[K12OSN] Re: K12OSN Digest, Vol 44, Issue 1

Mark Cockrell cockrell at honeygroveisd.net
Mon Oct 1 16:04:52 UTC 2007 

>>> John Ingleby wrote:
>>>> We successfully joined the first XP Pro machine to our Samba LDAP
>>>> domain, but further machines simply return the error message "The
>>>> specified domain either does not exist or could not be contacted".
>>>>
>>>> We're using K12LTSP v5.0 for the classroom thin client server, with
>>>> CentOS 5 for the backend file & authentication server. With donated
>>>> machines and classes of 12-15 this seems the way to go.
>>>>
>>>> The important Windows XP Pro client registry settings are all the 
>>>> same,
>>>> so most likely we have somehow varied the procedure for adding machine
>>>> accounts. Can anyone point me to a detailed step-by-step howto for
>>>> adding machine accounts & joining Windows machines to the SambaLDAP
>>>> domain?
>>>>
>>>> The various LDAP-Samba HowTos are great for setting up Samba, and we
>>>> appear to have completed those steps successfully. However, I cannot
>>>> find a sufficiently detailed explanation of the subsequent steps for
>>>>
>>>> a) setting up machine accounts with SambaLDAP
>>> This should be managed using the smbldap-passwd scripts with a 
>>> section like this in your smb.conf file
>>>
>>>    # use the smbldap-tools scripts
>>>    add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"
>>>    #delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"
>>>    add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u"
>>>    add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"
>>>    #delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g"
>>>    add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m 
>>> "%u" "%g"
>>>    delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod 
>>> -x "%u" "%g"
>>>    set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g 
>>> "%g" "%u"
>>>
>>>
>>>> b) creating the Samba (or LDAP?) root user & password
>>> smbpasswd -a root
>>>
>>> where this is a DIFFERENT password to you linux root password
>>>
>>>> c) joining XP Pro machines to the domain
>>> Right click on My computer, Properties, Computer Name, Then click on 
>>> the change button next to the line
>>>
>>> To rename the computer or join a domain .....
>>>
>>> Hope this help at least get you started :-)
>>>
>> ----
>> above is good but I would wonder about the wisdom of having a user root
>> in LDAP or smbpasswd
>>
>> Since OP is using LTSP-5 (CentOS-5) he is running recent samba and
>> therefore, a full set of privileges is described here:
>> http://samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html
>>
>> and I wouldn't recommend having a user 'root' in LDAP unless you
>> definitely know what you're doing. The machine should have a local root
>> user. That local root user really doesn't need to be a samba user.
>>
>> As described in the link above, the user Administrator should be created
>> with whatever uid, and the well-known RID of 500
>>
>
> You can have a different password for the root LDAP user and local 
> "all powerful" root, there is no
> way I'd have the same password.
>
> Brian
>
> ------------------------------------------------------------------------------------------------ 
>
>    The views expressed here are my own and not necessarily
>
>                the views of Portsmouth College
John,
    I've seen this behavior before.  If you use the "Network ID Wizard" 
it'll add to the domain every time.  If you simply change the workgroup 
it may or may not work.

More information about the K12OSN mailing list