Thanks, I did not notice the typo, but the funny thing is that it was working with the typo. I had an idea that using the people ou would work, and I did some searching and found that someone else ran into the same problem. They used the same ou for user accounts and it worked. So I tried it and everything seems to be working. It looks like this is a bug in samba 3. Some one has already reported this as a bug so maybe it will get fixed.
Patrick
Tarjei Bitustøyl wrote:
Hi,
First, there's an error in the smb.conf: ldap user suffix has a typo.
Second, I ran into a similar problem myself. No matter what I do, I cannot make a computer register in the LDAP *with ldap machine suffix different from ldap people suffix*.
I have no idea why this is, but it's working with the people and machine suffix in the same dn.
Regards Tarjei
-----Opprinnelig melding----- Fra: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] På vegne av [EMAIL PROTECTED] Sendt: 16. november 2003 21:58 Til: [EMAIL PROTECTED] Emne: [Samba] SAMBA 3.0.0 PDC + LDAP - Adding Computer Account
Hello all,
I'm having an issue with adding machine accounts to a Samba 3.0.0 PDC with an LDAP passwd db backend. This is on a RedHat 9 with an rpm I compiled from the 3.0.0 release. I have configured samba to where it is using LDAP and able to add user accounts and group mappings to LDAP, but when I try to add a computer account using smbpasswd -a -m data it is not able to add the account. I ran it with the debug option and here is what I get:
(pts/2)[EMAIL PROTECTED] samba]# smbpasswd -a -m data -D 10 Netbios name list:- my_netbios_names[0]="IMPACT" Trying to load: ldapsam:ldap://127.0.0.1 Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend ldapsam_compat Successfully added passdb backend 'ldapsam_compat' Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to register passdb backend guest Successfully added passdb backend 'guest' Attempting to find an passdb backend to match ldapsam:ldap://127.0.0.1 (ldapsam) Found pdb backend ldapsam Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=MATRIX))] smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=MATRIX))] smbldap_open_connection: ldap://127.0.0.1 smbldap_open_connection: connection opened ldap_connect_system: Binding to ldap server ldap://127.0.0.1 as "cn=Samba Admin,ou=People,dc=firerun,dc=net" ldap_connect_system: succesful connection to the LDAP server The LDAP server is succesful connected pdb backend ldapsam:ldap://127.0.0.1 has a valid init Attempting to find an passdb backend to match guest (guest) Found pdb backend guest pdb backend guest has a valid init smbldap_search_suffix: searching for:[(&(uid=data$)(objectclass=sambaSamAccount))] ldapsam_getsampwnam: Unable to locate user [data$] count=0 Finding user data$ Trying _Get_Pwnam(), username as lowercase is data$ Trying _Get_Pwnam(), username as uppercase is DATA$ Checking combinations of 0 uppercase letters in data$ Get_Pwnam_internals didn't find user [data$]! Failed initialise SAM_ACCOUNT for user data$. Failed to modify password entry for user data$
My relavent smb.conf options are
#====================== Password Database
# Define the backend to use passdb backend = ldapsam:ldap://127.0.0.1
# Define the DN that will be used to bind to the ldap directory # must have write access to lmPassword and ntPassword attributes # use smbpasswd -w secret to store password ldap admin dn = "cn=Samba Admin,ou=People,dc=firerun,dc=net"
# Should ssl be used to connect to ldap server # (off, start tls, on) default = on ldap ssl = off
# smbpasswd -x delete the entire dn-entry ldap delete dn = no
# The machine and user suffix added to the base suffix # wrote WITHOUT quotes. NULL suffixes by default ldap user suffix = ou=People,dc=fireru,dc=net ldap group suffix = ou=Group,dc=firerun,dc=net ldap idmap suffix = ou=Idmap,dc=firerun,dc=net ldap machine suffix = ou=Computers,dc=firerun,dc=net
# Specify the base DN to use when searching the directory ldap suffix = "dc=firerun,dc=net"
# Specify the search filter. Generally the default is okay # ldap filter = "(&(uid=%u)(objectclass=sambaAccount))"
# Should ldap passwords be synced with nt passwords # (yes, no, only) default = no ldap passwd sync = no
# Allow adding a computer account to ldap add machine script = /etc/samba/ldapaddcomp %m$
#======================
As for the user data$ it already exists in the directory as:
# data$, Computers, firerun, net dn: uid=data$,ou=Computers,dc=firerun,dc=net uid: data$ cn: Computer Account objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount uidNumber: 1007 gidNumber: 1003 homeDirectory: /dev/null gecos: Computer Account loginShell: /sbin/nologin description: Computer Account shadowLastChange: 12372 shadowMin: 0 shadowMax: 99999 shadowWarning: 7
when I do a getent passwd the computer account data$ shows up in the listing so by all accounts the account exists. As for LDAP ACL the Samba admin has write access to the Computer ou in the Directory so it should be able to update the information. I did find out that in the ldap log it has:
Nov 16 13:32:42 impact slapd[10664]: conn=9 op=1 SRCH base="ou=People,dc=firerun,dc=net" scope=1 filter="(&(objectClass=posixAccount)(uid=DATA$))"
So it appears that it might be searching the wrong ou for the account information. Does anyone have any ideas what is happening or why I am unable to add machine accounts?
Thank you in advance. Patrick Gunerud
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba