Edmundo Valle Neto escreveu:
Geraldo Coelho escreveu:
Hi all,
I have a problem. I need to create an account machine with samba.
The smbldap-useradd created the account, but only an unix account, like
this:
dn: uid=notedell$,ou=computers,dc=grupora,dc=com,dc=br
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
cn: notedell$
sn: notedell$
uid: notedell$
uidNumber: 15025
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
How are you doing that? The "recommended" add machine script only does
that what you are seeing.
If you execute: smbldap-useradd -w machinename it will only create the
account with posix attributes.
As stated in the smbldap-tools documentation:
"The script defined with the add machine script MUST NOT add the
sambaSAMAccount
objectclass of the machine account. The script must only add the Posix
machine account.
Samba will add the sambaSAMAccount when joining the domain."
Look at an example of smbldap-useradd beeing executed through "add
machine script" option:
A samba log with a level 3 output:
...
[2006/06/26 14:47:28, 3] rpc_server/srv_samr_nt.c:_samr_create_user(2324)
_samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
"testmachine$"' gave 0
...
[2006/06/26 14:47:28, 3] passdb/pdb_ldap.c:ldapsam_add_sam_account(1832)
ldapsam_add_sam_account: User exists without samba attributes: adding
them
[2006/06/26 14:47:28, 2] passdb/pdb_ldap.c:init_ldap_from_sam(912)
init_ldap_from_sam: Setting entry for user: testmachine$
[2006/06/26 14:47:28, 2] passdb/pdb_ldap.c:ldapsam_add_sam_account(1942)
ldapsam_add_sam_account: added: uid == testmachine$ in the LDAP database
...
So, "User exists without samba attributes: adding them", isnt the
script that creates the samba attributes, samba do that.
But, the samba doesn't created an valid account.
Like this:
dn: uid=notedell$,ou=Computers,dc=grupora,dc=com,dc=br
uid: notedell$
sambaSID: S-1-5-21-243819190-2830005574-892836686-31036
sambaPrimaryGroupSID: S-1-5-21-243819190-2830005574-892836686-515
objectClass: sambaSamAccount
objectClass: account
displayName: NOTEDELL$
sambaPwdCanChange: 1150829558
sambaPwdMustChange: 2147483647
sambaNTPassword: D7CD95C07847C9DD38F14D8751D0B8F4
sambaPwdLastSet: 1150829558
sambaAcctFlags: [W ]
Well, it should.
so, windows rejects my login with a "bad password" error
and doesn't join the domain
I'm using user id = 0 (root)
Does your root account have both posix and samba attributes?
Have you configured the "add * script" and the ldap options properly?
Have you added the ldap admin password to samba (smbpasswd -w
yourldappassword)?
What your logs say?
Someone knows what's happening.
Thanks in advance
--
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.9.4/375 - Release Date: 25/6/2006
OR if you want to do that by hand:
smbldap-useradd -w -i machinename
then put a blank password
then join the workstation without typing a username or password.
Regards.
Edmundo Valle Neto
Only to correct the last bullshit that I writed :)
-i is for interdomain trust accounts
To create a machine trust account by hand in LDAP:
smbldap-useradd -w machinename
smbpasswd -a -m machinename$
then join with a user that have rights to do it.
Edmundo Valle Neto
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
