Re: [Samba] More Domain Groups
hi, Red Hat Enterprise Linux ES 2.1 Samba 2.2.7 OpenLDAP 2.0.25 Samba 3.0 - it will solve your problem with domaingroups! greetings, thomas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Authen in LDAP with samba and squid
hi, Can I config samba to authen with userPassword attb? no, because userPassword is the password of the posixuser but there are 2 another solutions: 1st: use smb_auth at squid - authenticates you against an (samba-)pdc 2nd: enable password sync in smb.conf - so, ntPassword and userPassword will store the same pwds! good luck greetings thomas reisenbichler -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba+LDAP PDC - A few questions.
hi kevin, 1). How do I/Can I script the installation of a generic password into these accounts? I'm looking to put some common password in for all users and then allow the users to change it once they log into the new server/domain. I don't see a method of doing so with 'smbldap-passwd.pl'. write your own shellscript that uses smbldap-useradd.pl, add the features you need and use this script to create user! 2). I used the following command to add all of my users to the LDAP Directory: 'smbldap-useradd.pl -a -m -A 1 -G group1,group2 username' This successfully created the users, their home folders and placed them in their groups, but it did not change the value for pwdCanChange in the LDAP directory, as shown by 'smbldap-usershow.pl'. I want the users to be able to change their own passwords - at any time - is there something I did wrong when creating the user account? sorry, but i don't know smbldap-useradd.pl - i wrote my own admintools! 3). I want every user's password to expire on a 90-cycle. I think I see a slot in the LDAP directory for such an option - pwdMustChange, but by default is set to a huge number - 2147483647. First, what number does that represent? Seconds? Minutes? Days? Months? I've watched it for the past week and it hasn't changed. Which leads me to my next question, will changing this number to O actually cause the respective password to expire? Will setting this number to 90 (or what ever representation needed) allow a 90 day cycle? If not, what must I do to have this 90 day cycle? this number is a unix timestamp - the seconds since 1.1.1970! the solution is: enable passwordsync and as program use a shellscript that creates the timestamp (90 days are 7776000 seconds) and insert this with ldapmodify into the attr pwdMustChange of the user! - let DAYINFUTURE=$(/bin/date +%s)+7776000 4). By default, there are fields in the directory for displayName and description that are both set to System User. Can I change either/both (at least description) to what ever I want while creating the user account? I couldn't find a switch in 'smbldap-useradd.pl' to allow that. I guess I could script it using 'smbldap-usermod.pl', but would prefer it to be done as one step. sorry, but once again: i don't know smbldap-useradd.pl - i wrote my own admintools and they do what i want ;-) i hope it was a little help greetings thomas reisenbichler -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Problem with Samba PDC and WIN2000
I experienced troubles (not solved yet) while joining a domain with a W2K server. i've 2 w2k-server joined as member of my samba2.2.5.a-ldap-domain and it worked without problems! i joined them with the acctFlags [W ] and not with [S ]! lg thomas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd problem with LDAP
hi, maybe it's your problem: man smbpasswd ! -U username This option may only be used in conjunction with the -r option. When changing a password on a remote machine it allows the user to specify the user name on that machine whose password will be changed. It is present to allow users who have different user names on different systems to change these passĀ words. try the following steps: * login as root on the samba-ldap-pdc * type in: smbpasswd USERNAME-) without the -U switch try it! may i'm wrong, but i dont believe lg thomas Hello, I have installed / configured samba-ldap (compiled SAMBA_2_2 from CVS) Whe i try to change the password for the root user, there is no problem. If i try to change the password of an ordinary user, i get the error: nas:~# smbpasswd -U william New SMB password: Retype new SMB password: No user to modify! Password changed for user william. Failed to modify entry for user william. Failed to modify password entry for user william Ok, so i ran it with debugging on: -- CUT -- load_unix_unicode_map: ISO8859-1 (init_done=0, override=0) load_unicode_map: loading unicode map for codepage ISO8859-1. New SMB password: Retype new SMB password: ldap_open_connection: starting... Initializing connection to localhost on port 389 ldap_open_connection: connection opened ldap_connect_system: Binding to ldap server as cn=root,ou=hasselt.be,o=hasselt,c=be ldap_connect_system: succesful connection to the LDAP server ldap_search_one_user: searching for:[((cn=william)(objectclass=sambaAccount))] get_single_attribute: [uid] = [william] Entry found for user: william -- CUT -- Here we see that the correct user was found... But then: -- CUT -- get_single_attribute: [pwdLastSet] = [1] get_single_attribute: [logonTime] = [0] get_single_attribute: [logoffTime] = [0] get_single_attribute: [kickoffTime] = [0] get_single_attribute: [pwdCanChange] = [0] get_single_attribute: [pwdMustChange] = [0] get_single_attribute: [cn] = [william] get_single_attribute: [homeDrive] = [does not exist] homeDrive fell back to get_single_attribute: [smbHome] = [does not exist] Home server: NAS smbHome fell back to \\NAS\william get_single_attribute: [scriptPath] = [does not exist] scriptPath fell back to get_single_attribute: [profilePath] = [does not exist] Home server: NAS profilePath fell back to \\NAS\william\profile get_single_attribute: [description] = [does not exist] get_single_attribute: [userWorkstations] = [does not exist] get_single_attribute: [rid] = [500] get_single_attribute: [primaryGroupID] = [512] init_sam_from_ldap: User [william] does not ave a uid! ldap_open_connection: starting... Initializing connection to localhost on port 389 ldap_open_connection: connection opened ldap_connect_system: Binding to ldap server as cn=root,ou=hasselt.be,o=hasselt,c=be ldap_connect_system: succesful connection to the LDAP server ldap_search_one_user: searching for:[((cn=)(objectclass=sambaAccount))] No user to modify! Password changed for user william. Failed to modify entry for user william. Failed to modify password entry for user william -- CUT -- Here we all notice that it connect's again to the ldap and then searches for [((cn=)(objectclass=sambaAccount))]. cn= does not exist and thus return no users. Why doesn't smbpasswd put cn=william in there ??? Does anyone know a solution to this problem ??? Greetings, --- Tom Palmaers -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba --- marcel beltz beltz.infoemail: [EMAIL PROTECTED] am mittleren moos 48 fon: +49 177 736 787 1 86167 augsburg ++ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba-ldap-pdc
hi, I have a problem with samba-ldap-pdc. I am using debian woody with samba 2.2.3a and openldap 2.0.23-6. Everything works fine when loggin onto the domain when using windows 98se. But when i try too add a windows 2000 computer to the domain it says this in the logfiles : [2002/11/05 15:46:29, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: User [pc-marco$] does not ave a uid! could it be that you haven't created a workstationaccount for the w2k-box? But I do know that samba works pdc works and ldap works. Cause windows 98 has no problems and logs nicely in. w98 doesn't need a ws-account because the networkfunctionallity is different then the one of nt, w2k or xp! lg thomas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba-ldap-pdc
hi martijn, which rid does the client have? -) i had similar problems at testing the system, but i found out that i had to set the rid like the following formula: rid = (uidNumber * 2) + 1000 don't ask me why, but (in my case) it works without any problems since those modifications! lg thomas Hi Thomas, Thanks for your response. But the computer has got a trusted account for sure. Logfile show me that authentication is done, and the trusted account is found. But it keeps saying User[pc-marco$] does not ave a uid. But when I look into the ldap-dir it has a uid for sure. Greets, Martijn On Wednesday 06 November 2002 13:30, you wrote: hi, I have a problem with samba-ldap-pdc. I am using debian woody with samba 2.2.3a and openldap 2.0.23-6. Everything works fine when loggin onto the domain when using windows 98se. But when i try too add a windows 2000 computer to the domain it says this in the logfiles : [2002/11/05 15:46:29, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: User [pc-marco$] does not ave a uid! could it be that you haven't created a workstationaccount for the w2k-box? But I do know that samba works pdc works and ldap works. Cause windows 98 has no problems and logs nicely in. w98 doesn't need a ws-account because the networkfunctionallity is different then the one of nt, w2k or xp! lg thomas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] with ldap - samba - password sync - domain group map
hello! so may passwd-chat line is as follows: passwd chat = *New\spassword:* %n\n *Re-enter\snew\spassword:* %n\n . note the asterisk and dot (i haven't really understood now what the dot means, but the asterisks match anything, and maybe the blank (\s) between passwd: and %n is just no plain blank but something different. ok, i moved the passwdchat to following line: passwd chat = *New*\spassword:*\s* %n\n *Re-enter*\snew*\spassword:*\s % n\n *Result:*\sSuccess*\s(0)\n . and the log tells: expect: expected [*New* password:* *] received [New password: ] match no whats going wrong on my system? since last mail i made a new server with samba 2.2.4, but compiled it myself (so i know whats going on ;-) ). the situation doesn't change! could it be that i need an additionally package or anything similar? thanks and lg thomas reisenbichler -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] with ldap - samba - password sync - domain group map
my solution (found in some ldap-samba-pdc-howto) was to set the pwdMustChange to 2147483647 (which is far in the future: 2030 or something) thank you very much! your solution solved this problem. 2. the unix password sync doesn't work. but i think there are two different problems, but let me describe: if i activated the password sync, i got on you have to set the password chat to something that reflects your systems password chat (no na) i knew it - (no na) ;-) my heavy situation is, that the chat expects [New password: ] and receives [New password: ] , but it says no match following row is from the log: expect: expected [New password: ] received [New password: ] match no this is my problem! is there a bug or is my config faulty: passwd chat = New\spassword:\s %n\n Re-enter\snew\spassword:\s %n\n Result:\sSuccess\s(0)\n passwd program = /etc/ldappwdsmb %u the programm ldappwdsmb is a script which calls ldappasswd as root! would it be possible to send me your configfiles to compare with mine? in my opinion, there's only one little mistake that let the sync crash! 3. the domain group map doesn't work! i found a lot of descriptions about i have not tried this yet, but i think that 2.2.3a does not supprt domain-group-mapping (but 2.2.4 should ???) i saw mails from lists where persons told about working group-map with earlier versions as 2.2.3 (!), but maybe i'm wrong! thanks lg thomas reisenbichler -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] with ldap - samba - password sync - domain group map - login message
hello list! first: sorry for my english and the long mail, but i REALLY need help! i want to kick the nt4 pdc in our network and thought to realize single sign on with samba and ldap. i made two testserver: the first test was with suse linux 7.3 with latest openldap, pam_ldap, nss_ldap and samba 2.2.3a (i compiled all components myself!). the second was with suse linux 8.0 with openldap, pam_ldap, nss_ldap (this three components are the standard rpm's from suse 8.0) and samba 2.2.4 (latest rpm from the suse samba-developer). the basic systems worked and all problems i'm going to describe occurred in both testenvironments! 1. after login from w2k i get the message, that the password expires and asks me if i want to change. if i change or not, at next logon the situation is the same, but i can login over a few weeks without passwordchange. - the only information i found about in the web is, that i can set the users pwdLastSet to -1, but, on the one hand, i doesn't work and on the other hand, if anyone changes his password this field would be overwritten automatically and the old problem starts again. 2. the unix password sync doesn't work. but i think there are two different problems, but let me describe: if i activated the password sync, i got on the w2k client the error username or password wrong . if it's not activated, the passwordchange works!! so i checked the log and thougt i'm silly as i saw the wollowing rows (!!): [2002/06/13 15:33:23, 10] smbd/chgpasswd.c:dochild(211) Invoking '/etc/ldappwdsmb test' as password change program. [2002/06/13 15:33:26, 100] smbd/chgpasswd.c:expect(265) expect: expected [New password: ] received [New password: ] match no [2002/06/13 15:33:28, 100] smbd/chgpasswd.c:expect(265) expect: expected [New password: ] received [] match no [2002/06/13 15:33:28, 10] smbd/chgpasswd.c:expect(276) expect: returning False [2002/06/13 15:33:28, 3] smbd/chgpasswd.c:talktochild(302) Response 1 incorrect after this i made a test where the chat isn't activated and the passwd- program is a shell-script that only writes a text into a file. at the next try there where no logging like the lines above, the passwd- programm ended normally (because the text was in the file), but the w2k- client told again that username or password is wrong! so i think, that this are two different problems, but i can't understand! 3. the domain group map doesn't work! i found a lot of descriptions about and all where same. so, i thougt i'm on the right way and made it like these discriptions, but at samba 2.2.3a there was shown only one group named with hieroglyphs. at 2.2.4 no group is shown from my map-file, but there are shown the groups domain admins and domain users - could anyone tell me where these groups are configured in samba? i need the groupmapping because we have one w2k-database and fileserver and i can't cick it. please help me thank you very much lg thomas reisenbichler -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba