Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a problem with samba and ldap. I configured samba as PDC backended by ldap. everything is ok until I try to join the domain on one XP Pro station (both - Linux Cent OS and win XP Pro - virtualized - if counts). On Windows I get that messages "The user name could not be found" but on Linux everything is working OK apparently because the station is added on ldap. The problem that I found searching (google) is that in ldap there is no SambaSAMAccount object. This is my problem how can be that fixed?
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database bdb
suffix "dc=speranta,dc=eu"
rootdn "cn=Manager,dc=speranta,dc=eu"
rootpw {SSHA}+GdCUnxTSVRyAUrk3gbhuilO23xY99HQ
directory /var/lib/ldap
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index objectClass,uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by anonymous auth
by * none
access to *
by * read
As I remember the samba scheme I copied it from /usr/share/doc/samba-3.0.28/LDAP/..... I don't have access to check from here (I'm at work) but I'll check when I get home. I installed with yum so I guessed that is up to date.
Is there anything else I should check?
When joining a workstation is there something I should do before?
I think I found something but I don't know how to "fix" it in smbldap-useradd or where I must change.
So, I noticed looking at the database with Ldapadmin that the ou=Computers contains an entry uid=STATION01$ ... BUT with the USER ICON not the computer icon so I delete it an right click on ou=Computers selected New -> Computer... and entered the name of the station "station01" then I choose the domain from the drop down list a.n then OK. Now I have an entry uid=STATION01$ whit computer icon. I went to mai workstation an added normally to the domain ... and ... surprise ... it works "Welcome to speranta domain."
So, I think smbldap-useradd -w %u creates an user account in computers and from there comes the problem. At least this is how I think.
If this is the problem how can I fix it so when I join the domain the smbldap-useradd -w to add an Computer object not a User object?
This is the smb.conf scripts i case u want to see if it's correct
Code:
add user script = /etc/opt/IDEALX/smbldap-tools/smbldap-useradd -m '%u'
delete user script = /etc/opt/IDEALX/smbldap-tools/smbldap-userdel '%u'
add group script = /etc/opt/IDEALX/smbldap-tools/smbldap-groupadd -p '%g'
delete group script = /etc/opt/IDEALX/smbldap-tools/smbldap-groupdel '%g'
add user to group script = /etc/opt/IDEALX/smbldap-tools/smbldap-groupmod -m '%u' '%g'
delete user from group script = /etc/opt/IDEALX/smbldap-tools/smbldap-groupmod -x '%u' '%g'
set primary group script = /etc/opt/IDEALX/smbldap-tools/smbldap-groupmod -g '%g' '%u'
add machine script = /etc/opt/IDEALX/smbldap-tools/smbldap-useradd -w '%u'
There are known problems with smbldap-tools depending on the various versions of the tools, samba and windows clients. You should try the "add machine" script from command line to find the correct options. Perhaps you can try:
Code:
add machine script = /usr/sbin/smbldap-useradd -w -a -H "[W]" "%u"
to smbldap-useradd I comented out the if statement with option i (line 225 to my file)
Code:
########################
# MACHINE ACCOUNT
if (defined($Options{'w'}) or defined($Options{'i'})) {
#print "About to create machine $userName:\n";
if (!add_posix_machine ($userName,$userUidNumber,$userGidNumber,$Options{'t'})) {
die "$0: error while adding posix account\n";
}
# if (defined($Options{'i'})) {
(of course the ending "}" too - line 267)
and modified "I" with "W" in account flags
Code:
add => [sambaAcctFlags => '[I ]'],
with
Code:
add => [sambaAcctFlags => '[W ]'],
The only problem I have now is that first time I add the station to the domain I get the same error (The user name could not be found), but the uid=station01$ is successfully created in the ou=Computers, and if I add again the station to the domain it joins. is there a way to delay the check of station01$ object. Otherwise said ... to check it after it was created so, that will be ok and hopefully will join from the first try.
If what I did (modifications) is wrong please tell me but for now is the only way I made the smbldap-tools add the computer corectly.
With respect,
Dani
P.S. I tried
Code:
add machine script = /usr/sbin/smbldap-useradd -w -a -H "[W]" "%u"
but didn't work for me ... same user icon
Last edited by dany4j; 07-09-2008 at 04:07 PM.
Reason: Added P.S.
AFAIK it's a known bug (feature?) of smbldap-tools. Read this to see how you can join a windows box to samba. Or use lam
As for the delay, you can use the "-t" option:
Quote:
-t time. Wait 'time' seconds before exiting (when adding Windows Workstation)
Using lam is a solution but not a good one at least for the sake of automation because if I implement a PDC to some company every time they reinstall win* (and/or change the station name) they have to call me? I'm telling this knowing that this is possible to add the station automaticaly without those manual steps.
Adding automaticaly, like that in the tutorial, without modification of those files (my previous post) it's not possible, I receive the same error "The user name could not be found" and a user object is created.
I had tried this morning (I'm beginning to have nightmares ) the -t (tried -t 10 ) and same result "the user name...."
I will try today to install samba from source (not with yum) and try version 3.2.0 (now I have 3.0.28) and smbldap-tools the latest version (I thought that nobody develops anymore smbldap-tools but this morning I found the site of the new developers HERE and HERE).
Thank you again for your time and answers. If you find a new solution ... I'm happy to hear it 'cause like I told you ... the nightmares are coming ...
Hello all,
I came back to post an answer for those who have the same problem. The way I fixed the problem is by upgrading smbldap-tools (at this time 0.9.5) and in machine add script -w is -W (capitalized) as u can see in smbldap-useradd --help
The only problem witch I still have is that the first time I try to join machine I receive an error with "user name could not be found" but after I retry ... it joins.
Have a nice day.
P.S. I don't know if it counts but I copied samba.schema from samba 3.2.0 source package (the samba on the server is still 3.0.28)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Samba and ldap problem
) the -t (tried -t 10 ) and same result "the user name...."
