Thanks, I'll give this a try tomorrow and let you know how things go. I really appreciate your help. This is the last major hurdle that I can see.
Kent N > Changes below: > > [EMAIL PROTECTED] wrote: > >>Thanks for getting back to me, Paul. >>Here's the domain controllers smb.conf >> >> >>[global] >> workgroup = WarehamPS >> encrypt passwords = Yes >> time server = Yes >> socket options = TCP_NODELAY >> security = user >> logon script = whs1.bat >> writable = Yes >> dns proxy = no >> directory mask = 02770 >> preferred master = yes >> netbios name = WHS1 >> server string = RedHat 8.0 LDAP Server >> passdb backend = ldapsam >> ldap passwd sync = Yes >> machine password timeout = 604800 >> passwd program = /usr/local/samba/bin/smbpasswd %u >> passwd chat = *Enter\snew\sUNIX\spassword:* %n\n >>*Retype\snew\sUnix\spassword:* %n\n >> log file = /var/log/samba.%m >> debug level = 2 >> max log size = 50 >> add user script = /usr/local/sbin/smbldap-useradd.pl %u >> delete user script = /usr/local/sbin/smbldap-useradd.pl %u >> add group script = /usr/local/sbin/smbldap-groupadd.pl >> delete group script = /usr/local/sbin/smbldap-groupdel.pl >> add machine script = /usr/sbin/useradd -c "Computer" -d /dev/null >>-s /bin/false -g 502 -M %u; /usr/local/samba/bin/smbpasswd -a -m >>%u >> >> > Change these scripts to be liks so: > > add user script = /usr/sbin/smbldap-useradd -a -m "%u" > delete user script = /usr/sbin/smbldap-userdel "%u" > add group script = /usr/sbin/smbldap-groupadd "%g" > delete group script = /usr/sbin/smbldap-groupdel "%g" > add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" > delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" > set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" > add machine script = /usr/sbin/smbldap-useradd -w "%u" > > make sure the paths line up of course. The quotes are important in case > you get spaces in the parameters. > >> logon script = whs1.bat >> logon path = >> logon drive = H: >> logon home = >> domain logons = Yes >> os level = 64 >> domain master = Yes >> dns proxy = Yes >> admin users = @domain_admins >> wins support = Yes >> name resolve order = wins hosts bcast >> ldap suffix = dc=tow,dc=net >> ldap machine suffix = ou=Computers >> >> > Make ldap machine suffix match ldap user suffix. Known bug. > >> ldap user suffix = ou=Users >> ldap group suffix = ou=Groups >> ldap admin dn = cn=admin,dc=tow,dc=net >> ldap ssl = no >> >> > <shares defs deleted> > > Of course, make sure your smbldap config file matches the above LDAP dn > information for users, computers. Check back after trying it out. > > Paul > >>Kent >>Wareham Public Schools >> >> >> >>>[EMAIL PROTECTED] wrote: >>> >>> >>> >>>>Hello, >>>>I have a question about machine accounts. >>>>I using Samba 3.0, OpenLDAP 2.1.30 and Berkeley 4.2.52 on backend on >>>>RedHat machines. >>>>I also have 3 slave/BDC's and 1 master/PDC >>>> >>>>Right now all of my users and groups exist entirely in the LDAP >>>>directory. >>>>I have a few accounts in addition to the normal system accounts that >>>> are >>>>used for emergency access. All authention and group enumeration uses >>>>PAM_LDAP with NSS_LDAP. >>>> >>>>My question is that when I have a machine join the domain, in the LDAP >>>>directory an objectclass Account and sambaSAMAccount are created. I >>>> still >>>>need to create a machine account in /etc/passwd for this to happen. Is >>>>there anyone out there that is first creating a posixAccount with >>>>appropriate attributes in LDAP then using the Samba/Windows to generate >>>>the sambaSAMAccount object and attributes in LDAP also? >>>> >>>> >>>> >>>> >>>You shouldn't need anything in /etc/passwd. Perhaps by posting an >>>smb.conf you could be pointed in the right direction. >>> >>> >>> >>>>I was so happy to get all of the user/group stuff consolidated into the >>>>directory. Now I see that this is a possibility also but I haven't >>>> tried >>>>it. >>>> >>>>Kent N >>>>Wareham Public Schools >>>> >>>> >>>> >>>> >>>> >>>-- >>>Paul Gienger Office: 701-281-1884 >>>Applied Engineering Inc. Cell: 701-306-6254 >>>Information Systems Consultant Fax: 701-281-1322 >>>URL: www.ae-solutions.com mailto:[EMAIL PROTECTED] >>> >>> >>> >>> >>> >> >> >> >> > > -- > Paul Gienger Office: 701-281-1884 > Applied Engineering Inc. Cell: 701-306-6254 > Information Systems Consultant Fax: 701-281-1322 > URL: www.ae-solutions.com mailto:[EMAIL PROTECTED] > > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba