Re: [Samba] Samba 3.0.4 PDC w/ LDAP - XP client
Hello, Jérôme, Donnerstag, 20. Mai 2004, 01:05 you wrote: JT> Le Thu, May 20, 2004 at 12:40:10AM +0200, Stefan G. Weichinger a ecrit: >> What about 0.8.5 ? ;-) JT> Well, it will come in a short time i think. I just wait for some feedback JT> about the cvs version: i added a new object called cn=sambaUnixIdPool that JT> has the sambaUnixIdPool objectclass. This object allow to store the next JT> uidNumber and gidNumber available when adding a new user or a new group. JT> This is usefull for directory with large number of users. I am not sure JT> that cn=sambaUnixIdPool is the best name for this, and i am wondering if JT> this objectclass was initially made for this purpose (if i must remove that JT> later because this objectclass is made for something else, i prefer to know JT> that as soon as possible) JT> Any comment is welcome ;-) I don't think I am the one to comment this after spending X hours to get my test-domain up and running ;-) Maybe something like cn=sambaNextFreeUnixId would be clearer ... but things mostly get clear through documentation. I don't know enough about the sambaUnixIdPool objectclass yet. Maybe one of the team ...? (cn=sambaUnixIdPool sounds like something static to me.) >> As many people will take your toolset as the one to start with and >> will take the included HOWTO as the one to follow, I would suggest to >> modify the HOWTO to something like: >> "As bugreport x.y.z in bugzilla.samba.org states, there are problems >> with using the Container ou=Computers with Samba 3.0.x ... " JT> This is present in the cvs version of the smbldap-tools documentation. Ok. I have to get access to this version tomorrow. JT> I was waiting for the next release to publish the cvs version as the JT> documentation explain options that are not present in the 0.8.4 release. JT> btw, i've updated the Samba-ldap Howto for use with samba3. GOOD! There are still links to stuff mentioning Samba 2.2.4 ... JT> It is JT> essentially an update, and there are still some TODO in the documentation. JT> A draft is available here : JT> http://samba.idealx.org/smbldap-howto.fr.html Quickly scanned it. Found no mentioning of the container-issue so far, is there one? (seems to be the non-cvs-version) Look at it from the view of the beginner. He wants to get stuff ready to cut-and-paste-and-maybe-edit-a-BIT ... there is still the line ldap machine suffix = ou=Computers in it which I would change to ou=Users and clearly explain why. Beginners are scared and don't know about LDAP and such, even if they are capable of running Linux and Samba ... they want something to TRUST and start with without having to know and understand every detail. Ok, it is possible to use suffix = ou=Computers IF YOU DO SOMETHING-ELSE, but this should get transported to the willing user ... he does not WANT to use suffix = ou=Computers, he just wants a PDC ... If there are well-known issues (I found some of them via googling or browsing my local archive of the samba-mailinglist) they should get into the docs ... I had to do loads of research in the last few days. And I have access to several Samba-books here ... "Using Samba","The Official Samba-3 HOWTO And Reference Guide", "Samba Pocket Reference" 1&2, ... most of the main obstacles I found were NOT covered in there. (And, yes, I read the books ;-) actually I am even translating one ... ) It's all about push-versus-pull here. -- Your latest HOWTO is excellent so far, I will read it in detail tomorrow and give you feedback ... (maybe even translate it to german sometimes later?) ... -- General note on open-source-docs (please be kind, it is late and I am not exactly fresh in my head ... this is not AT ALL offending your work !): open-source-software offers flexibility in a way that exceeds the scope of most people starting to use a specific open-source-software. In the case given that means that we as open-source-developers, -maintainers and -supporters should try to offer some quick and general way to get things started. (John and Jelmer have the chapter "A cure for impatience" in the Samba-3-HOWTO, for example.) Imagine the average MS-Windows-Domain-Admin. (I bet this guy quits trying-to-hack-things after he fails to get LDAP installed. Assuming he gets Linux running.) -- If we (as abstract open-source-community) want to offer solutions, we have to offer efficient, sophisticated and technically advanced stuff (like Samba ...) as well as we have to offer ways to get started with it in a pseudo-simple way. You know that, otherwise you would not have started to write a HOWTO! All this Domain-stuff is far from being trivial, I know, and I don't complain. I appreciate and LOVE the flexibility, power and freedom open-source-software gives me. But sometimes I would appreciate some easy 3-steps-to-start as well. And I am ready and willing to contribute to get a bit closer to that. Thanks for your work again. With best regards, Stefan. -- To unsubscribe from
Re: [Samba] Samba 3.0.4 PDC w/ LDAP - XP client
Le Thu, May 20, 2004 at 12:40:10AM +0200, Stefan G. Weichinger a ecrit: > What about 0.8.5 ? ;-) Well, it will come in a short time i think. I just wait for some feedback about the cvs version: i added a new object called cn=sambaUnixIdPool that has the sambaUnixIdPool objectclass. This object allow to store the next uidNumber and gidNumber available when adding a new user or a new group. This is usefull for directory with large number of users. I am not sure that cn=sambaUnixIdPool is the best name for this, and i am wondering if this objectclass was initially made for this purpose (if i must remove that later because this objectclass is made for something else, i prefer to know that as soon as possible) Any comment is welcome ;-) > As many people will take your toolset as the one to start with and > will take the included HOWTO as the one to follow, I would suggest to > modify the HOWTO to something like: > "As bugreport x.y.z in bugzilla.samba.org states, there are problems > with using the Container ou=Computers with Samba 3.0.x ... " This is present in the cvs version of the smbldap-tools documentation. I was waiting for the next release to publish the cvs version as the documentation explain options that are not present in the 0.8.4 release. btw, i've updated the Samba-ldap Howto for use with samba3. It is essentially an update, and there are still some TODO in the documentation. A draft is available here : http://samba.idealx.org/smbldap-howto.fr.html > If you know that, you don't need the HOWTO. so the Howto is reduced to 2 lines :) > I would be happy to help you with contributing my experiences with > your (very helpful) tools and maybe adding the points that I missed. Well, all contributions of the scripts and the documentations are always welcome ! -- Jérôme -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.4 PDC w/ LDAP - XP client
Hello, Jérôme, Mittwoch, 19. Mai 2004, 21:47 you wrote: >> - Should smbldap-populate get edited to create root with uidnumber=0? JT> smbldap-populate does not create a root account. But you can use the JT> Administrator one. I just forgot to set the uidNumber to 0 in 0.8.4 version JT> of the script. JT> You can set it using 'smbldap-usermod -u 0 Administrator' No problem right now anymore for me, I have user root now with -u 0. What about 0.8.5 ? ;-) >> - Should smbldap-populate get edited to use the same ou-Container for >> Users AND Computers? JT> smbldap-populate will create an ou for both users and computers. You don't JT> need to change this script. If you want computer's account to be set in JT> ou=Users, just modify the smbldap.conf file as follow: JT> computersdn="ou=Users,..." JT> Note that you can use ou=Computers for computer's account: look at this: JT> http://marc.theaimsgroup.com/?l=samba&m=108439612826440&w=2 As many people will take your toolset as the one to start with and will take the included HOWTO as the one to follow, I would suggest to modify the HOWTO to something like: "As bugreport x.y.z in bugzilla.samba.org states, there are problems with using the Container ou=Computers with Samba 3.0.x ... " or something similar. If you know that, you don't need the HOWTO. If you don't know that, you should be able to fully trust the HOWTO and it should point out well-known obstacles. I would be happy to help you with contributing my experiences with your (very helpful) tools and maybe adding the points that I missed. Thanks a lot so far ! -- best regards, Stefan G. Weichinger mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.4 PDC w/ LDAP - XP client
Le Wed, May 19, 2004 at 04:43:11PM +0200, Stefan G. Weichinger a ecrit: > - Right now my XP-box has the registry changed (SignOrSeal ...) > because I somewhere read about that. Necessary or not? (I will test > that ...) No, not necessary > - Should smbldap-populate get edited to create root with uidnumber=0? smbldap-populate does not create a root account. But you can use the Administrator one. I just forgot to set the uidNumber to 0 in 0.8.4 version of the script. You can set it using 'smbldap-usermod -u 0 Administrator' > - Should smbldap-populate get edited to use the same ou-Container for > Users AND Computers? smbldap-populate will create an ou for both users and computers. You don't need to change this script. If you want computer's account to be set in ou=Users, just modify the smbldap.conf file as follow: computersdn="ou=Users,..." Note that you can use ou=Computers for computer's account: look at this: http://marc.theaimsgroup.com/?l=samba&m=108439612826440&w=2 -- Jérôme -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.4 PDC w/ LDAP - XP client
Hello, Mittwoch, 19. Mai 2004, 01:35 I wrote: SGW> Managed to join my DOMAIN yesterday but right now no chance. Solved that ! After editing smb.conf for the Xth time I somehow had removed the "add user script"-line which I had earlier yanked in from the smbldap-tools-template. What an experience ;-) Things I still want to get clear about include: - Right now my XP-box has the registry changed (SignOrSeal ...) because I somewhere read about that. Necessary or not? (I will test that ...) - Should smbldap-populate get edited to create root with uidnumber=0? - Should smbldap-populate get edited to use the same ou-Container for Users AND Computers? These are things that could easily get included in the docs and this would prevent LDAP-PDC-starters from banging their heads against it ... thank you ! -- best regards, Stefan G. Weichinger mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.4 PDC w/ LDAP - XP client
Hello, Adam, Mittwoch, 19. Mai 2004, 12:45 you wrote: >> logs look fine, reg.patches applied, uid=0 used, machines and users in >> the same ou=Users ... ATW> You don't need ANY registry patches to run a Samba PDC. No RequireSignOrSeal-stuff anymore? Should I change that setting back to default? ATW> Perhaps your ATW> using some bits of stale documentation. I recommend using the two Samba ATW> PDF collections, and nothing else - too much out there is really horked ATW> up or just old. You mean the HOWTOs? docs/Samba-HOWTO-Collection.pdf? thank you ... -- best regards, Stefan G. Weichinger mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.4 PDC w/ LDAP - XP client
Hello, John, Mittwoch, 19. Mai 2004, 13:44 you wrote: JA> Ok using 3.0.4 and the latest smbldap-tools and you've used JA> smbldap-populate to populate your ldap tree JA> Try this.. JA> edit /etc/samba.smb.conf and comment out the root map JA> ie; JA> [EMAIL PROTECTED] samba]# cat smbusers JA> # Unix_name = SMB_name1 SMB_name2 ... JA> #root = administrator admin JA> nobody = guest pcguest smbguest I don't have that mapping ... Did a find for that file and only found it in the source-trees of Samba in the packaging dir. I am currently using Suse Linux 9.0 on that box and configured/compiled Samba 3.0.4 with these options: $ ./configure --exec-prefix=/usr --with-configdir=/etc/samba --with-logfilebase=/var/log/samba --with-acl-support --disable-static --with-smbmount --enable-cups --with-ldapsam I am not sure about the acl-flag anymore ... JA> then set the password for the 'Administrator' JA> smbpasswd Administrator. JA> smbldap-populate creates a user named 'Administrator' with a uid=0 changed it to "1" and created root with uid=0 already. After that did "smbpasswd root". (I still find it confusing to have all those ways to modify/set passwds: smbpasswd, smbldap-passwd, pdbedit ... which one to use when?) I think I could start over and edit the populate-script to create root w/ uid=0 Thanks ... -- best regards, Stefan G. Weichinger mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0.4 PDC w/ LDAP - XP client
> I am aware of the fact that I am missing something which will seem > clear to me AFTER I get pointed to it. That is the whole truth about > learning, isn't it? > > thanks ... Ok using 3.0.4 and the latest smbldap-tools and you've used smbldap-populate to populate your ldap tree Try this.. edit /etc/samba.smb.conf and comment out the root map ie; [EMAIL PROTECTED] samba]# cat smbusers # Unix_name = SMB_name1 SMB_name2 ... #root = administrator admin nobody = guest pcguest smbguest then set the password for the 'Administrator' smbpasswd Administrator. smbldap-populate creates a user named 'Administrator' with a uid=0 John -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.4 PDC w/ LDAP - XP client
> logs look fine, reg.patches applied, uid=0 used, machines and users in > the same ou=Users ... You don't need ANY registry patches to run a Samba PDC. Perhaps your using some bits of stale documentation. I recommend using the two Samba PDF collections, and nothing else - too much out there is really horked up or just old. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
