[Fedora-directory-users] Samba and FDS 7.1 on Fedora Core 4 Error
Adam Stokes
astokes at redhat.com
Thu Jul 21 13:49:04 UTC 2005
On Thu, 2005-07-21 at 15:44 +0200, Leonardo Pugliesi wrote:
> Adam Stokes ha scritto:
>
> >On Thu, 2005-07-21 at 10:36 +0200, Leonardo Pugliesi wrote:
> >
> >
> >>Adam Stokes ha scritto:
> >>
> >>
> >>
> >>>>>Leon,
> >>>>>
> >>>>>I think since you have an administrator account set already, do
> >>>>>
> >>>>>smbpasswd Adminsitrator
> >>>>>
> >>>>>the '-a' switch tells samba to add that user without it will just change
> >>>>>the password and add the appropriate entries to directory server
> >>>>>
> >>>>>--
> >>>>>Fedora-directory-users mailing list
> >>>>>Fedora-directory-users at redhat.com
> >>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>if i use "smbpasswd Administrator" i get:
> >>>>_______________________________
> >>>>[root at fedorac4 ~]# smbpasswd Administrator
> >>>>New SMB password:
> >>>>Retype new SMB password:
> >>>>Failed to find entry for user administrator.
> >>>>Failed to modify password entry for user administrator
> >>>>[root at fedorac4 ~]#
> >>>>_______________________________
> >>>>so it seems that i can't add Administrator because the entry alredy
> >>>>exists, but i can't modify it because it doesn't exists.....
> >>>>am i missing something :-)
> >>>>
> >>>>thanx
> >>>>
> >>>>--
> >>>>Fedora-directory-users mailing list
> >>>>Fedora-directory-users at redhat.com
> >>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>>>
> >>>>
> >>>>
> >>>>
> >>>What does your smb.conf look like? Also is there anything in the samba
> >>>logs?
> >>>
> >>>--
> >>>Fedora-directory-users mailing list
> >>>Fedora-directory-users at redhat.com
> >>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>>
> >>>
> >>>
> >>>
> >>>
> >>This is smb.conf (global section):
> >>
> >>[global]
> >> workgroup = FEDORAC4
> >> username map = /etc/samba/smbusers
> >> enable privileges = yes
> >> server string = Samba Server %v
> >> security = user
> >> encrypt passwords = Yes
> >> min passwd length = 3
> >> obey pam restrictions = No
> >> ldap passwd sync = Yes
> >> #unix password sync = Yes
> >> passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u
> >> #passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n"
> >> ldap passwd sync = Yes
> >> log level = 0
> >> syslog = 0
> >> log file = /var/log/samba/log.%m
> >> max log size = 100000
> >> time server = Yes
> >> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> >> mangling method = hash2
> >> Dos charset = 850
> >> Unix charset = ISO8859-1
> >> logon script = logon.bat
> >> logon drive = H:
> >> logon home =
> >> logon path =
> >> domain logons = Yes
> >> os level = 65
> >> preferred master = Yes
> >> domain master = Yes
> >> wins support = Yes
> >> passdb backend = ldapsam:ldap://fedorac4.localdomain
> >> #passdb backend = ldap:ldap://fedorac4.localdomain
> >> # passdb backend = ldapsam:"ldap://127.0.0.1/ ldap://slave.idealx.com"
> >> ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
> >> ldap admin dn = cn=Directory Manager
> >> ldap suffix = dc=localdomain
> >> ldap group suffix = ou=Groups
> >> ldap user suffix = ou=People
> >> ldap machine suffix = ou=Computers
> >> ldap idmap suffix = ou=Users
> >> #ldap ssl = start tls
> >> add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"
> >> ldap delete dn = Yes
> >> #delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"
> >> add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u"
> >> add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"
> >> #delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g"
> >> add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"
> >> delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"
> >> set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u"
> >>
> >>
> >>samba logs is empty
> >>Leon
> >>
> >>
> >>
> >>
> >>--
> >>Fedora-directory-users mailing list
> >>Fedora-directory-users at redhat.com
> >>https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>
> >>
> >
> >Not sure at this point, looks like you are using idealx scripts for some
> >of the administration maybe they created the admin account?
> >
> >--
> >Fedora-directory-users mailing list
> >Fedora-directory-users at redhat.com
> >https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
> >
> >
> the entry "Administrator.... " has been created with the ldif2ldap
> method, as shown in the how-to.
> the problem, in my opinion, is that if i use "smbldap-usershow
> Administrator" i get the right entry:
>
> _____________________________
> [root at fedorac4 ~]# /opt/IDEALX/sbin/smbldap-usershow Administrator
> dn: uid=Administrator,ou=People,dc=localdomain
> uid: Administrator
> cn: Samba Admin
> givenName: Samba
> sn: Admin
> mail: Administrator at localdomain
> objectClass: person,organizationalPerson,inetOrgPerson,posixAccount,top
> loginShell: /bin/bash
> uidNumber: 0
> gidNumber: 0
> homeDirectory: /root
> gecos: Samba Admin
> userPassword: {SSHA}2b/re4djmAJmmNCWnJmKcJLGlCRqdGdU
> _____________________________
>
> if i use "ldapsearch -x -Z '(uid=Administrator)' i get the right entry,
> i suppose the same entry found with the other command:
> ____________________
> [root at fedorac4 ~]# ldapsearch -x -Z '(uid=Administrator)'
> ldap_start_tls: Protocol error (2)
> additional info: unsupported extended operation
> # extended LDIF
> #
> # LDAPv3
> # base <> with scope sub
> # filter: (uid=Administrator)
> # requesting: ALL
> #
>
> # Administrator, People, localdomain
> dn: uid=Administrator,ou=People,dc=localdomain
> uid: Administrator
> cn: Samba Admin
> givenName: Samba
> sn: Admin
> mail: Administrator at localdomain
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: top
> loginShell: /bin/bash
> uidNumber: 0
> gidNumber: 0
> homeDirectory: /root
> gecos: Samba Admin
>
> # search result
> search: 3
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
> [root at fedorac4 ~]#
> _________________________________________-
>
> i suppose the two command give me the same entry because sghould be
> querying the same database......
>
> if i use pdbedit -u Administrator
> i get
> _________________
> [root at fedorac4 ~]# pdbedit -u Administrator
> Username not found!
> [root at fedorac4 ~]#
> _________________
>
> so if only samba related commands seem not to work properly perhaps the
> problem is in samba configuration,
> but in the guides downloaded from the website i didn't found how to
> configure the part of the file for what concern the scripts of entries
> managemant such as adding users, machine, etc......
> what should i do now?
>
> bye leon
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
This is what the administrator entry should look like :
[root at directory alias]# ldapsearch -x -ZZ '(uid=administrator)'
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (uid=administrator)
# requesting: ALL
#
# Administrator, People, gsslab.rdu.redhat.com
dn: uid=Administrator,ou=People,dc=gsslab,dc=rdu,dc=redhat,dc=com
uid: Administrator
cn: Samba Administrator
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: sambaSamAccount
loginShell: /bin/bish
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: Samba Administrator
sambaSID: S-1-5-21-1803520230-1543781662-649387223-1000
sambaPrimaryGroupSID: S-1-5-21-1803520230-1543781662-649387223-1001
displayName: Samba Administrator
sambaPwdCanChange: 1120750967
sambaPwdMustChange: 2147483647
sambaLMPassword: CFA95C51F11AB11DC2265B23734E0DAC
sambaNTPassword: B2D88A4A9B0DAEE170E75F67D54918F6
sambaPasswordHistory:
00000000000000000000000000000000000000000000000000000000
00000000
sambaPwdLastSet: 1120750967
sambaAcctFlags: [U ]
# search result
search: 3
result: 0 Success
# numResponses: 2
# numEntries: 1
So it looks like perhaps the administrator account needs the objectclass
sambaSamAccount added to the entry manually then you should be able to
proceed
More information about the Fedora-directory-users
mailing list