[Fedora-directory-users] Samba and FDS 7.1 on Fedora Core 4 Error
Leonardo Pugliesi
l.pugliesi at exint.it
Fri Jul 22 15:01:38 UTC 2005
Adam Stokes ha scritto:
>On Thu, 2005-07-21 at 17:05 +0200, Leonardo Pugliesi wrote:
>
>
>>Adam Stokes ha scritto:
>>
>>
>>
>>>On Thu, 2005-07-21 at 15:44 +0200, Leonardo Pugliesi wrote:
>>>
>>>
>>>
>>>
>>>>Adam Stokes ha scritto:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>On Thu, 2005-07-21 at 10:36 +0200, Leonardo Pugliesi wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>Adam Stokes ha scritto:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>>>Leon,
>>>>>>>>>
>>>>>>>>>I think since you have an administrator account set already, do
>>>>>>>>>
>>>>>>>>>smbpasswd Adminsitrator
>>>>>>>>>
>>>>>>>>>the '-a' switch tells samba to add that user without it will just change
>>>>>>>>>the password and add the appropriate entries to directory server
>>>>>>>>>
>>>>>>>>>--
>>>>>>>>>Fedora-directory-users mailing list
>>>>>>>>>Fedora-directory-users at redhat.com
>>>>>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>if i use "smbpasswd Administrator" i get:
>>>>>>>>_______________________________
>>>>>>>>[root at fedorac4 ~]# smbpasswd Administrator
>>>>>>>>New SMB password:
>>>>>>>>Retype new SMB password:
>>>>>>>>Failed to find entry for user administrator.
>>>>>>>>Failed to modify password entry for user administrator
>>>>>>>>[root at fedorac4 ~]#
>>>>>>>>_______________________________
>>>>>>>>so it seems that i can't add Administrator because the entry alredy
>>>>>>>>exists, but i can't modify it because it doesn't exists.....
>>>>>>>>am i missing something :-)
>>>>>>>>
>>>>>>>>thanx
>>>>>>>>
>>>>>>>>--
>>>>>>>>Fedora-directory-users mailing list
>>>>>>>>Fedora-directory-users at redhat.com
>>>>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>What does your smb.conf look like? Also is there anything in the samba
>>>>>>>logs?
>>>>>>>
>>>>>>>--
>>>>>>>Fedora-directory-users mailing list
>>>>>>>Fedora-directory-users at redhat.com
>>>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>This is smb.conf (global section):
>>>>>>
>>>>>>[global]
>>>>>> workgroup = FEDORAC4
>>>>>> username map = /etc/samba/smbusers
>>>>>> enable privileges = yes
>>>>>> server string = Samba Server %v
>>>>>> security = user
>>>>>> encrypt passwords = Yes
>>>>>> min passwd length = 3
>>>>>> obey pam restrictions = No
>>>>>> ldap passwd sync = Yes
>>>>>> #unix password sync = Yes
>>>>>> passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u
>>>>>> #passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n"
>>>>>> ldap passwd sync = Yes
>>>>>> log level = 0
>>>>>> syslog = 0
>>>>>> log file = /var/log/samba/log.%m
>>>>>> max log size = 100000
>>>>>> time server = Yes
>>>>>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>>>>> mangling method = hash2
>>>>>> Dos charset = 850
>>>>>> Unix charset = ISO8859-1
>>>>>> logon script = logon.bat
>>>>>> logon drive = H:
>>>>>> logon home =
>>>>>> logon path =
>>>>>> domain logons = Yes
>>>>>> os level = 65
>>>>>> preferred master = Yes
>>>>>> domain master = Yes
>>>>>> wins support = Yes
>>>>>> passdb backend = ldapsam:ldap://fedorac4.localdomain
>>>>>> #passdb backend = ldap:ldap://fedorac4.localdomain
>>>>>> # passdb backend = ldapsam:"ldap://127.0.0.1/ ldap://slave.idealx.com"
>>>>>> ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
>>>>>> ldap admin dn = cn=Directory Manager
>>>>>> ldap suffix = dc=localdomain
>>>>>> ldap group suffix = ou=Groups
>>>>>> ldap user suffix = ou=People
>>>>>> ldap machine suffix = ou=Computers
>>>>>> ldap idmap suffix = ou=Users
>>>>>> #ldap ssl = start tls
>>>>>> add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"
>>>>>> ldap delete dn = Yes
>>>>>> #delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"
>>>>>> add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u"
>>>>>> add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"
>>>>>> #delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g"
>>>>>> add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"
>>>>>> delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"
>>>>>> set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u"
>>>>>>
>>>>>>
>>>>>>samba logs is empty
>>>>>>Leon
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>--
>>>>>>Fedora-directory-users mailing list
>>>>>>Fedora-directory-users at redhat.com
>>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>Not sure at this point, looks like you are using idealx scripts for some
>>>>>of the administration maybe they created the admin account?
>>>>>
>>>>>--
>>>>>Fedora-directory-users mailing list
>>>>>Fedora-directory-users at redhat.com
>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>the entry "Administrator.... " has been created with the ldif2ldap
>>>>method, as shown in the how-to.
>>>>the problem, in my opinion, is that if i use "smbldap-usershow
>>>>Administrator" i get the right entry:
>>>>
>>>>_____________________________
>>>>[root at fedorac4 ~]# /opt/IDEALX/sbin/smbldap-usershow Administrator
>>>>dn: uid=Administrator,ou=People,dc=localdomain
>>>>uid: Administrator
>>>>cn: Samba Admin
>>>>givenName: Samba
>>>>sn: Admin
>>>>mail: Administrator at localdomain
>>>>objectClass: person,organizationalPerson,inetOrgPerson,posixAccount,top
>>>>loginShell: /bin/bash
>>>>uidNumber: 0
>>>>gidNumber: 0
>>>>homeDirectory: /root
>>>>gecos: Samba Admin
>>>>userPassword: {SSHA}2b/re4djmAJmmNCWnJmKcJLGlCRqdGdU
>>>>_____________________________
>>>>
>>>>if i use "ldapsearch -x -Z '(uid=Administrator)' i get the right entry,
>>>>i suppose the same entry found with the other command:
>>>>____________________
>>>>[root at fedorac4 ~]# ldapsearch -x -Z '(uid=Administrator)'
>>>>ldap_start_tls: Protocol error (2)
>>>> additional info: unsupported extended operation
>>>># extended LDIF
>>>>#
>>>># LDAPv3
>>>># base <> with scope sub
>>>># filter: (uid=Administrator)
>>>># requesting: ALL
>>>>#
>>>>
>>>># Administrator, People, localdomain
>>>>dn: uid=Administrator,ou=People,dc=localdomain
>>>>uid: Administrator
>>>>cn: Samba Admin
>>>>givenName: Samba
>>>>sn: Admin
>>>>mail: Administrator at localdomain
>>>>objectClass: person
>>>>objectClass: organizationalPerson
>>>>objectClass: inetOrgPerson
>>>>objectClass: posixAccount
>>>>objectClass: top
>>>>loginShell: /bin/bash
>>>>uidNumber: 0
>>>>gidNumber: 0
>>>>homeDirectory: /root
>>>>gecos: Samba Admin
>>>>
>>>># search result
>>>>search: 3
>>>>result: 0 Success
>>>>
>>>># numResponses: 2
>>>># numEntries: 1
>>>>[root at fedorac4 ~]#
>>>>_________________________________________-
>>>>
>>>>i suppose the two command give me the same entry because sghould be
>>>>querying the same database......
>>>>
>>>>if i use pdbedit -u Administrator
>>>>i get
>>>>_________________
>>>>[root at fedorac4 ~]# pdbedit -u Administrator
>>>>Username not found!
>>>>[root at fedorac4 ~]#
>>>>_________________
>>>>
>>>>so if only samba related commands seem not to work properly perhaps the
>>>>problem is in samba configuration,
>>>>but in the guides downloaded from the website i didn't found how to
>>>>configure the part of the file for what concern the scripts of entries
>>>>managemant such as adding users, machine, etc......
>>>>what should i do now?
>>>>
>>>>bye leon
>>>>
>>>>
>>>>--
>>>>Fedora-directory-users mailing list
>>>>Fedora-directory-users at redhat.com
>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>
>>>>
>>>>
>>>>
>>>This is what the administrator entry should look like :
>>>
>>>[root at directory alias]# ldapsearch -x -ZZ '(uid=administrator)'
>>># extended LDIF
>>>#
>>># LDAPv3
>>># base <> with scope sub
>>># filter: (uid=administrator)
>>># requesting: ALL
>>>#
>>>
>>># Administrator, People, gsslab.rdu.redhat.com
>>>dn: uid=Administrator,ou=People,dc=gsslab,dc=rdu,dc=redhat,dc=com
>>>uid: Administrator
>>>cn: Samba Administrator
>>>objectClass: account
>>>objectClass: posixAccount
>>>objectClass: top
>>>objectClass: sambaSamAccount
>>>loginShell: /bin/bish
>>>uidNumber: 0
>>>gidNumber: 0
>>>homeDirectory: /root
>>>gecos: Samba Administrator
>>>sambaSID: S-1-5-21-1803520230-1543781662-649387223-1000
>>>sambaPrimaryGroupSID: S-1-5-21-1803520230-1543781662-649387223-1001
>>>displayName: Samba Administrator
>>>sambaPwdCanChange: 1120750967
>>>sambaPwdMustChange: 2147483647
>>>sambaLMPassword: CFA95C51F11AB11DC2265B23734E0DAC
>>>sambaNTPassword: B2D88A4A9B0DAEE170E75F67D54918F6
>>>sambaPasswordHistory:
>>>00000000000000000000000000000000000000000000000000000000
>>>00000000
>>>sambaPwdLastSet: 1120750967
>>>sambaAcctFlags: [U ]
>>>
>>># search result
>>>search: 3
>>>result: 0 Success
>>>
>>># numResponses: 2
>>># numEntries: 1
>>>
>>>So it looks like perhaps the administrator account needs the objectclass
>>>sambaSamAccount added to the entry manually then you should be able to
>>>proceed
>>>
>>>--
>>>Fedora-directory-users mailing list
>>>Fedora-directory-users at redhat.com
>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>>
>>>
>>>
>>>
>>i removed all the references to smbldap-tools in the smb.conf and now
>>things seems to work better...
>>i beg your pardon for this mistake but i thought that samba would
>>interact with ldap through that tools.
>>now, for example, when i join a machine to the domain who is in charge
>>of adding the correct entry in ldap database without smbladp-tools?
>>
>>thanks,
>>leon
>>
>>
>>--
>>Fedora-directory-users mailing list
>>Fedora-directory-users at redhat.com
>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>
>
>Unfortunately, it has to be done manually without the proper ldap
>tools.. I haven't gotten that far in testing just a preliminary how-to
>for this.
>
>IDEALX scripts do work with openldap again I haven't tested with FDS. My
>suggestion to you or someone who is good in C is to write a plugin for
>FDS probably a Pre-operation plugin to allow for the adding/removing of
>entries in the FDS db.
>
>More information on plugins can be found :
>http://directory.fedora.redhat.com/wiki/Plugins
>
>Sorry I couldn't be of further assistance
>
>thanks
>
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
>
now i have to users configured in ldap: testuser and admnistrator (as u
do in the how-to)
when i try to enter in a samba share with testuser i have no problems
but if i use administrator and its password i can't enter,
is this normal?
thanx,
leon
More information about the Fedora-directory-users
mailing list