Re: problem with creating a machine account (sarge)

[bernd <bernd.grah@sternverteiler.de>]

Finn-Arne Johansen schrieb:
> bernd wrote:
>
> > Hello,
> > my tests with dabian-edu-sarge are in the second week and now i have a 
> > problem
> > i created my own ip net  (192.168.0.0)
>
>  > i have removed everything whats pointed to 10.0.2.0
>
> you have a main server only, and you changed it to use 192.168.0.0 as 
> backbone ?
> That should not be a big problem if you did things correctly
>
> > it works fine
> > after some problems wlus is working --- i had used smbpasswd -w but 
> > this damaged my system -----
> > now this is running fine -- i have removed the db files and with the 
> > debian-edu installation of ldap i have made them working again--
>
>
> Ok, so you now got a working wlus again ?
Yes , i tried to change some attributes of users and i have created new 
accounts - it works
> And Samba is also working ?
Yes it works fine.
> > My tests show me that wlus is working fine and i can login to the 
> > workgroup=skolelinux  from an xp workstation by username+passwd
>
>
> Is this on a workstation that is not a member of the domain, or is it a 
> workstation that was added to the domain before fatal "smbpasswd -w " 
> was run ?
I want to put it to the domain.
Before i used the network to login at tjener. Only as workgroup member.
I used smbpasswd -w  because of the Problem, that xp told me:
unknown user - now , after some more tests i think, that the error 
messages of xp are not exact.
> > now, when i try to bind a machine (xp-pro) to get memeber of the 
> > domain i get the following error
> > domain=skolelinux
> > asking about user who is allowed = root   passwd=smbadminpw(it works 
> > with wlus)
>
>
> The smbadminpw should not be known to anyone. it is only used to add 
> some samba entities to the objects in the ldap tree. the reason for 
> splitting them up is that the password for the smbadmin is stored on the 
> server. It is scrambled, but it's rather easy to descramble.
> what happens when you use "smbpasswd -w something" is that you tell 
> samba that the password "something" is to be used when it should add 
> some samba entities to an already existing object in the ldap tree.
> there is another account - the samba root account - that is not the same 
> as the unix root account. Someone asked if we could have used another 
> name for this account, maybe "Administrator", like in windows, but 
> "root" is so much shorter to type :)
I dont want to use smbpasswd -w  now because i have a running system - 
it is now my server in my net.


> This is a pure samba account, but 
> originally, it has no password set. this is it should be ok to give out 
> this password to junior admins, to let them add machines to the domain. 
> It is also possible to set up a group, and let this group add machines 
> to the samba domain.
>
> ok - to debug your installation - this is a strict 
> debian-edu_sarge-based installation right ? No packages are added from 
> outside the debian-repository (or debian-edu) ?
>
> then to see if the user root exist, you may use the following command 
> ldapserch -h ldap -x -LLL \
>            -b ou=People,dc=skole,dc=skolelinux,dc=no \
>            uid=root
> (The "\" at the end, tells bash that the command continues on the next 
> line)
ldapsearch  -- command not found, what do i have to install to get it 
working ?
> You should get some output like this:
>  dn: uid=root,ou=People,dc=skole,dc=skolelinux,dc=no
>  objectClass: sambaSamAccount
>  objectClass: account
>  uid: root
>  sambaSID: S-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXX-1000
>
> > xp shows me, that there is no user root found
> >
> > when i touch the log of the client in /var/samba/
> > on tjener :
> > Undefined subroutine &main: :read_adduser_config called at 
> > /etc/samba/smbaddclient.pl line 20, <DATA> line 225.
> > the script smbaddclient.pl has no line 225 and in
> > ldap-users.pl in line 225 there is
> > #search for users in a given domain $basedn.
> > sub ldap_search_users ..........
>
>
> Looks like we have a bug - I'm not surprised :)
i have tested more things ---

if i create a user test    with  adduser from debian-edu-tools i get no 
error.
If i look in /skole/tjener/home0  there is a new craeted home test
but if i use wlus -- there is no user test listed

slapcat |more to browse my ldap ---- no user test
the users i created with wlus are there -----

when i read the smbaddclient.pl in line 20 there is  read_adduser_config
and the error message shows me, that
         Undefined subroutine &main: :read_adduser_config called at
         /etc/samba/smbaddclient.pl line 20, <DATA> line 225.

I have tested other things to get the xp-pro workstation to the domain 
but there are always errors --- because of it i dont post it here, its 
only "try and error".

One Question :
In smb.conf
there is one line :
; invalid users = root   --- what means the ;  ??


> > Anyone who ever had this Problem ?
> > I read a lot of things over googling the net but now i am at the point 
> > that i think its better to ask .
>
>
> NO, this one is new to me (And I think I have seen most of them)
now it has happened, i tried again to use smbpasswd -w pw

everything breaks at this moment, no longer network connection to 
msclients in the workgroup skolelinux
I will repair it and then i will post the things i need help with
Bernd Grah
>