Re: [Samba] Re: pdbedit dosen't send the sambaSID to the ldap
Hi people, did you find a solution for this problem? I'm having it too. r...@patata:/var/log/samba# pdbedit -am merlin Cannot locate Unix account for merlin$ But the unix account is in ldap and it creates automatically with smbldap. If I add it manually or add the attributes by hand it works fine. http://www.mail-archive.com/samba@lists.samba.org/msg99530.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: pdbedit dosen't send the sambaSID to the ldap
On Tue, 2009-03-24 at 12:06 +0100, LiPi - wrote: Hi people, did you find a solution for this problem? I'm having it too. r...@patata:/var/log/samba# pdbedit -am merlin Cannot locate Unix account for merlin$ Is that true - Does id merlin work? But the unix account is in ldap and it creates automatically with smbldap. If I add it manually or add the attributes by hand it works fine. What do you mean by add it manually? Are you running nscd? If so, shut that service down and try again. -- OpenGroupware developer: awill...@whitemice.org http://whitemiceconsulting.blogspot.com/ OpenGroupare Cyrus IMAPd documenation @ http://docs.opengroupware.org/Members/whitemice/wmogag/file_view -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: pdbedit dosen't send the sambaSID to the ldap
The question was exactly the same than the one that was in the link I wrote :p http://www.mail-archive.com/samba@lists.samba.org/msg99530.html But now, 1h later it's time to answer myself: If somebody needs to solve the mentionated problem, it only must be two things: apt-get install libnss-ldap libpam-ldap emacs /etc/ldap.conf and fill it with (according to their params): --start ldap.conf host 127.0.0.1 base dc=ctest uri ldap://127.0.0.1 ldap_version 3 rootbinddn cn=admin,dc=ctest port 389 nss_base_passwd ou=Users,dc=ctest?one nss_base_passwd ou=Computers,dc=ctest?one nss_base_shadow ou=Users,dc=ctest?one nss_base_group ou=Groups,dc=ctest?one --end ldap.conf and /etc/nsswitch.conf: --start nsswitch.conf passwd: compat ldap group: compat ldap shadow: compat ldap hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc:db files netgroup: nis ---end nsswitch.conf Then, getent passwd and getent group must show ldap entries, and then joining to a domain and the creation of automatic machine samba accounts is well done. http://linuxadministration.us/2008/05/17/ubuntu-804-hardy-ldap-client/ http://www.cos.ufrj.br/docs/ldap#debian -- if you use debian Thank you all! 2009/3/24 Adam Tauno Williams awill...@whitemice.org: On Tue, 2009-03-24 at 12:06 +0100, LiPi - wrote: Hi people, did you find a solution for this problem? I'm having it too. r...@patata:/var/log/samba# pdbedit -am merlin Cannot locate Unix account for merlin$ Is that true - Does id merlin work? But the unix account is in ldap and it creates automatically with smbldap. If I add it manually or add the attributes by hand it works fine. What do you mean by add it manually? Are you running nscd? If so, shut that service down and try again. -- OpenGroupware developer: awill...@whitemice.org http://whitemiceconsulting.blogspot.com/ OpenGroupare Cyrus IMAPd documenation @ http://docs.opengroupware.org/Members/whitemice/wmogag/file_view -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: pdbedit dosen't send the sambaSID to the ldap
Am Dienstag, 24. März 2009 12:56 schrieb LiPi -: The question was exactly the same than the one that was in the link I wrote :p http://www.mail-archive.com/samba@lists.samba.org/msg99530.html But now, 1h later it's time to answer myself: If somebody needs to solve the mentionated problem, it only must be two things: apt-get install libnss-ldap libpam-ldap emacs /etc/ldap.conf and fill it with (according to their params): Which version of Debian do you use? This setup is outdated for years. Read the man pages and the docs for this two packages. --start ldap.conf host 127.0.0.1 base dc=ctest uri ldap://127.0.0.1 ldap_version 3 rootbinddn cn=admin,dc=ctest port 389 nss_base_passwd ou=Users,dc=ctest?one nss_base_passwd ou=Computers,dc=ctest?one nss_base_shadow ou=Users,dc=ctest?one You really like to poll your shadow file over an unprotected network? Remember, it contains the passwords. If you do this ONLY on the loopback network, it may be OK. nss_base_group ou=Groups,dc=ctest?one --end ldap.conf and /etc/nsswitch.conf: --start nsswitch.conf passwd: compat ldap group: compat ldap shadow: compat ldap hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc:db files netgroup: nis ---end nsswitch.conf Then, getent passwd and getent group must show ldap entries, and then joining to a domain and the creation of automatic machine samba accounts is well done. Thank you all! -- Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: pdbedit dosen't send the sambaSID to the ldap
Then, getent passwd and getent group must show ldap entries, and then joining to a domain and the creation of automatic machine samba accounts is well done. http://linuxadministration.us/2008/05/17/ubuntu-804-hardy-ldap-client/ http://www.cos.ufrj.br/docs/ldap#debian -- if you use debian There is nothing distribution specific (either Debian or Ubuntu) about setting up NSS. This is covered in both the Samba3-HOWTO http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ and the Samba3-ByExample http://www.samba.org/samba/docs/man/Samba-Guide/ books. It would be worth taking a look at those over whatever you find lying around the Internet. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: pdbedit dosen't send the sambaSID to the ldap
Hi people: I have a Debian etch stable with the latests updates. When I try to join a computer to the domain I create the machine on the ldap and its created with the following atributes: dn:cn=test$,ou=Machines,dc=domain,dc=org objectClass: top objectClass: inetOrgPerson objectClass: posixAccount uidNumber: 3123 uid: test$ cn: test$ sn: test$ gidNumber: 604 homeDirectory: /dev/null loginShell: /bin/false gecos: Machine Account description: Machine Account Then, in the samba I run: pdbedit -am test And this is the output... ldapsam_add_sam_account: User exists without samba attributes: adding them init_ldap_from_sam: Setting entry for user: test$ smbldap_modify: dn = [cn=test$,ou=Machines,dc=domain,dc=org] ldapsam_modify_entry: Failed to modify user dn= cn=test$,ou=Machines,dc=domain,dc=org with: Object class violation object class 'sambaSamAccount' requires attribute 'sambaSID' ldapsam_add_sam_account: failed to modify/add user with uid = test$ (dn = cn=zigo$,ou=Systems,dc=domain,dc=int) Unable to add machine! (does it already exist?) I set the debug level in the ldap and I can't see the pdbedit sending any sambaSID atributte. So I can't think this is a schema problem... Any ideas? Why is this happening?? I have found nothing on the net to help me... Tnxs in advance. Anyone knowing something? I found some PDC NOT with the latest updates from Debian Etch, but with the same Samba version and they work! This is the output of the working version: account_policy_get: name: maximum password age, val: -1 account_policy_get: name: minimum password age, val: 0 pdb_set_username: setting username test$, was test$ smbldap_search_ext: base = [dc=jusbaires,dc=gov,dc=ar], filter = [((uid=test$)(objectclass=sambaSamAccount))], scope = [2] smbldap_search_ext: base = [dc=jusbaires,dc=gov,dc=ar], filter = [((sambaSID=S-1-5-21-2281447165-45835457-3575675572-31254)(objectclass=sambaSamAccount))], scope = [2] smbldap_search_ext: base = [dc=jusbaires,dc=gov,dc=ar], filter = [(uid=test$)], scope = [2] ldapsam_add_sam_account: User exists without samba attributes: adding them smbldap_make_mod: attribute |uid| not changed. init_ldap_from_sam: Setting entry for user: test$ smbldap_get_single_attribute: [sambaSID] = [does not exist] smbldap_make_mod: adding attribute |sambaSID| value |S-1-5-21-2281447165-45835457-3575675572-31254| smbldap_get_single_attribute: [displayName] = [does not exist] smbldap_make_mod: adding attribute |displayName| value |Computer| smbldap_get_single_attribute: [sambaPwdCanChange] = [does not exist] smbldap_make_mod: adding attribute |sambaPwdCanChange| value |1236459494| smbldap_get_single_attribute: [sambaPwdMustChange] = [does not exist] smbldap_make_mod: adding attribute |sambaPwdMustChange| value |2147483647| smbldap_get_single_attribute: [sambaLMPassword] = [does not exist] smbldap_get_single_attribute: [sambaNTPassword] = [does not exist] smbldap_make_mod: adding attribute |sambaNTPassword| value |0CB6948805F797BF2A82807973B89537| smbldap_get_single_attribute: [sambaPwdLastSet] = [does not exist] smbldap_make_mod: adding attribute |sambaPwdLastSet| value |1236459494| smbldap_get_single_attribute: [sambaAcctFlags] = [does not exist] smbldap_make_mod: adding attribute |sambaAcctFlags| value |[W ]| smbldap_modify: dn = [uid=test$,ou=sarmiento,ou=Computers,dc=jusbaires,dc=gov,dc=ar] rebindproc_connect_with_state: Rebinding to ldaps://10.8.2.100/uid=test$,ou=sarmiento,ou=Computers,dc=jusbaires,dc=gov,dc=ar as uid=sarmiento-proxy,ou=security,dc=jusbaires,dc=gov,dc=ar rebindproc_connect_with_state: setting last_rebind timestamp (req: 0x66) ldapsam_add_sam_account: added: uid == test$ in the LDAP database smbldap_search_ext: base = [dc=jusbaires,dc=gov,dc=ar], filter = [((uid=test$)(objectclass=sambaSamAccount))], scope = [2] smbldap_search_ext: waiting 866 milliseconds for LDAP replication. smbldap_search_ext: go on! init_sam_from_ldap: Entry found for user: test$ pdb_set_username: setting username test$, was pdb_set_domain: setting domain JUSBAIRES, was pdb_set_nt_username: setting nt username test$, was pdb_set_user_sid_from_string: setting user sid S-1-5-21-2281447165-45835457-3575675572-31254 pdb_set_user_sid: setting user sid S-1-5-21-2281447165-45835457-3575675572-31254 smbldap_get_single_attribute: [sambaLogonTime] = [does not exist] smbldap_get_single_attribute: [sambaLogoffTime] = [does not exist] smbldap_get_single_attribute: [sambaKickoffTime] = [does not exist] pdb_set_full_name: setting full name Computer, was smbldap_get_single_attribute: [sambaHomeDrive] = [does not exist] pdb_set_dir_drive: setting dir drive C:, was NULL smbldap_get_single_attribute: [sambaHomePath] = [does not exist] pdb_set_homedir: setting home dir \\pdc\profiles\test_, was smbldap_get_single_attribute: [sambaLogonScript] = [does not exist] pdb_set_logon_script: setting logon script netlogon.test_.bat, was