sid: Failed to find Unix account for DomAdmin
[2009/08/14 18:22:24, 1] auth/auth_util.c:make_server_info_sam(562)
User DomAdmin in passdb, but getpwnam() fails!
I don't know why it is looking for a "DomAdmin" account. Perhaps your
directory is not fully initialized? Loaded with the required users,
etc...
DomAdmin, is a Domain-administrator accaunt I have created instead of
"admin" ore "root"
I have ran "smbldap-populate -u 10000 -g 10000 -a admin -g guest" and
it populates LDAP with all the default users and groupes windows need
to be able to join.
-u uidNumber first uidNumber to allocate (default: 1000)
-g gidNumber first uidNumber to allocate (default: 1000)
-a user administrator login name (default: root)
-b user guest login name (default: nobody)
Error: modifications require authentication at
/usr/share/perl5/smbldap_tools.pm line 1083.
[2009/08/14 18:22:48, 0]
passdb/pdb_interface.c:pdb_default_create_user(336)
_samr_create_user: Running the command `/usr/sbin/smbldap-useradd
-t 0 -w -i "hds$"' gave 127
I don't use smblap-tools but this looks like they don't have sufficient
config to authenticate to the DSA.
Don't know what the problem is with smbldap-useradd, but when I run
the command alone it creates a windows machine user:
# smbldap-useradd -w -i testcomputer
New password : 1234
Retype new password : 1234
*failed to add entry: structural object class modification from
'account' to 'inetOrgPerson' not allowed at /usr/sbin/smbldap-useradd
line 311, <STDIN> line 2. *
I have the schemas that provite account and inetOrgPerson
# smbldap-useradd -?
(c) Jerome Tournier - (jtourn...@gmail.com)- Licensed under the GPL
Usage: /usr/sbin/smbldap-useradd [-awmugdsckABCDEFGHMNPST?] username
-a is a Windows User (otherwise, Posix stuff only)
-b is a AIX User
-c gecos
-d home
-g gid
-i is a trust account (Windows Workstation)
-k skeleton dir (with -m)
-m creates home directory and copies /etc/skel
-n do not create a group
-o add the user in the organizational unit (relative to the user
suffix. Ex: 'ou=admin,ou=all')
-u uid
-s shell
-t time. Wait 'time' seconds before exiting (when adding Windows
Workstation)
-w is a Windows Workstation (otherwise, Posix stuff only)
-A can change password ? 0 if no, 1 if yes
-B must change password ? 0 if no, 1 if yes
-C sambaHomePath (SMB home share, like '\\PDC-SRV\homes')
-D sambaHomeDrive (letter associated with home share, like 'H:')
-E sambaLogonScript (DOS script to execute on login)
-F sambaProfilePath (profile directory, like
'\\PDC-SRV\profiles\foo')
-G supplementary comma-separated groups
-H sambaAcctFlags (samba account control bits like '[NDHTUMWSLKI]')
-M local mailAddress (comma seperated)
-N given name
-P ends by invoking smbldap-passwd
-S surname (Family name)
-T mailToAddress (forward address) (comma seperated)
-? show this help message
Mike Eggleston skrev:
I'm not at work and am unable to compare your configuration with
my production configuration. I have a similar environment, though,
and found for windows boxes I needed to create the account in LDAP
first (I use smbldap-adduser ...), then I must also add my samba
server as a WINS server to the windows box, then I can join the
windows box to my samba pdc domain.
Mike
I have now tryed to set my server as wins-server - still samme problem
More info:
There is something I don't understand when I try to join the domain
there is no traffic to LDAP at all, but when i do
# wbinfo -u
guest
domadmin
# wbinfo -g
domain admins
domain users
domain guests
domain computers
BUILTIN%users
# wbinfo --ping
Ping to winbindd succeeded
It looks up in LDAP just fine, so the link is apparently working fine
--
Med Venlig Hilsen / Best regards
Henrik Dige Semark
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
