[K12OSN] SambaLDAP question
Craig White
craig at tobyhouse.com
Fri Sep 28 16:21:51 UTC 2007
On Fri, 2007-09-28 at 14:04 +0100, Brian Chivers wrote:
> John Ingleby wrote:
> > We successfully joined the first XP Pro machine to our Samba LDAP
> > domain, but further machines simply return the error message "The
> > specified domain either does not exist or could not be contacted".
> >
> > We're using K12LTSP v5.0 for the classroom thin client server, with
> > CentOS 5 for the backend file & authentication server. With donated
> > machines and classes of 12-15 this seems the way to go.
> >
> > The important Windows XP Pro client registry settings are all the same,
> > so most likely we have somehow varied the procedure for adding machine
> > accounts. Can anyone point me to a detailed step-by-step howto for
> > adding machine accounts & joining Windows machines to the SambaLDAP
> > domain?
> >
> > The various LDAP-Samba HowTos are great for setting up Samba, and we
> > appear to have completed those steps successfully. However, I cannot
> > find a sufficiently detailed explanation of the subsequent steps for
> >
> > a) setting up machine accounts with SambaLDAP
>
> This should be managed using the smbldap-passwd scripts with a section like this in your smb.conf file
>
> # use the smbldap-tools scripts
> add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"
> #delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"
> add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u"
> add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"
> #delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g"
> add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"
> delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"
> set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u"
>
>
> > b) creating the Samba (or LDAP?) root user & password
>
> smbpasswd -a root
>
> where this is a DIFFERENT password to you linux root password
>
> > c) joining XP Pro machines to the domain
>
> Right click on My computer, Properties, Computer Name, Then click on the change button next to the line
>
> To rename the computer or join a domain .....
>
> Hope this help at least get you started :-)
>
----
above is good but I would wonder about the wisdom of having a user root
in LDAP or smbpasswd
Since OP is using LTSP-5 (CentOS-5) he is running recent samba and
therefore, a full set of privileges is described here:
http://samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html
and I wouldn't recommend having a user 'root' in LDAP unless you
definitely know what you're doing. The machine should have a local root
user. That local root user really doesn't need to be a samba user.
As described in the link above, the user Administrator should be created
with whatever uid, and the well-known RID of 500
--
Craig White <craig at tobyhouse.com>
More information about the K12OSN
mailing list