Re: RE : [Samba] Can't add machine account with 3.0.0; ldapsam backend (RESENT)
On Tue, 2003-10-14 at 21:47, Ronny Adsetts wrote: jean-marc pouchoulon said the following on 14/10/03 12:10: they sould be created on the fly as they were with 3.0.0beta1. As I can see, with 3.0 stable this is not done. pdbedit -a -m testonsddd$ -D99 ... ldapsam_modify_entry: Failed to add user dn= uid=testonsddd$,ou=pc,o=g,c=fr with: Object c lass violation But a AddMachine script make it for me without any problem. So this is a bug with 3.0 stable then? Not requiring an account prior to joining the domain when using LDAP backend is a documented feature AFAICR... can't point to the exact documentation right now though... :-) So called 'non unix account' support was removed prior to release. It is not intended to return - certainly not in the guise perviously seen. You need an 'add machine script' and 'add user script' to fill in the bits of LDAP. Generally, I like the idea that we might be able to do this without scripts, but that's not possible at the moment. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RE : [Samba] Can't add machine account with 3.0.0; ldapsam backend (RESENT)
Andrew Bartlett said the following on 15/10/03 07:22: So called 'non unix account' support was removed prior to release. It is not intended to return - certainly not in the guise perviously seen. You need an 'add machine script' and 'add user script' to fill in the bits of LDAP. Thanks for this info (and all the Samba team's hard work). Generally, I like the idea that we might be able to do this without scripts, but that's not possible at the moment. Would be very good - one less thing to worry about :-). Regards, Ronny -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] Can't add machine account with 3.0.0; ldapsam backend (RESENT)
# pdbedit -v -a -m -u tardis
ldapsam_modify_entry: Failed to add user dn=
uid=tardis$,ou=Machines,dc=amazing-internet,dc=net with: Object class
violation
object class 'sambaSamAccount' requires attribute 'sambaSID'
Did you create the machine account in /etc/passwd or in ldap
before using pdbedit ?
Extract from a python script I've done what am I doing in the ldap
before pdbedit -a -m.
def cre_ldif_machine(last_uidnumber):
Cette fonction crée un fichier d'enregistrement ldap d'un
compte machine pour samba
sys.stdout = open('/etc/samba/bin/machine.ldif', 'w')
print dn: uid=%s,ou=pc,o=test,c=fr % sys.argv[1]
print objectclass: account
print objectclass: posixaccount
print objectclass: shadowaccount
print uid:%s % sys.argv[1]
print cn: Samba machine %s % sys.argv[1]
print uidnumber: %s %last_uidnumber
print gidnumber:504
print homedirectory:/dev/null
print loginshell:/bin/false
sys.stdout.close()
Are you sure to have the right object class and attribute ?
Jean-Marc
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't add machine account with 3.0.0;ldapsam backend (RESENT)
jean-marc pouchoulon said the following on 14/10/03 10:40: # pdbedit -v -a -m -u tardis ldapsam_modify_entry: Failed to add user dn= uid=tardis$,ou=Machines,dc=amazing-internet,dc=net with: Object class violation object class 'sambaSamAccount' requires attribute 'sambaSID' Did you create the machine account in /etc/passwd or in ldap before using pdbedit ? No. Using the ldapsam backend with the appropriate config does not require creation of local accounts first AFAIK - they sould be created on the fly as they were with 3.0.0beta1. Are you sure to have the right object class and attribute ? It's all done by Samba... samba LDAP schema is from 3.0.0; schemacheck is on (tested with schemacheck off too). LDAP version is 2.0.27. Regards, Ronny -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] Can't add machine account with 3.0.0; ldapsam backend (RESENT)
they sould be created on the fly as they were with 3.0.0beta1. As I can see, with 3.0 stable this is not done. pdbedit -a -m testonsddd$ -D99 ... ldapsam_modify_entry: Failed to add user dn= uid=testonsddd$,ou=pc,o=g,c=fr with: Object c lass violation But a AddMachine script make it for me without any problem. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RE : [Samba] Can't add machine account with 3.0.0; ldapsam backend (RESENT)
jean-marc pouchoulon said the following on 14/10/03 12:10: they sould be created on the fly as they were with 3.0.0beta1. As I can see, with 3.0 stable this is not done. pdbedit -a -m testonsddd$ -D99 ... ldapsam_modify_entry: Failed to add user dn= uid=testonsddd$,ou=pc,o=g,c=fr with: Object c lass violation But a AddMachine script make it for me without any problem. So this is a bug with 3.0 stable then? Not requiring an account prior to joining the domain when using LDAP backend is a documented feature AFAICR... can't point to the exact documentation right now though... :-) I don't see anything in bugzilla... I'll see about submitting later when I've more time. Regards, Ronny -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
