[Fedora-directory-users] can't lookup UNIX group Domain Admins

Sat Dec 16 17:33:09 UTC 2006

Craig White wrote ..
> On Fri, 2006-12-15 at 22:24 -0800, listman wrote:
> > >> On Fri, 2006-12-15 at 16:35 -0800, listman wrote:
> > >>> Can some one please point me in the right direction to fix this?
> IÃ¢â‚¬â„¢ve
> > >>> searched samba group and the only thing I can find is something about
> > >>> having the right scripts but they donÃ¢â‚¬â„¢t tell you where to
> get them or
> > >>> how
> > >>> to run them.
> > >>> Any help would be greatly appreciated.
> > >> ----
> > >> sounds like you are looking for smbldap-tools from idealx
> > >>
> > >> Perhaps you are using packaging from a distribution that offers these
> > >> tools or start here if that is indeed what you are looking for...
> > >>
> > >> http://sourceforge.net/projects/smbldap-tools
> > >>
> > >> Craig
> > >>
> > > Thanks Craig
> > > That does explain the scripts that I read about but it's not helping
> my
> > > problem any.
> > > I'm going through the samba doc on the FDS site and keep running into
> > > problems here and no one seems to know the answer. I have installed
> > > everything I need, configurd samba, ldap, bind, and everything else
> > > refrenced from the FDS site. I'm missing something thats isn't covered
> on
> > > the site but I dont know enough to figure out what it is. Heres my
> > > smb.conf file if that helps any..
> > >
> > > [global]
> > > workgroup = DEPFYFFER
> > > security = user
> > > passdb backend = ldapsam:ldap://depfyffer.com
> > > ldap admin dn = cn=Directory Manager
> > > ldap suffix = dc=depfyffer,dc=com
> > > ldap user suffix = ou=People
> > > ldap machine suffix = ou=Computers
> > > ldap group suffix = ou=Groups
> > >
> > > add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
> > > add user script = /usr/local/sbin/smbldap-useradd -m "%u"
> > > ldap delete dn = Yes
> > > #delete user script = /usr/local/sbin/smbldap-userdel "%u"
> > > add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
> > > #delete group script = /usr/local/sbin/smbldap-groupdel "%g"
> > > add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u"
> "%g"
> > > delete user from group script = /usr/local/sbin/smbldap-groupmod -x
> "%u"
> > > "%g"
> > > set primary group script = /usr/local/sbin/smbldap-usermod -g "%g"
> "%u"
> > > add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
> > >
> > > log file = /var/log/%m.log
> > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> > >
> > > os level = 33
> > > domain logons = yes
> > > domain master = yes
> > > local master = yes
> > > preferred master = yes
> > >
> > > wins support = yes
> > >
> > > logon home = \\%L\%u\profiles
> > > logon path = \\%L\profiles\%u
> > > logon drive = H:
> > >
> > > template shell = /bin/false
> > > winbind use default domain = no
> > >
> > > [netlogon]
> > > path = /var/lib/samba/netlogon
> > > read only = yes
> > > browsable = no
> > >
> > > [profiles]
> > > path = /var/lib/samba/profiles
> > > read only = no
> > > create mask = 0600
> > > directory mask = 0700
> > >
> > > [homes]
> > > browsable = no
> > > writable = yes
> > >
> > 
> > This may help also??
> > 
> > [root at depfyffer log]# smbpasswd -D 10 -a -m
> > Netbios name list:-
> > my_netbios_names[0]="DEPFYFFER"
> > Attempting to register passdb backend ldapsam
> > Successfully added passdb backend 'ldapsam'
> > Attempting to register passdb backend ldapsam_compat
> > Successfully added passdb backend 'ldapsam_compat'
> > Attempting to register passdb backend NDS_ldapsam
> > Successfully added passdb backend 'NDS_ldapsam'
> > Attempting to register passdb backend NDS_ldapsam_compat
> > Successfully added passdb backend 'NDS_ldapsam_compat'
> > Attempting to register passdb backend smbpasswd
> > Successfully added passdb backend 'smbpasswd'
> > Attempting to register passdb backend tdbsam
> > Successfully added passdb backend 'tdbsam'
> > Attempting to find an passdb backend to match ldapsam:ldap://depfyffer.com
> > (ldapsam)
> > Found pdb backend ldapsam
> > smbldap_search_domain_info: Searching
> > for:[(&(objectClass=sambaDomain)(sambaDomainName=DEPFYFFER))]
> > smbldap_search_ext: base => [dc=depfyffer,dc=com], filter =>
> > [(&(objectClass=sambaDomain)(sambaDomainName=DEPFYFFER))], scope => [2]
> > The connection to the LDAP server was closed
> > smb_ldap_setup_connection: ldap://depfyffer.com
> > smbldap_open_connection: connection opened
> > ldap_connect_system: Binding to ldap server ldap://depfyffer.com as
> > "cn=Directory Manager"
> > ldap_connect_system: succesful connection to the LDAP server
> > ldap_connect_system: LDAP server does not support paged results
> > The LDAP server is succesfully connected
> > smbldap_get_single_attribute: [sambaAlgorithmicRidBase] = [<does not
> exist>]
> > pdb backend ldapsam:ldap://depfyffer.com has a valid init
> > smbldap_search_ext: base => [dc=depfyffer,dc=com], filter =>
> > [(&(uid=root$)(objectclass=sambaSamAccount))], scope => [2]
> > ldapsam_getsampwnam: Unable to locate user [root$] count=0
> > Failed to modify password entry for user root$
> ----
> assuming that you have installed smbldap-tools installed and configured
> properly (assuming facts not in evidence from the above), you would need
> to run smblpdap_populate which will automatically populate your LDAP
> with the needed configuration entries for Samba to work properly.
> 
> Official Samba documentation lists the idealx tools (smbldap-tools)
> information here...
> http://samba.org/samba/docs/man/Samba-Guide/happy.html#sbeidealx
> 
> and consider this section on making happy users...
> http://samba.org/samba/docs/man/Samba-Guide/happy.html#id2574922
> 
> Craig
Thanks again Craig,
It looks like I'm going to have to start fresh and just try the idealx route. Maybe I can learn enough about samba and ldap that route then move on to FDS after that. FDS seems a little too much for me, I think my biggest downfall is never being exposed to ldap, I've used samba quit a bit but never in this extent.
Thanks again for all the pointers.. see ya next time.