[KLUG Members] Help for upgrade to Samba 3.0.1 (LDAPSAM) fm 2.2.8a
anybody?
Jim C.
members@kalamazoolinux.org
Thu, 22 Jan 2004 14:04:10 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
| Ah ha! Your getting this while attempting to join the domain?
|
| 1.) You have a posixAccount object the corresponds to the [%m || "$"]?
Huh? You mean a machine account? Yes and no it is not also a
sambaSamAccount. I can see how this might be a problem with everything
having moved over to SIDs and stuff. Any ideas on how I can fix this?
Note that what I used to add the machine was the IDEALX script as
utilized in smb.conf. If it is wrong then we may want to report it as a
bug. Default values shouldn't be misleading.
| 2.) That posixAccount is NOT also a sambaSamAccount
| 3.) That object is under you ou=System Accounts or equivalent ou
The client machine's name is kaliklak. The dn is:
uid=kaliklak$,ou=Computers,dc=j9starr,dc=net
| --What ldap machine suffix = says
| 4.) Your logged into the workstation as the **LOCAL** Administrator
Don't I have to if I don't have domain membership yet set up on the
client box? I suppose for that matter that I also don't have it set up
on the Samba server either without the sambaSamAccount objectclass in
the machine account. Hmmm... if the IDEALX scripts wont create a
machine account that is also a sambaSamAccount I might have to do some
scripting of my own regardless.
| 5.) You've made NONE/ZERO/ZIP network connections before attempting to
| join the domian?
| i.e. You boot, login, and attempt to join the domain with NO
| intermediary steps.
I restarted the server assumeing that this would sever any connections.
| 6.) "net getlocalsid" on the purported PDC returns a PDC like SID?
| -->[root@littleboy /root]# net getlocalsid
| -->SID for domain BARBEL is: S-1-5-21-2037442776-3290224752-88127236
| --See the lack of a RID
[root@enigma root]# net3 getlocalsid
SID for domain ENIGMA is: S-1-5-21-1825057718-3407101348-4194330872
[root@enigma root]#
| 7.) You have a uid=root object in your Dit and that object ***IS** a
| sambaSamAccount (it's RID doesn't matter, should be 1000 following
| normal conventions, but whatever).
| -->[root@littleboy /root]# pdbedit -u root
| -->root:0:root
| --It is OK for root to also be in /etc/passwd, don't worry about it.
I don't have access to pbedit. What package is it part of?
I currently do not have a uid=root in my DIT. I suppose I would have to
put it in ou=People so samba can find it?
[root@enigma samba3]# grep People smb.conf
ldap user suffix = ou=People
Hmmm... I would really rather not put it in a place where it can be seen
by linux though. I suppose I could create a sub ou under People. That
might hide it from Linux but is samba doing a sub tree search of ou
People or not?
Will fix.
| 8.) root is a memberuid attribute of your Domain Administrators group.
| (or the root account object's dn is a member attribute of the group
| object if your using RFC2307bis).
I have no idea what RFC is what. I'll create uid=root sambaSamAccount
and add it to Domain Administrators.
| -->[root@littleboy /root]# id root
| -->uid=0(root) gid=0(root)
| -->groups=0(root),1(bin),2(daemon),3(sys),6(disk),10(wheel),
| -->*****4(admins)***** <- the Domain Administrators group
[root@enigma samba3]# id root
uid=0(root) gid=0(root) groups=0(root)
But then it is already known that I have to fix this.
| 9.) Your domain administrators group has a SID of PDC-SID || "-512"
| -->[root@littleboy /root]# net groupmap list | grep Admin
| -->Domain Admins (S-1-5-21-2037442776-3290224752-88127236-512) -> admins
| --And of course, this SID does match the PDC SID?
dn: uid=Administrator,ou=People,dc=j9starr,dc=net
sambaPrimaryGroupSID: S-1-5-21-1825057718-3407101348-4194330872-512
sambaSID: S-1-5-21-1825057718-3407101348-4194330872-500
| 10.) You have WIS support enabled on the PDC and the client has that set
| as the WINS server?
[root@enigma samba3]# grep wins smb.conf
# the default order is "host lmhosts wins bcast". "host" means use the unix
; name resolve order = wins lmhosts bcast
~ wins support = yes
; wins server = w.x.y.z
; wins proxy = yes
[root@enigma samba3]#
I've never needed to mess with this before on the client. Is this
something new?
| 11.) Your attempting to join the domain using the following procedure -
| -->Start \ Settings \ Control Panel \ System \ Network Identification \
| -->Properties \ select Domain\ enter BACKBONE\ OK \ Enter root and root
| -->password
| --Where BACKBONE is of course, the name of your domain, the above is
| cut-n-pasted from Morrison Industries ED Manual.
My procedure has been:
My Computer | Properties | Computer Name | Change | Enter J9STARR |
Administrator | Administrators password | OK
|>Now just accessing the shares, I can go:
...
|>will not let me write to it. (\\Enigma\public)
Solved. Underlying file permissions.
|>If I go J9starr | Samba Server 3.01 (Enigma)| Homes it says the network
|>path is not available.
|
|
| And your sure that the home directory for the user your trying to
| connect as is actually valid? And you have -
| [homedir]
| comment = Home Directory
| path = %H
| read only = no
| browseable = yes
| - defined in smb.conf?
[homes]
~ comment = Home Directories
~ browseable = yes
~ writable = yes
~ guest ok = no
Will comment out my settings and try your settings.
|>If I go J9starr | Samba Server 3.01 (Enigma)| Netlgon I get a login box
|>but it says
| Right, your not a member of the domain (yet)
Right.
- --
- -----------------------------------------------------------------
| I can be reached on the following messenger services: |
|---------------------------------------------------------------|
| MSN: j_c_llings@hotmail.com AIM: WyteLi0n ICQ: 123291844 |
|---------------------------------------------------------------|
| Y!: j_c_llings Jabber: jcllings@nureality.com |
- -----------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAEEja57L0B7uXm9oRAvnQAJ93ZDWA74b9GkbEk/XN4juW7bLWsACghuD8
3Wcer6NM5HIweCZoJyWDTRI=
=3ndS
-----END PGP SIGNATURE-----