[Fedora-directory-users] Samba and FDS 7.1 on Fedora Core 4 Error

Leonardo Pugliesi l.pugliesi at exint.it
Thu Jul 21 15:05:55 UTC 2005 

Adam Stokes ha scritto:

>On Thu, 2005-07-21 at 15:44 +0200, Leonardo Pugliesi wrote:
>  
>
>>Adam Stokes ha scritto:
>>
>>    
>>
>>>On Thu, 2005-07-21 at 10:36 +0200, Leonardo Pugliesi wrote:
>>> 
>>>
>>>      
>>>
>>>>Adam Stokes ha scritto:
>>>>
>>>>   
>>>>
>>>>        
>>>>
>>>>>>>Leon,
>>>>>>>
>>>>>>>I think since you have an administrator account set already, do
>>>>>>>
>>>>>>>smbpasswd Adminsitrator
>>>>>>>
>>>>>>>the '-a' switch tells samba to add that user without it will just change
>>>>>>>the password and add the appropriate entries to directory server
>>>>>>>
>>>>>>>--
>>>>>>>Fedora-directory-users mailing list
>>>>>>>Fedora-directory-users at redhat.com
>>>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>    
>>>>>>>
>>>>>>>         
>>>>>>>
>>>>>>>              
>>>>>>>
>>>>>>if i use "smbpasswd Administrator" i get:
>>>>>>_______________________________
>>>>>>[root at fedorac4 ~]# smbpasswd Administrator
>>>>>>New SMB password:
>>>>>>Retype new SMB password:
>>>>>>Failed to find entry for user administrator.
>>>>>>Failed to modify password entry for user administrator
>>>>>>[root at fedorac4 ~]#
>>>>>>_______________________________
>>>>>>so it seems that i can't add Administrator because the entry alredy 
>>>>>>exists, but i can't modify it because it doesn't exists.....
>>>>>>am i missing something :-)
>>>>>>
>>>>>>thanx
>>>>>>
>>>>>>--
>>>>>>Fedora-directory-users mailing list
>>>>>>Fedora-directory-users at redhat.com
>>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>>  
>>>>>>
>>>>>>       
>>>>>>
>>>>>>            
>>>>>>
>>>>>What does your smb.conf look like? Also is there anything in the samba
>>>>>logs?
>>>>>
>>>>>--
>>>>>Fedora-directory-users mailing list
>>>>>Fedora-directory-users at redhat.com
>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>
>>>>>
>>>>>
>>>>>     
>>>>>
>>>>>          
>>>>>
>>>>This is smb.conf (global section):
>>>>
>>>>[global]
>>>>  workgroup = FEDORAC4
>>>>       username map = /etc/samba/smbusers
>>>>	enable privileges = yes
>>>>       server string = Samba Server %v
>>>>  	security = user
>>>>       encrypt passwords = Yes
>>>>       min passwd length = 3
>>>>       obey pam restrictions = No
>>>>       ldap passwd sync = Yes
>>>>       #unix password sync = Yes
>>>>       passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u
>>>>       #passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n"
>>>>       ldap passwd sync = Yes
>>>>       log level = 0
>>>>       syslog = 0
>>>>       log file = /var/log/samba/log.%m
>>>>       max log size = 100000
>>>>       time server = Yes
>>>>       socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>>>       mangling method = hash2
>>>>       Dos charset = 850
>>>>       Unix charset = ISO8859-1
>>>>       logon script = logon.bat
>>>>       logon drive = H:
>>>>       logon home =
>>>>       logon path =
>>>>       domain logons = Yes
>>>>       os level = 65
>>>>       preferred master = Yes
>>>>       domain master = Yes
>>>>       wins support = Yes
>>>>       passdb backend = ldapsam:ldap://fedorac4.localdomain
>>>>       #passdb backend = ldap:ldap://fedorac4.localdomain
>>>>       # passdb backend = ldapsam:"ldap://127.0.0.1/ ldap://slave.idealx.com"
>>>>	ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
>>>>       ldap admin dn = cn=Directory Manager
>>>>       ldap suffix = dc=localdomain
>>>>       ldap group suffix = ou=Groups
>>>>       ldap user suffix = ou=People
>>>>       ldap machine suffix = ou=Computers
>>>>       ldap idmap suffix = ou=Users
>>>>       #ldap ssl = start tls
>>>>       add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"
>>>>       ldap delete dn = Yes
>>>>       #delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"
>>>>       add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u"
>>>>       add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g" 
>>>>       #delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g"
>>>>       add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"
>>>>       delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"
>>>>       set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u"
>>>>
>>>>
>>>>samba logs is empty
>>>>Leon
>>>>
>>>>
>>>>
>>>>
>>>>--
>>>>Fedora-directory-users mailing list
>>>>Fedora-directory-users at redhat.com
>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>   
>>>>
>>>>        
>>>>
>>>Not sure at this point, looks like you are using idealx scripts for some
>>>of the administration maybe they created the admin account?
>>>
>>>--
>>>Fedora-directory-users mailing list
>>>Fedora-directory-users at redhat.com
>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>> 
>>>
>>>      
>>>
>>the entry "Administrator.... " has been  created with the ldif2ldap 
>>method, as shown in the how-to.
>>the problem, in my opinion, is that if i use "smbldap-usershow 
>>Administrator" i get the right entry:
>>
>>_____________________________
>>[root at fedorac4 ~]# /opt/IDEALX/sbin/smbldap-usershow Administrator
>>dn: uid=Administrator,ou=People,dc=localdomain
>>uid: Administrator
>>cn: Samba Admin
>>givenName: Samba
>>sn: Admin
>>mail: Administrator at localdomain
>>objectClass: person,organizationalPerson,inetOrgPerson,posixAccount,top
>>loginShell: /bin/bash
>>uidNumber: 0
>>gidNumber: 0
>>homeDirectory: /root
>>gecos: Samba Admin
>>userPassword: {SSHA}2b/re4djmAJmmNCWnJmKcJLGlCRqdGdU
>>_____________________________
>>
>>if i use "ldapsearch -x -Z '(uid=Administrator)' i get the right entry, 
>>i suppose the same entry found with the other command:
>>____________________
>>[root at fedorac4 ~]# ldapsearch -x -Z '(uid=Administrator)'
>>ldap_start_tls: Protocol error (2)
>>        additional info: unsupported extended operation
>># extended LDIF
>>#
>># LDAPv3
>># base <> with scope sub
>># filter: (uid=Administrator)
>># requesting: ALL
>>#
>>
>># Administrator, People, localdomain
>>dn: uid=Administrator,ou=People,dc=localdomain
>>uid: Administrator
>>cn: Samba Admin
>>givenName: Samba
>>sn: Admin
>>mail: Administrator at localdomain
>>objectClass: person
>>objectClass: organizationalPerson
>>objectClass: inetOrgPerson
>>objectClass: posixAccount
>>objectClass: top
>>loginShell: /bin/bash
>>uidNumber: 0
>>gidNumber: 0
>>homeDirectory: /root
>>gecos: Samba Admin
>>
>># search result
>>search: 3
>>result: 0 Success
>>
>># numResponses: 2
>># numEntries: 1
>>[root at fedorac4 ~]#
>>_________________________________________-
>>
>>i suppose the two command give me the same entry because sghould be 
>>querying the same database......
>>
>>if i use pdbedit -u Administrator
>>i get
>>_________________
>>[root at fedorac4 ~]# pdbedit -u Administrator
>>Username not found!
>>[root at fedorac4 ~]#
>>_________________
>>
>>so if only samba related commands seem not to work properly perhaps the 
>>problem is in samba configuration,
>>but in the guides downloaded from the website i didn't found how to 
>>configure the part of the file for what concern the scripts of entries 
>>managemant such as adding users, machine, etc......
>>what should i do now?
>>
>>bye leon
>>
>>
>>--
>>Fedora-directory-users mailing list
>>Fedora-directory-users at redhat.com
>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>    
>>
>
>This is what the administrator entry should look like :
>
>[root at directory alias]# ldapsearch -x -ZZ '(uid=administrator)'
># extended LDIF
>#
># LDAPv3
># base <> with scope sub
># filter: (uid=administrator)
># requesting: ALL
>#
>
># Administrator, People, gsslab.rdu.redhat.com
>dn: uid=Administrator,ou=People,dc=gsslab,dc=rdu,dc=redhat,dc=com
>uid: Administrator
>cn: Samba Administrator
>objectClass: account
>objectClass: posixAccount
>objectClass: top
>objectClass: sambaSamAccount
>loginShell: /bin/bish
>uidNumber: 0
>gidNumber: 0
>homeDirectory: /root
>gecos: Samba Administrator
>sambaSID: S-1-5-21-1803520230-1543781662-649387223-1000
>sambaPrimaryGroupSID: S-1-5-21-1803520230-1543781662-649387223-1001
>displayName: Samba Administrator
>sambaPwdCanChange: 1120750967
>sambaPwdMustChange: 2147483647
>sambaLMPassword: CFA95C51F11AB11DC2265B23734E0DAC
>sambaNTPassword: B2D88A4A9B0DAEE170E75F67D54918F6
>sambaPasswordHistory:
>00000000000000000000000000000000000000000000000000000000
> 00000000
>sambaPwdLastSet: 1120750967
>sambaAcctFlags: [U          ]
>
># search result
>search: 3
>result: 0 Success
>
># numResponses: 2
># numEntries: 1
>
>So it looks like perhaps the administrator account needs the objectclass
>sambaSamAccount added to the entry manually then you should be able to
>proceed
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>  
>
i removed all the references to smbldap-tools in the smb.conf and now 
things seems to work better...
i beg your pardon for this mistake but i thought that samba would 
interact with ldap through that tools.
now, for example, when i join a machine to the domain who is in charge 
of adding the correct entry in ldap database without smbladp-tools?

thanks,
leon

More information about the Fedora-directory-users mailing list