Re: [Samba] PDC witch LDAP and machine account lookup
Hi again, so it looks like something with adding machine accounts manually does not work for me. After reconfiguring the smbldap tools and removing the computer (farbwahl06) from the domain i added it again. The automatically created machine account works fine and i am able to logon to the domain. The differences between the pdbedit outputs have not been that big but big enough to make trouble i guess. Thanks for your help Bruno. Regards Stefan -Ursprüngliche Nachricht- Von: Bruno MACADRE [mailto:bruno.maca...@univ-rouen.fr] Gesendet: Donnerstag, 1. Oktober 2009 22:10 An: Stefan Michalsky Betreff: Re: [Samba] PDC witch LDAP and machine account lookup Hi, It looks strange... I've you tried to increase your log level (specially on tdb and passdb). Something like : log level = 2 tdb:5 passdb:5 And look for any strange behavior when you try to log onto farbwhal06 or when you try to join it to the domain. I don't use smbldap-tools so i can help you with this, for me adding a machine to the LDAP is like adding a user, the only difference is that the username (uid for LDAP) finish with a $ If you try : # pdbedit -v farbwahl06$ and # pdbedit -v farbwahl04$ Look for any difference between the 2 results ! Regards, Bruno Stefan Michalsky a écrit : > Hey Bruno, > > it seems that the problem is something else. I tested on one computer > (farbwahl06 - WinXP Pro Client) > most of the time. But i have another machine to test (farbwahl04 - WinVista > client). > I moved the machine account for farbwahl04 from People to Computers and > everything > works fine. So i tried all variants for farbwahl06 (account in People and > Computers, > changed suffixes and so on) and the machine account for farbwahl06 seems to > be > broken. I tried to create a new one, but this doesn't help too. > > So how do you create machine accounts? Perhaps i am missing something. > Adding machine > accounts automatically doesn't work too by the way. The Samba server is a > gentoo (Linux version 2.6.23-hardened-r12). > > Please find attached my smb.conf (farbwahl04 is working with this) *** REMOVED *** > > > > Kind regards, > Stefan > > > > -Ursprüngliche Nachricht- > Von: Bruno MACADRE [mailto:bruno.maca...@univ-rouen.fr] > Gesendet: Donnerstag, 1. Oktober 2009 17:51 > An: Stefan Michalsky > Betreff: Re: [Samba] PDC witch LDAP and machine account lookup > > Stefan Michalsky a écrit : > >> Hey all, >> >> i do have the following problem: i set up a PDC with Samba with an LDAP >> backend. Everything works fine but the machine account lookup. If i try to >> logon to the domain i have to create the machine account in >> ou=People,dc=testing,dc=de. Everything works fine with this. But if i >> > create > >> the machine account in ou=Computers,dc=testing,dc=de and change all >> > suffixes > >> according to this the search performed looks like this in slapd log file: >> >> Oct 1 15:42:59 [slapd] conn=908 op=4 SRCH >> > base="ou=People,dc=testing,dc=de" > >> scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=farbwahl06$))"_ >> >> So where is the mistake? I found some forum posts but all with no answers. >> Is it a configuration issue or a software problem? >> >> Thanks >> >> Stefan >> >> > Hi, > > Are you sure that your "ldap machine suffix" is changed to "ldap > machine suffix = ou=Computers" ? > > Can you show your smb.conf when you want to have machine account in > ou=Computers ? > > Regards, > Bruno > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC witch LDAP and machine account lookup
Hey Bruno, it seems that the problem is something else. I tested on one computer (farbwahl06 - WinXP Pro Client) most of the time. But i have another machine to test (farbwahl04 - WinVista client). I moved the machine account for farbwahl04 from People to Computers and everything works fine. So i tried all variants for farbwahl06 (account in People and Computers, changed suffixes and so on) and the machine account for farbwahl06 seems to be broken. I tried to create a new one, but this doesn't help too. So how do you create machine accounts? Perhaps i am missing something. Adding machine accounts automatically doesn't work too by the way. The Samba server is a gentoo (Linux version 2.6.23-hardened-r12). Please find attached my smb.conf (farbwahl04 is working with this) >>> [global] dos charset = 850 unix charset = ISO8859-1 workgroup = TEST-DOMAIN interfaces = eth0 map to guest = Bad User passdb backend = ldapsam:ldap://localhost username map = /etc/samba/smbusers log level = 10 log file = /var/log/samba/log.%m max log size = 5 add user script = /usr/sbin/smbldap-useradd -a -d '/home/%u' -m -g 'Domain Users' '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd '%g' && /usr/sbin/smbldap-groupshow %g|awk '/^gidNumber:/ {print $2}' delete group script = /usr/sbin/smbldap-userdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w -d /dev/null -g 'Domain Computers' -c 'Machine Account' -s /bin/false '%u' logon path = \\%L\Profiles\%U logon drive = w: logon home = \\%L\%U logon script = logonscripts\%U domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=smbadmin,ou=People,dc=testing,dc=de ldap group suffix = ou=Groups ldap idmap suffix = cn=Idmap ldap machine suffix = ou=Computers ldap suffix = dc=testing,dc=de ldap user suffix = ou=People winbind separator = # winbind use default domain = Yes hosts allow = 192.168.2. [homes] comment = Home Directories valid users = %S read only = No browseable = No [netlogon] comment = Network Logon Service path = /home/__netlogon__ admin users = root read only = No browseable = No preexec = /home/__netlogon__/genlogon.pl %U %m [Profiles] comment = For Windows Profile path = /var/lib/samba/profiles/%U read only = No profile acls = Yes browseable = No create mask = 0600 directory mask = 0700 [public] path = /home/__public__ force user = public force group = public read only = No [sharehome] path = /home/share read only = No [sharesrc] path = /usr/src read only = No [backup] comment = The folder for backups path = /home/backup force user = backupexternal force group = backup read only = No guest ok = Yes [Projekt_A] comment = For the Project A path = /home/projekt_a directory mask = 0770 force group = Projekt A force create mode = 0770 force directory mode = 0770 read only = No guest ok = No browsable = No hide unreadable = Yes read list = @projekt_a_read <<< Kind regards, Stefan -Ursprüngliche Nachricht----- Von: Bruno MACADRE [mailto:bruno.maca...@univ-rouen.fr] Gesendet: Donnerstag, 1. Oktober 2009 17:51 An: Stefan Michalsky Betreff: Re: [Samba] PDC witch LDAP and machine account lookup Stefan Michalsky a écrit : > Hey all, > > i do have the following problem: i set up a PDC with Samba with an LDAP > backend. Everything works fine but the machine account lookup. If i try to > logon to the domain i have to create the machine account in > ou=People,dc=testing,dc=de. Everything works fine with this. But if i create > the machine account in ou=Computers,dc=testing,dc=de and change all suffixes > according to this the search performed looks like this in slapd log file: > > Oct 1 15:42:59 [slapd] conn=908 op=4 SRCH base="ou=People,dc=testing,dc=de" > scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=farbwahl06$))"_ > > So where is the mis
[Samba] PDC witch LDAP and machine account lookup
Hey all, i do have the following problem: i set up a PDC with Samba with an LDAP backend. Everything works fine but the machine account lookup. If i try to logon to the domain i have to create the machine account in ou=People,dc=testing,dc=de. Everything works fine with this. But if i create the machine account in ou=Computers,dc=testing,dc=de and change all suffixes according to this the search performed looks like this in slapd log file: Oct 1 15:42:59 [slapd] conn=908 op=4 SRCH base="ou=People,dc=testing,dc=de" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=farbwahl06$))"_ So where is the mistake? I found some forum posts but all with no answers. Is it a configuration issue or a software problem? Thanks Stefan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba