Re: [Samba] PDC witch LDAP and machine account lookup
Hi again, so it looks like something with adding machine accounts manually does not work for me. After reconfiguring the smbldap tools and removing the computer (farbwahl06) from the domain i added it again. The automatically created machine account works fine and i am able to logon to the domain. The differences between the pdbedit outputs have not been that big but big enough to make trouble i guess. Thanks for your help Bruno. Regards Stefan -Ursprüngliche Nachricht- Von: Bruno MACADRE [mailto:bruno.maca...@univ-rouen.fr] Gesendet: Donnerstag, 1. Oktober 2009 22:10 An: Stefan Michalsky Betreff: Re: [Samba] PDC witch LDAP and machine account lookup Hi, It looks strange... I've you tried to increase your log level (specially on tdb and passdb). Something like : log level = 2 tdb:5 passdb:5 And look for any strange behavior when you try to log onto farbwhal06 or when you try to join it to the domain. I don't use smbldap-tools so i can help you with this, for me adding a machine to the LDAP is like adding a user, the only difference is that the username (uid for LDAP) finish with a $ If you try : # pdbedit -v farbwahl06$ and # pdbedit -v farbwahl04$ Look for any difference between the 2 results ! Regards, Bruno Stefan Michalsky a écrit : Hey Bruno, it seems that the problem is something else. I tested on one computer (farbwahl06 - WinXP Pro Client) most of the time. But i have another machine to test (farbwahl04 - WinVista client). I moved the machine account for farbwahl04 from People to Computers and everything works fine. So i tried all variants for farbwahl06 (account in People and Computers, changed suffixes and so on) and the machine account for farbwahl06 seems to be broken. I tried to create a new one, but this doesn't help too. So how do you create machine accounts? Perhaps i am missing something. Adding machine accounts automatically doesn't work too by the way. The Samba server is a gentoo (Linux version 2.6.23-hardened-r12). Please find attached my smb.conf (farbwahl04 is working with this) *** REMOVED *** Kind regards, Stefan -Ursprüngliche Nachricht- Von: Bruno MACADRE [mailto:bruno.maca...@univ-rouen.fr] Gesendet: Donnerstag, 1. Oktober 2009 17:51 An: Stefan Michalsky Betreff: Re: [Samba] PDC witch LDAP and machine account lookup Stefan Michalsky a écrit : Hey all, i do have the following problem: i set up a PDC with Samba with an LDAP backend. Everything works fine but the machine account lookup. If i try to logon to the domain i have to create the machine account in ou=People,dc=testing,dc=de. Everything works fine with this. But if i create the machine account in ou=Computers,dc=testing,dc=de and change all suffixes according to this the search performed looks like this in slapd log file: Oct 1 15:42:59 [slapd] conn=908 op=4 SRCH base=ou=People,dc=testing,dc=de scope=2 deref=0 filter=((objectClass=posixAccount)(uid=farbwahl06$))_ So where is the mistake? I found some forum posts but all with no answers. Is it a configuration issue or a software problem? Thanks Stefan Hi, Are you sure that your ldap machine suffix is changed to ldap machine suffix = ou=Computers ? Can you show your smb.conf when you want to have machine account in ou=Computers ? Regards, Bruno -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] PDC witch LDAP and machine account lookup
Hey all, i do have the following problem: i set up a PDC with Samba with an LDAP backend. Everything works fine but the machine account lookup. If i try to logon to the domain i have to create the machine account in ou=People,dc=testing,dc=de. Everything works fine with this. But if i create the machine account in ou=Computers,dc=testing,dc=de and change all suffixes according to this the search performed looks like this in slapd log file: Oct 1 15:42:59 [slapd] conn=908 op=4 SRCH base=ou=People,dc=testing,dc=de scope=2 deref=0 filter=((objectClass=posixAccount)(uid=farbwahl06$))_ So where is the mistake? I found some forum posts but all with no answers. Is it a configuration issue or a software problem? Thanks Stefan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC witch LDAP and machine account lookup
Hey Bruno,
it seems that the problem is something else. I tested on one computer
(farbwahl06 - WinXP Pro Client)
most of the time. But i have another machine to test (farbwahl04 - WinVista
client).
I moved the machine account for farbwahl04 from People to Computers and
everything
works fine. So i tried all variants for farbwahl06 (account in People and
Computers,
changed suffixes and so on) and the machine account for farbwahl06 seems to
be
broken. I tried to create a new one, but this doesn't help too.
So how do you create machine accounts? Perhaps i am missing something.
Adding machine
accounts automatically doesn't work too by the way. The Samba server is a
gentoo (Linux version 2.6.23-hardened-r12).
Please find attached my smb.conf (farbwahl04 is working with this)
[global]
dos charset = 850
unix charset = ISO8859-1
workgroup = TEST-DOMAIN
interfaces = eth0
map to guest = Bad User
passdb backend = ldapsam:ldap://localhost
username map = /etc/samba/smbusers
log level = 10
log file = /var/log/samba/log.%m
max log size = 5
add user script = /usr/sbin/smbldap-useradd -a -d '/home/%u' -m -g
'Domain Users' '%u'
delete user script = /usr/sbin/smbldap-userdel '%u'
add group script = /usr/sbin/smbldap-groupadd '%g'
/usr/sbin/smbldap-groupshow %g|awk '/^gidNumber:/ {print $2}'
delete group script = /usr/sbin/smbldap-userdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%u'
'%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -w -d /dev/null -g
'Domain Computers' -c 'Machine Account' -s /bin/false '%u'
logon path = \\%L\Profiles\%U
logon drive = w:
logon home = \\%L\%U
logon script = logonscripts\%U
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
ldap admin dn = cn=smbadmin,ou=People,dc=testing,dc=de
ldap group suffix = ou=Groups
ldap idmap suffix = cn=Idmap
ldap machine suffix = ou=Computers
ldap suffix = dc=testing,dc=de
ldap user suffix = ou=People
winbind separator = #
winbind use default domain = Yes
hosts allow = 192.168.2.
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
[netlogon]
comment = Network Logon Service
path = /home/__netlogon__
admin users = root
read only = No
browseable = No
preexec = /home/__netlogon__/genlogon.pl %U %m
[Profiles]
comment = For Windows Profile
path = /var/lib/samba/profiles/%U
read only = No
profile acls = Yes
browseable = No
create mask = 0600
directory mask = 0700
[public]
path = /home/__public__
force user = public
force group = public
read only = No
[sharehome]
path = /home/share
read only = No
[sharesrc]
path = /usr/src
read only = No
[backup]
comment = The folder for backups
path = /home/backup
force user = backupexternal
force group = backup
read only = No
guest ok = Yes
[Projekt_A]
comment = For the Project A
path = /home/projekt_a
directory mask = 0770
force group = Projekt A
force create mode = 0770
force directory mode = 0770
read only = No
guest ok = No
browsable = No
hide unreadable = Yes
read list = @projekt_a_read
Kind regards,
Stefan
-Ursprüngliche Nachricht-
Von: Bruno MACADRE [mailto:bruno.maca...@univ-rouen.fr]
Gesendet: Donnerstag, 1. Oktober 2009 17:51
An: Stefan Michalsky
Betreff: Re: [Samba] PDC witch LDAP and machine account lookup
Stefan Michalsky a écrit :
Hey all,
i do have the following problem: i set up a PDC with Samba with an LDAP
backend. Everything works fine but the machine account lookup. If i try to
logon to the domain i have to create the machine account in
ou=People,dc=testing,dc=de. Everything works fine with this. But if i
create
the machine account in ou=Computers,dc=testing,dc=de and change all
suffixes
according to this the search performed looks like this in slapd log file:
Oct 1 15:42:59 [slapd] conn=908 op=4 SRCH
base=ou=People,dc=testing,dc=de
scope=2 deref=0 filter=((objectClass=posixAccount)(uid=farbwahl06$))_
So where is the mistake? I found some forum posts but all with no answers.
Is it a configuration issue or a software problem?
Thanks
Stefan
Hi,
Are you sure that your ldap machine suffix is changed to ldap
machine suffix = ou=Computers ?
Can you show your smb.conf when you want
