[K12OSN] smbldap-installer v. 1.2-gamma (profiles working and"Administrato

David Trask dtrask at vcs.u52.k12.me.us
Tue Feb 8 00:03:35 UTC 2005 

"Support list for opensource software in schools." <k12osn at redhat.com> on
Monday, February 7, 2005 at 4:52 PM +0000 wrote:
>> Dave Trask was the first
>>   to successfully test after appending "%U" to the userProfile setting
>>   in smbldap.conf.  (Simply changing this setting on a previously
>>   configured system may or may not work.  I haven't tested it.)
>
>I made the change to a running system and it does work.  But, any
>existing users I found out were created with the old settings.  So the
>reason I was unsuccessful in getting things to work is I had not removed
>those users and recreated new ones.  After that things work fine.  So
>just to be sure things are in good shape after all my messing around I
>am taking David's advice and canning the thing and will reload it with
>your new script.  I'll report back to let you know if there were/weren't
>any problems.

I too was able to change a running system, but ran into issue with "roots"
home when I redid some things after running the new version of the script
that addresses the Administrator issue.  In the end I hosed everything
(I'm getting good at that) ;-)  So naturally (thank god for NFS installs)
I reloaded and everything is working Perfectly!  Matt and I also received
some validation from John Terpstra (a Samba.org big-wig) that our
Administrator suspicions were correct.  (it's bad advice that keeps
getting handed out by others...meaning the use of an Administrator account
is bad advice)  Here's the text of his response....

######
Please note that a side effect of Administrator with UID=0 as well as root 
with UID=0 is that login name to UID and login name to SID resolution is
no 
longer unambiguous. This will break winbindd big time in critical
situations.

The best advice is to have just 'root' with UID=0 and use 'root' as the
domain 
administrator account. The new privileges capability can be used to
delegate 
some administrative functions, such as adding machines to the domain, to 
accounts other than 'root'.
########
>
>
>> * The Administrator user has been laid to rest; use 'root' now in its
>>   place.  NOTE: This means you use 'root' with root's SAMBA password
>>   to add Windoze machines to your domain.  (You set root's Samba
>>   password while the smb-ldap.pl script is running.)
>> 
>> Thanks to everyone here (particularly Dave Trask) for helping 
>> to track down the profiles bug!
>> 
>> And it was an email from Dave that gave me the solution for 
>> ditching the Administrator user.
>
>Good.  That will eliminate the weird stuff when logging in as root on
>the server as well.  
>
>Thanks Matt and Dave for your efforts.

You're welcome....by the way...we'll be in Boston so a Sam Adams Lager
will work  ;-)
>
>
>Do either of you know if Webmin will still be able to be used for
>adding/removing/modifying users along with its bulk add section?  If not
>I'll just give it a whirl when I get rebuilt.

See my other post, but in short, no..."not unless you want to become as
well versed as I am in hosing systems"  ;-)


David N. Trask
Technology Teacher/Coordinator
Vassalboro Community School
dtrask at vcs.u52.k12.me.us
(207)923-3100

More information about the K12OSN mailing list