Re: RE [Samba] smbldap-useradd -w won't create machine account
Le Wed, Apr 02, 2008 at 06:36:43PM +0200, Hector Blanco a ecrit: > The thing is that the machine is properly created, but the Samba parts > doesn't appear. Is like if smbldap-adduser worked only "partially" :S smbldap-useradd should not add any samba attributes. Samba itself will do the job when joigning the domain with a priviledge account. For that, you can have a look at http://download.gna.org/smbldap-tools/docs/samba-ldap-howto/#htoc67 -- Jérôme Tournier GPG key ID (pgp.mit.edu): 75FE0A51 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba/LDAP Question
Hi, just one idea: have you configured nss_ldap to resolve account in ou=Computers ? ie, in /etc/ldap.conf, have you the 2 lines: nss_base_passwd ou=Users,..?sub nss_base_passwd ou=Computers,..?sub If not, add ou=Computers and remove any nscd cache before re-trying. -- Jérôme On Mon, Feb 4, 2008 at 4:33 PM, Frank J. Pellegrino <[EMAIL PROTECTED]> wrote: > We have just setup Samba 3.0.28 with LDAP support. We are using a Sun One > 5.2 LDAP server. > > We are having a problem when a new machine joins the domain. > Here is a snippet of our smb.conf file >add machine script = /usr/local/sbin/smbldap-useradd -w "%m" >ldap machine suffix = ou=computers >ldap user suffix = ou=People > > When a new machine attempts to join the domain a new entry is created in > ou=computers as expected. This entry has only the posixAccount information > and no Samba info. However, the machine reports that it failed to join the > domain. Log entries on both samba and LDAP tell me that after the entry is > created, samba is trying to find that entry in ou=people instead of > ou=computers. > > Attempting to add the machine again gives us an error that the machine > already exists. > > I modified smbldap-useradd to include the sambaSamAccount information when > the entry is created. The first attempt to join the domain still fails, > however trying again succeeds. > > In another test, I removed the modifications from smbldap-useradd and > modified the smbldap.conf file so that it thought the machines container > was ou=people. With this change the new machine was able to join the > domain on the first try. The problem here is that we don't want the > machines mixed in with the users. > > So from this I determined that after creating the new entry for the > machine, Samba then goes and looks for that entry in ou=people instead of > ou=computers. My guess is that there is a bug in the code that looks at > the wrong configuration entry. > > I have tried looking through the C code on my own. I'm only familiar with > C so I haven't made as much progress as I'd like. > > Is this a known bug? Is it possible that we have a configuration wrong > somewhere? > > Can anyone point me to the correct C file so I can try and fix this? > > I'd appreciate any help I can get. > > Thanks. > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- Jérôme -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with samba+openldap with regard changing passwords from windows
Le Mon, Feb 18, 2008 at 02:39:21PM +, Alan Goodman a ecrit: > I did smbldap-show alan and among other information the line: > sambaPwdCanChange: 0 appeared. > > From my understanding if I do smbldap-usermod -A0 -B0 alan that line should > then be changed to have a value of 1 allowing users to change passwords > from their windows logins No. sambaPwdCanChange is the Timestamp of when the user is allowed to update his password. A value of 0 let hime change his paswword since 01/01/70. This value (0) is then what you need. > appear to be changing these values at all and thus im left with manually > smbldap-passwd user to change each persons passwords (which does work) > > If someone could let me know which logs you require and how to obtain them > I would be happy to post them up here. I don't have an answer, but you could have a look at that: http://lists.samba.org/archive/samba/2008-February/138426.html -- Jerome Tournier GPG key ID (pgp.mit.edu): 75FE0A51 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldap passwd sync not working
Le Wed, Feb 13, 2008 at 11:25:41PM -0200, Fabiano Caixeta Duarte a ecrit: > I assume that your ldap sync passwd is enough (like I wanted to) because > smb.conf tells us that passwd chat is not used if unix password sync is set > to no. > > passwd chat (G) > Note that this parameter only is only used if the unix password sync > parameter is set to yes. You must effectively be right. I'll try this evening to be sure. > and it sort of worked. Both samba and unix passwords were changed, but > users get a message telling they don't have permission to change passwords. > In addition, it takes too long since user try the operation until system > respond. Isn't it related to the workstation ? Have you tried with another ? Have you informations in Samba log ? Have you try 'access to * by * write' in slapd.conf (don't think it come from here as passwords are changed, but maybe users don't have write access to attributes such as shadowLastChange) ? > Could you post (or send me in PVT) your smb.conf. I think this will help a > lot. Please inform either the version of OS, samba and openldap. I tried on CentOS release 4.6 (Final) samba-3.0.25b-1.el4_6.4 openldap-servers-2.2.13-8.el4_6.2 smbldap-tools-0.9.5-pre4 (but changing password work with latest packages) > I'm using FreeBSD 6.3 in both samba and openldap servers, Samba 3.0.26a and > openldap 2.3.38. Not using PAM. Don't think PAM matter here. My smb.conf: # Global parameters [global] workgroup = DOMSMB netbios name = PDC-SRV security = user enable privileges = yes server string = Samba Server %v encrypt passwords = Yes unix password sync = No ldap passwd sync = Yes passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n" #passwd chat debug = Yes log level = 0 syslog = 0 log file = /var/log/samba/log.%U max log size = 10 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 logon script = logon.bat logon drive = H: logon home = logon path = domain logons = Yes domain master = Yes os level = 65 preferred master = Yes wins support = yes passdb backend = ldapsam:ldap://127.0.0.1/ ldap admin dn = cn=Manager,dc=company,dc=com #ldap admin dn = cn=samba,ou=DSA,dc=company,dc=com ldap suffix = dc=company,dc=com ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers #ldap idmap suffix = ou=Idmap add user script = /usr/sbin/smbldap-useradd -m "%u" #ldap delete dn = Yes delete user script = /usr/sbin/smbldap-userdel "%u" add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" #delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' # printers configuration printer admin = @"Print Operators" load printers = Yes create mask = 0640 directory mask = 0750 #force create mode = 0640 #force directory mode = 0750 nt acl support = No printing = cups printcap name = cups deadtime = 10 guest account = nobody map to guest = Bad User dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd show add printer wizard = yes ; to maintain capital letters in shortcuts in any of the profile folders: preserve case = yes short preserve case = yes case sensitive = no template shell = /bin/false winbind use default domain = no [netlogon] path = /home/netlogon/ browseable = No read only = yes -- Jerome Tournier GPG key ID (pgp.mit.edu): 75FE0A51 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldap passwd sync not working
Le Thu, Feb 14, 2008 at 09:33:49AM +0100, Jerome Tournier a ecrit: > Le Wed, Feb 13, 2008 at 11:25:41PM -0200, Fabiano Caixeta Duarte a ecrit: > Have you try 'access to * by * write' in slapd.conf (don't think it come > from here as passwords are changed, but maybe users don't have write access > to attributes such as shadowLastChange) ? Oups, users don't need to have write access to shadowLastChange is run as root. But maybe you can try -- Jérôme -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldap passwd sync not working
Le Tue, Feb 12, 2008 at 09:44:01AM -0200, Fabiano Caixeta Duarte a ecrit: > Hi, there! > When my XP users try to change passwords, they get a message saying that > password has been changed. That's not true! I can confirmed you that the following configuration work for me: unix password sync = No ldap passwd sync = Yes passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n" If you have not set the last directive, you should do: 'smbldap-password' does not prompt you the same way as 'passwd' for example. You sould also be careful to not add space or other caracter. -- Jerome Tournier GPG key ID (pgp.mit.edu): 75FE0A51 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap-passwd fails
Hello which smbldap-tools'vesion ? What do you have defined for hash_encrypt parameter in smbldap.conf ? -- Jerome On 11/9/07, Bernhard D Rohrer <[EMAIL PROTECTED]> wrote: > Hi folks > > I am getting this error: > > [EMAIL PROTECTED]:/home/admin# smbldap-passwd testuser > Changing UNIX and samba passwords for testuser > New password: > Retype new password: > I cannot generate the proper hash! > > uncle google was rather quiet on the subject :( > > what do you need config file wise? > > thanks > > Bernhard > > -- > Graylion's Fetish & Fashion Store > Goth and Kinky Boots, Clothing and Jewellery > http://www.graylion.net > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- Jérôme -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap-useradd problem
Hi, which version of the smbldap-tools are you using ? Have you check your configuration files ? Have you include samba schema to slapd.conf definition ? Are you sure you don't have ACL access problem ? -- Jerome On 9/26/07, Frank Van Damme <[EMAIL PROTECTED]> wrote: > Dear list, > > Arghl! (I'm sure you know the feeling). > I'm still hooked on Samba by example, and trying to add users to my ldap tree. > > $ smbldap-useradd -m -a ldaptest2 > Can't call method "get_value" on an undefined value at > /usr/sbin/smbldap-useradd line 197 > > The documentation of the smbldap scripts mentions this sort of error > (albeit with a different line number). Two possible problems are > proposed: > 1. the default group defined in smbldap.conf does not exist (the one > with defaultUserGid 513) > 2. the NT "Domain Users" group is not mapped to a unix group of rid 513 > > => I checked both. The group exists, it's called "Domain Users", I can > chgrp a file on the samba/ldap system to 513 and ls -l shows it's > owned by Domain Users. > > => $ net groupmap list > shows thet "Domain Users" is linked to a group called "Domain Users" > (which makes sense). > > If I leave the option -a of smbldap-useradd, the command completes > with no error but off course my new user isn't a Windows user then > (pretty useless). So it's not an LDAP permissions issue since the > object /is/ created. (Why can't this script be a bit more verbose?) > > -- > Frank Van Damme A: Because it destroys the flow of the conversation > Q: Why is it bad? > A: No, it's bad. > Q: Should I top post in replies to mails or on usenet? > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- Jérôme -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows XP - Userid in the Start Menu
Hello, can you please try the latest smbldap-tools-0.9.4 (http://download.gna.org/smbldap-tools/packages/). The displayname attribute was updated for this. Let me know if it help you. -- Jerome On 9/24/07, Renato Loffreda <[EMAIL PROTECTED]> wrote: > I am running smbldap-tools-0.9.1-1 and samba-3.0.23c-2.el5.2.0.2 on > Centos 5 as a PDC. > > This is a problem that I have had for now 3 years on my first PDC > running on RH AS4. > > Here is the problem. > > I login from my workstations running Win XP, I then click on the Start > Button (bottom Left). The very top of the popup window displays the > fullname of the user (i.e. first, initial and lastname). > > After some time, the fullname gets replaced my the userid. > > How do I stop this from happening? > > Thanks > > Renato > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- Jérôme -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] file not found on cifs mount
Hello, i currently have this problem: i have a samba server acting as a fileshare. One share contain a file "test.txt". My problem : 1) on the linux client: i mount the share using mount.cifs 2) on the linux client: the file can be seen: [client:root] > ls -l /mnt/test.txt -rw-r--r-- 1 root root 0 Sep 21 13:54 /mnt/test.txt 3) on the samba server: i delete the file 4) on the linux client: the file can't be seen anymore => ok [client:root] > ls -l /mnt/test.txt ls: /mnt/test.txt: No such file or directory 5) on the samba server: i create the same file [master:root] > touch test.txt 6) on the linux client: the file still can't be found: [client:root] > ls -l /mnt/test.txt ls: /mnt/test.txt: No such file or directory Is this normal ? I this related to a inode cache table ? If yes, how can i make this to work ? 7) on the linux client: doing a 'ls' on the mount point show me the file [client:root] > ls -l /mnt/ -rw-r--r-- 1 root root 0 Sep 21 13:54 /mnt/test.txt ... 8) now the 'ls' on the file is correct [client:root] > ls -l /mnt/test.txt -rw-r--r-- 1 root root 0 Sep 21 13:54 /mnt/test.txt Any suggestions ? NB: using smbfs don't show this problem Thanks ! -- Jérôme -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] cifs module and nocase option
Hello all, I have a question about the cifs module. I need to mount cifs mounts from Linux clients to a Samba 3.0.22 fileshare. I then use the cifs module to mount the share. My problem is that i need path and filenames to be case insensitive from the client part. Solutions i found are: 1) use 'unix extensions = no' in smb.conf 2) execute 'echo 0 > /proc/fs/cifs/LinuxExtensionsEnabled' in the cifs client Both solutions are not perfect for me as i lost unix extensions. Only case insentitivity is required for me. I then found the 'nocase' option in cifs kernel module ('Request case insensitive path name matching' as said in the README), but it does not look to work: i have the same problems as reported here: https://bugzilla.samba.org/show_bug.cgi?id=4614 Is there a way to have case insensitivity for cifs client ? Is there another solution ? btw, do someone know how long smbfs will be present in the kernel ? Thanks ! -- Jérôme -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbldap-tools project
Hello ! The smbldap-tools project has moved and is now available on https://gna.org/projects/smbldap-tools/ This project will not be available anymore on sourceforge or idealx.com. A new mailing list has been created on https://mail.gna.org/listinfo/smbldap-tools-tech/ I'll receive all mail sent to [EMAIL PROTECTED] for a while, but you a encourage to unsubscibe to this list as soon as possible, and subscribe to the new mailing list: https://mail.gna.org/listinfo/smbldap-tools-tech/ The next version 0.9.3 will be out in the next days. A pre-release 0.9.3pre2 is available in the download page http://download.gna.org/smbldap-tools/ I'll update the new site and documentations as soon as possible. Please sent any comments, reports, bugs,... on the new mailing list. -- Jérôme Tournier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] default printer's option configuration
Hello, I have a samba server acting as a printer server allowing clients to use printer's drivers. I'm using contrustor drivers. I defined the printer driver with "setdriver" commande. Every thing is fine exept one application (forms) that crashes when it tried to get default printer's options. So if i set the default printer's options, whatever are the values (http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/classicalprinting.html#id2587663), the application can run and print. But this must be done from a Windows workstation. So my question is: is there a way to do this with rpcclient or something else directly on the server ? Have you example of such a command ? Thanks. -- Jerome This email is solely intended to the addressees and contains confidential information. Unless stated, the opinions and comments written down in this document are the sender's property and not the official vision of our Group. If you receive this email in error, please notify us by sending it back immediately to the email address of the sender and then please delete it from your own system. Please don't copy, use or forward the content of this document and its attachments to another person for any reason. Thank you for your understanding. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] "passwd program" directive and windows
Hello, Users on our domain can change their password because of the "passwd program" directive in smb.conf The script called by this program only update user's passwords. I would like to add security for the choosen passord, ie i would like to add control on the number of upper case, lower case, digit... This is not a problem. I'd like to know: if the passord is not conformed with the policy, is there a way to return to the windows's user a popup to tell him that there's one upper case missing, or ... If this is not possible, is there a way to just tell him that security policy is not reached ? Thanks -- Jerome This email is solely intended to the addressees and contains confidential information. Unless stated, the opinions and comments written down in this document are the sender's property and not the official vision of our Group. If you receive this email in error, please notify us by sending it back immediately to the email address of the sender and then please delete it from your own system. Please don't copy, use or forward the content of this document and its attachments to another person for any reason. Thank you for your understanding. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can't open/create local group with usrmgr
Le Wed, Oct 26, 2005 at 12:30:06PM +0700, yaya a ecrit: > When I do it as root, the usrmgr message: > The following error occured creating the local group Staffs: > Access is denied. > I installed Samba with ldap backend and applying IDEALX. I need to > create/manage users and groups with usrmgr. Did you tried setting priviledge to the "Domain Admins" group (for example), and then tried to use a member of this group ? . smbldap-usermod -G +512 adminuser . "enable privileges = yes" in smb.conf . net -U root%XXX rpc rights grant 'SMB-DOM\Domain Admins' SeMachineAccountPrivilege -- Jérôme This email is solely intended to the addressees and contains confidential information. Unless stated, the opinions and comments written down in this document are the sender's property and not the official vision of our Group. If you receive this email in error, please notify us by sending it back immediately to the email address of the sender and then please delete it from your own system. Please don't copy, use or forward the content of this document and its attachments to another person for any reason. Thank you for your understanding. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows cache session used while PDC reachable
Hello, i've aleady asked this question, but i still have the problem and found no solution : I'm using samba3.0.7 (RedHat AS3U4) and get the following behavior: 1) i have a win2000 workstation on my samba server with an account created. 2) i can log on the workstation. Windows cache session is enable (i can't change this). 3) i change the account password of the user directly on the server (with smbldap-passwd for example) 4) i log on the workstation with the old password (which is wrong now) 5) connection succeeded (with windows cache session i imagine), but the sambabadpasswordcount is set to 5 ! How can this happend ? I thought that the cache session was used by Windows only when the domain controller can't be reached, am i wrong ? Why sambabadpasswordcount could jump from 0 to 5 ? Is they a way to resolve this ? Thanks a lot. -- Jerome -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows cache session used while PDC reachable
Hello, i'm using samba3.0.7 (RedHat AS3U4) and get the following behavior: i have a workstation on my samba server with an account user1 created. I can log on the workstation. Windows cache session is not disabled. If i change the account password of user1 on the server (with smbldap-passwd for example) and whant to log on with the old password, it succeeded because of the cache session on Windows. I thought that the cache session was used by Windows only when the domain controller can't be reached, am i wrong ? Is they a way to resolve this ? Thanks a lot. -- Jerome -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: net rpc rights command
Le Thu, Aug 25, 2005 at 11:38:08PM +0200, Andreas Bauer a ecrit: > But there is following error running the net rpc command: > amd:~ # net rpc rights grant testuser10 SeMachineAccountPrivilege > Password: > Could not connect to server 127.0.0.1 > The username or password was not correct. you should use the root account, for ex: net -U root%XXX rpc rights grant testuser10 SeMachineAccountPrivilege (with XXX the root's password) or, if the root account is not a samba account, any member of the gidNumber=512 group. -- Jerome -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net rpc rights command
Le Thu, Aug 25, 2005 at 02:58:30AM +0200, Andreas Bauer a ecrit: > I thought "enables privileges = Yes" is the rigth entry in smb.conf? try "enable" instead of "enables". -- Jerome -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap-useradd
Le Thu, Jul 07, 2005 at 08:48:19AM +0200, Tony Earnshaw a ecrit: > smbpasswd is a binary that works fine with LDAP and changes both Unix > (in LDAP the userPassword attribute) and Windows passwords - I use it > myself in shell scripts. smbldap-passwd is a script without the same > functionality. both smbpasswd and smbldap-passwd can be used. Smbldap-passwd can change both unix password and Win32 passwords. You can use for example echo -e 'password\npassword' | smbldap-passwd user -- Jerome -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] rpc trust gives WksQueryInfo call failed
Le Tue, Jun 28, 2005 at 08:46:20AM +0200, Gerald (Jerry) Carter a ecrit: > would you send me a level10 debug log from the net client and a > raw ethereal trace? Thanks. Well, i found the problem reading this bugzilla page: https://bugzilla.samba.org/show_bug.cgi?id=2438 I tested the proposed patch and i was then able to make the trust relation. The problem is that we can't patch samba because of redhat support :-( As the bug report talk about restrictanonymous, i asked a NT administrator to look at the following parameter : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous. It was set to 1. When changed to 0 (with a reboot), all work fine. We'll then keep this solution ... Thanks for your support :) -- Jerome -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba-ldap and cyrillic
Hi all, i installed a new linux with russian support. I now want to configure Samba and OpenLDAP, but i have many problems for users and groups accounts. Can i create a user account with cyrillic caracter (as i can on Windows) ? It looks that i can't as memberUid attribute need to be in ASCII mode. So how do russian people do ? I imagine that they use cyrillic caracter for their login name, but how can they use samba and ldap to authenticate ? Thanks for any tips ! -- Jerome -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question to the Samba-Developer
Le Wed, Apr 27, 2005 at 03:59:51PM +0200, Holger Wesser a ecrit: > add group script = /usr/local/sbin/smbldap-groupadd -p "%g" > by default, it creates a global group. So is there a variable available, > that specifies the type of group? You can use the -t option of smbldap-groupadd. Available values are: -t group type set the NT Group type for the new group. Available values are 'domain' (group type 2), 'local' (group type 4) and 'builtin' (group type 5). The default group type is "domain" (type 2). Note that actual documentations are wrong. The value mus be domain, local or builtin (not 2, 4 or 5). -- Jerome -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap-tools Perl error (FreeBSD)
Le Wed, Apr 27, 2005 at 01:05:05PM +0200, Per olof Ljungmark a ecrit: > Bareword "print_banner" not allowed while "strict subs" in use at > /usr/local/sbin/smbldap-useradd line 43. > Execution of /usr/local/sbin/smbldap-useradd aborted due to compilation > errors. at the beginning of smbldap_tools.pm, do you have the print_banner function declared ? Like this : @EXPORT = qw( get_user_dn get_group_dn ... print_banner %config ); -- Jerome -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problem with smbldap-usermod for SOME users
Le Thu, Mar 10, 2005 at 04:21:13PM +0100, Heupink, Mourik Jan C. a ecrit: > hostname:~ # smbldap-usermod -B1 user1 > Use of uninitialized value in pattern match (m//) at > /usr/local/sbin/smbldap-usermod line 355, line 283. Can you test the attached patch please. -- Jerome --- smbldap-usermod.orig2005-03-10 18:13:16.493374521 +0100 +++ smbldap-usermod 2005-03-10 18:13:00.920550833 +0100 @@ -352,7 +352,7 @@ if (defined($tmp = $Options{'B'})) { # . the attribut sambaAcctFlags must not match the 'X' flag my $_sambaAcctFlags; my $flags = $user_entry->get_value('sambaAcctFlags'); - if ( $flags =~ /X/ ) { + if ( defined $flags and $flags =~ /X/ ) { my $letters; if ($flags =~ /(\w+)/) { $letters = $1; -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba-LDAP PDC, problem with smbldap-tools
Le Thu, Feb 24, 2005 at 09:03:20AM +0100, sania maro a ecrit: > failed to add entry: modifications require > authentication at /usr/local/sbin/smbldap-populate did you also configured smbldap_bind.conf ? Did you check that the account defined in this file has write access to the directory ? -- Jérôme -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap problem
Le Wed, Feb 23, 2005 at 08:48:52AM -0300, Márcio Luciano Donada a ecrit: > "Error: modifications require authentication at" What's this problem? The problem is that you need to configure the smbldap-tools to set a account to bind to the directory. The configuration file is smbldap_bind.conf -- Jérôme -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP and memberUid in Domain Users
Le Thu, Jan 27, 2005 at 10:41:24AM +0100, Randy Starr a ecrit: > Using usrmgr.exe I have small problem with memberrUid field. When I add new > user to a domain, the memberUid field with the name of this users is added > to Domain Users. But when I delete this user, the memberUid field with his > name isn't removed from Domain Users. I think that is a small bug in samba, > because, when I use smbldap-userdel from command line, the field is removed. > Can anybody confirm or negate this information. For the first time I > thought, that is a problem with access in LDAP, but I analysed openldap > log, and didn't find any error. Do you have the following entries in smb.conf : -=-=-= delete user script = /usr/local/sbin/smbldap-userdel "%u" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" -=-=-= ? -- Jérôme -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem joing domain with samba3
Hello, i am actually working on samba 3.0rc2 (with OpenLDAP) and i have problems joigning a workstation to the domain. With samba 2.2, a user could be in the NT "Domain Admins" group if he was a member of the unix group that has a gid=512. This user could then join any windows workstation with his account. How can we do this now with samba 3.0 ? When i tried to create a mapping group with the following command $ net groupmap add ntgroup="Domain Admins" unixgroup=ntadmin i can see that modifications are ok (modifications are done in the directory) : > [EMAIL PROTECTED] samba]# net groupmap list > Domain Admins (S-1-5-21-2164124757-1843210704-924125028-3001) -> ntadmin but any member of the "ntadmin" group can't make a workstation joigning the +domain; only a user that has an uid=0 can (or a user called root). Is this a feature or not ? Does this is planed to be modified or not ? I have the same question for printer administrators. I map the unix group printadm as this: $ net groupmap add ntgroup="Print Operators" unixgroup=printadm $ net groupmap list > Domain Admins (S-1-5-21-1332624008-131130509-4129472247-3001) -> admin1 > Domain Admins (S-1-5-21-1332624008-131130509-4129472247-2025) -> admin2 > Print Operators (S-1-5-21-1332624008-131130509-4129472247-3003) -> printadm and add the directive in smb.conf: > printer admin = @printadm but any member member of the unix group printadm can't add a samba printer. Did i forgot something ? btw, do we need to have a sambaSID for the ntadmin group to end with "-512", or is does not matter (i suppose that it does not matter, but i prefer to be sur) ? Thanks for any precisions. -- Jérôme -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba