[K12OSN] SambaLDAP question

Craig White craig at tobyhouse.com
Fri Sep 28 16:21:51 UTC 2007


On Fri, 2007-09-28 at 14:04 +0100, Brian Chivers wrote:
> John Ingleby wrote:
> > We successfully joined the first XP Pro machine to our Samba LDAP
> > domain, but further machines simply return the error message "The
> > specified domain either does not exist or could not be contacted".
> > 
> > We're using K12LTSP v5.0 for the classroom thin client server, with
> > CentOS 5 for the backend file & authentication server. With donated
> > machines and classes of 12-15 this seems the way to go.
> > 
> > The important Windows XP Pro client registry settings are all the same,
> > so most likely we have somehow varied the procedure for adding machine
> > accounts. Can anyone point me to a detailed step-by-step howto for
> > adding machine accounts & joining Windows machines to the SambaLDAP
> > domain?
> > 
> > The various LDAP-Samba HowTos are great for setting up Samba, and we
> > appear to have completed those steps successfully. However, I cannot
> > find a sufficiently detailed explanation of the subsequent steps for
> > 
> > a) setting up machine accounts with SambaLDAP
> 
> This should be managed using the smbldap-passwd scripts with a section like this in your smb.conf file
> 
>    # use the smbldap-tools scripts
>    add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"
>    #delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"
>    add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u"
>    add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"
>    #delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g"
>    add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"
>    delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"
>    set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u"
> 
> 
> > b) creating the Samba (or LDAP?) root user & password
> 
> smbpasswd -a root
> 
> where this is a DIFFERENT password to you linux root password
> 
> > c) joining XP Pro machines to the domain 
> 
> Right click on My computer, Properties, Computer Name, Then click on the change button next to the line
> 
> To rename the computer or join a domain .....
> 
> Hope this help at least get you started :-)
> 
----
above is good but I would wonder about the wisdom of having a user root
in LDAP or smbpasswd

Since OP is using LTSP-5 (CentOS-5) he is running recent samba and
therefore, a full set of privileges is described here:
http://samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html

and I wouldn't recommend having a user 'root' in LDAP unless you
definitely know what you're doing. The machine should have a local root
user. That local root user really doesn't need to be a samba user.

As described in the link above, the user Administrator should be created
with whatever uid, and the well-known RID of 500

-- 
Craig White <craig at tobyhouse.com>




More information about the K12OSN mailing list