[EMAIL PROTECTED] wrote:

Aaron Ogden wrote:

Hello Rich (and others), thanks for responding. I turned up the loglevel, fixed some configuration errors in smb.conf, and commented the root= entry in smbusers. You were right, Administrator was being mapped to 'root'. Now I can authenticate LDAP users in Samba, e.g. 'smbclient -L localhost -U Administrator' works properly. Unfortunately I still cannot join the PDC machine to the domain and I think I know why.

When I run 'net rpc join -U Administrator' the machine account gets created but it is a posixAccount instead of a sambaSamAccount. In other words it is a normal unix user account that is missing all of the samba-related fields. Samba is calling the IDEALX smbldap-useradd.pl script to create the account but obviously I've got an error somewhere... the user accounts it creates are not samba-capable. Does anyone know how to fix this? Did I miss something in smbldap_conf.pm?


What version of samba did you say your using? It sounds like one with an older version of the Idealx scripts since you still have the .pl extension and they still use the .pm configuration files. Try going to http://www.idealx.org/prj/samba/index.en.html and download the latest version of the scripts. I had some problems with the Idealx scripts bundled with 3.0.2a but using the latest versions from the site fixed everything. Oh, and don't forget that for the "add machine script" setting you need to pass the -w option to smbldap-useradd.


I got it working today, it turns out that the bug John Terpstra mentions on page 149 of S3BE still exists in Samba 3.0.4. The machine accounts have to be in the same org unit as the normal user accounts. After I changed the configuration to work around this bug I was able to join the PDC to the domain and join a client machine to the domain... so everything is working great now. Thanks again for your help!!

re: smbldap scripts, I am using the ones that came with the SuSE samba packages. They seem to work fine.


On a related note, I've imported lots of NIS data into this LDAP directory, so I have lots of valid Unix accounts. These are working properly on LDAP-enabled linux machines, but how do I 'convert' them for use with Samba? Ideally I would like to have one record for each user that contains all of the samba data as well as the unix data. Is there an easy way to add the appropriate samba fields to 'normal' posixAccounts? Is there a FAQ that covers the procedure? Any help would be welcome.


That's a good question and I hope someone has an answer. I tried to do the same a while back and didn't have any luck either. You can't use the smbldap-useradd scripts or smbpasswd -a 'cause those will only tell you that the entry already exists. Oooo... but it looks like you can use "smbldap-usermod -a" to add the necessary objectclass and whatnot. Play around with that and see what happens.

I think the 'mkntpasswd' command may take care of this too... not sure yet, but I will check and get back to you. I have the password hashes for a few hundred users, hopefully I can enter this into LDAP in binary format since they can't be decrypted.


-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba

Reply via email to