[Samba] Sysprep & Samba
Hi, I'm using Samba version 3.0.14a-r2 on Gentoo Linux as a PDC for a classroom environment. The server and the classroom are in different subnets, but on the same local LAN. The broadcast messages are not forwarded, so I have enabled a single machine in the classroom subnet to act as a WINS proxy. I am using Ghost to image the classroom machines which uses sysprep to prepare the image-rollout. I have my sysprep.inf setup so it will prompt for a computer name and then automatically join our domain. When mini-setup attempts to join the domain, it gives me an error message saying "The user name could not be found. Would you like to proceed for now and try joining a domain later?" In my Samba logs directory I can see it trying to add a workstation user with the original computer name of the sysprep'd computer: [2006/04/19 11:43:16, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2324) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w 'mmb9-m21'' gave 9 [2006/04/19 11:43:28, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2324) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w 'mmb9-m21'' gave 9 [2006/04/19 11:43:40, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2324) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w 'mmb9-m21'' gave 9 [2006/04/19 11:43:52, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2324) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w 'mmb9-m21'' gave 9 I tried removing the mmb9-m21$ user with smbldap-userdel, and then allow sysprep to attempt again. This time it adds the workstation under the original name, but it continues to give the above messages and displays the same error message in mini-setup on the workstation. The workstation that is being imaged/sysprep'd is Windows XP Professional w/ SP2. Ultimately I would like to make sysprep use the new computer name and automatically join the domain with that new computer name. Please let me know if you need any additional information. Thank you for your time. --Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC w/ LDAP & Mass Adding Users [SOLVED]
Okay -- got it working.
I was using nss_ldap 238...
I just unmerged 238, and emerged 207-r1 and it seems to be working fine now.
Thanks for everyones help!
Marc
>
>>
>> 1.) Make sure you are not using an antique version of OpenLDAP. For
> some totally incomprehensible reason most distributions (especially
RedHat derived ones) ship with very very very old versions of this
software. SuSe does quite a bit better.
>
> OpenLDAP 2.2.26-r2
>
>> 2.) You don't say what versions or backend you are using. If you are
> using a BDB or HDB backend (and you should) you need to make sure your
DB_CONFIG settings are reasonable. If you are using an LDBM backend
then just give up.
>> ftp://ftp.kalamazoolinux.org/pub/pdf/LDAP106.pdf
>
> Sorry, I am using BDB -- but I have used both LDBM and BDB. Cache
settings and all seem to work good.
>
>> 3.) Does the "id {username}" still work for a user after it stops
> addding-for-read? Can you perform an ldapsearch, without restarting the
DSA?
>
> acad1 ~ # id lhart1
> id: io.c:171: ber_free_buf: Assertion `((ber)->ber_opts.lbo_valid==0x2)'
failed.
> uid=10214(lhart1) gid=505Aborted
>
>
>>
>>
>> If you've disabled ncsd caching how is nscd crashing?
>>
>
> Well, I can't seem to totally disable it from popping up -- I've added
"name cache timeout = 0" to smb.conf (if I understood that correctly,
thats supposed to stop nscd from starting, maybe not). I "disabled" it
by commenting everything in nscd.conf.
>
>>
>> This is required if you want to enumerate members of a group, it helps
> performance.
>
> Cool, thats good to know. =)
>
>
> "Now, the interesting part. If I change the '-g students' to '-g 'domain
users'' everything works fine!
>
> Adding users to 'Domain Users' works, but 'students' does not?
>
> Actually, adding a new group with the first part being "Domain" such as
group 'Domain Studs' works fine. If the group name doesn't have "Domain"
in it, it gets screwed up?"
>
>
>
> Thanks for your help,
>
> Marc
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC w/ LDAP & Mass Adding Users
>
> 1.) Make sure you are not using an antique version of OpenLDAP. For
some totally incomprehensible reason most distributions (especially
RedHat derived ones) ship with very very very old versions of this
software. SuSe does quite a bit better.
OpenLDAP 2.2.26-r2
> 2.) You don't say what versions or backend you are using. If you are
using a BDB or HDB backend (and you should) you need to make sure your
DB_CONFIG settings are reasonable. If you are using an LDBM backend
then just give up.
> ftp://ftp.kalamazoolinux.org/pub/pdf/LDAP106.pdf
Sorry, I am using BDB -- but I have used both LDBM and BDB. Cache settings
and all seem to work good.
> 3.) Does the "id {username}" still work for a user after it stops
addding-for-read? Can you perform an ldapsearch, without restarting the
DSA?
acad1 ~ # id lhart1
id: io.c:171: ber_free_buf: Assertion `((ber)->ber_opts.lbo_valid==0x2)'
failed.
uid=10214(lhart1) gid=505Aborted
>
>
> If you've disabled ncsd caching how is nscd crashing?
>
Well, I can't seem to totally disable it from popping up -- I've added
"name cache timeout = 0" to smb.conf (if I understood that correctly,
thats supposed to stop nscd from starting, maybe not). I "disabled" it by
commenting everything in nscd.conf.
>
> This is required if you want to enumerate members of a group, it helps
performance.
Cool, thats good to know. =)
"Now, the interesting part. If I change the '-g students' to '-g 'domain
users'' everything works fine!
Adding users to 'Domain Users' works, but 'students' does not?
Actually, adding a new group with the first part being "Domain" such as
group 'Domain Studs' works fine. If the group name doesn't have "Domain"
in it, it gets screwed up?"
Thanks for your help,
Marc
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC w/ LDAP & Mass Adding Users
Hi, I am running into a bit of a strange problem. I have a Perl script
that creates usernames for mass-adding users. This script used to use the
standard Linux 'adduser' command to add users to the system. I am now
switching everything over to LDAP, including Samba.
I have modified the custom Perl script to add users in bulk for
smbldap-tools.
system("smbldap_tools/smbldap-useradd -a -g students -c
\"$Ofirst,$Olast,$studentnum\" -C 'FILESERVER\\homes\\$username' -d
$homedir/$username -m $username");
I also create a group entry for students:
dn: cn=students,ou=Groups,dc=test-mcc,dc=edu
objectClass: posixGroup,sambaGroupMapping
cn: students
gidNumber: 1113
sambaSID: S-1-5-21-2737720518-3188833511-1042965985-3227
sambaGroupType: 2
displayName: students
Now, I start the custom Perl script to mass-add users, and it adds 120
users, and then users stop being added. smbldap-useradd returns no kind of
error, it almost seems like it thinks it is adding the users, but they
really aren't getting added after 120 users. The first 120 users seem
fine. I took a look in the LDAP file, and for the remaining users, it is
still binding, searching, but doesn't appear to actually add the user
info:
Jun 28 04:56:49 esdev2 slapd[16063]: conn=12629 op=0 BIND
dn="cn=Manager,dc=test-mcc,dc=edu" method=128
Jun 28 04:56:49 esdev2 slapd[16063]: conn=12629 op=0 BIND
dn="cn=Manager,dc=test-mcc,dc=edu" mech=SIMPLE ssf=0
Jun 28 04:56:49 esdev2 slapd[16063]: conn=12629 op=0 RESULT tag=97 err=0
text=
Jun 28 04:56:49 esdev2 slapd[11498]: conn=12629 op=1 SRCH
base="dc=test-mcc,dc=edu" scope=2 deref=2
filter="(&(objectClass=posixAccount)(uid=tmoore))"
Jun 28 04:56:49 esdev2 slapd[11498]: conn=12629 op=1 SEARCH RESULT tag=101
err=0 nentries=0 text=
Jun 28 04:56:49 esdev2 slapd[11424]: conn=12629 fd=11 closed
Jun 28 04:56:50 esdev2 slapd[11424]: conn=12630 fd=11 ACCEPT from
IP=207.74.136.238:43817 (IP=0.0.0.0:636)
Jun 28 04:56:50 esdev2 slapd[11506]: conn=12630 op=0 BIND
dn="cn=Manager,dc=test-mcc,dc=edu" method=128
Jun 28 04:56:50 esdev2 slapd[11506]: conn=12630 op=0 BIND
dn="cn=Manager,dc=test-mcc,dc=edu" mech=SIMPLE ssf=0
Jun 28 04:56:50 esdev2 slapd[11506]: conn=12630 op=0 RESULT tag=97 err=0
text=
Jun 28 04:56:50 esdev2 slapd[11499]: conn=12630 op=1 SRCH
base="dc=test-mcc,dc=edu" scope=2 deref=2
filter="(&(objectClass=posixAccount)(uid=lhart1))"
Jun 28 04:56:50 esdev2 slapd[11499]: conn=12630 op=1 SEARCH RESULT tag=101
err=0 nentries=0 text=
Jun 28 04:56:50 esdev2 slapd[11424]: conn=12630 fd=11 closed
These 2 users, lhart1 and tmoore, are 2 users that are supposed to be
added after the last user that is successfully added.
Now, when the group is "full" like this, if I do a 'net groupmap list', I
get a "Segmentation Fault". Also, when the group is "full", and my script
is still trying to add users (with smbldap-useradd), stderr is spitting
out "Segmentation Fault". nscd also seems to be dying and starting again
after the first 120 users are added. I don't have winbindd, I've also
disabled nscd caching.
Now, the interesting part. If I change the '-g students' to '-g 'domain
users'' everything works fine!
Adding users to 'Domain Users' works, but 'students' does not?
Actually, adding a new group with the first part being "Domain" such as
group 'Domain Studs' works fine. If the group name doesn't have "Domain"
in it, it gets screwed up?
I'd appreciated any help with this!
Also, one more question, I've noticed that for each user, a memberUid
attribute is created inside the group. I'm assuming this is supposed to
happen, but why? Does Samba maybe need it this way? Even for the primary
group it adds an "extra" memberUid attribute for each user? Does this hurt
performance?
Thanks in advance for any help.
Marc
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
