[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: problem with creating a machine account (sarge)





bernd schrieb:


Finn-Arne Johansen schrieb:

bernd wrote:

Hello,
my tests with dabian-edu-sarge are in the second week and now i have a problem
i created my own ip net  (192.168.0.0)


 > i have removed everything whats pointed to 10.0.2.0

you have a main server only, and you changed it to use 192.168.0.0 as backbone ?
That should not be a big problem if you did things correctly

it works fine
after some problems wlus is working --- i had used smbpasswd -w but this damaged my system ----- now this is running fine -- i have removed the db files and with the debian-edu installation of ldap i have made them working again--



Ok, so you now got a working wlus again ?

Yes , i tried to change some attributes of users and i have created new accounts - it works

And Samba is also working ?

Yes it works fine.

My tests show me that wlus is working fine and i can login to the workgroup=skolelinux from an xp workstation by username+passwd



Is this on a workstation that is not a member of the domain, or is it a workstation that was added to the domain before fatal "smbpasswd -w " was run ?

I want to put it to the domain.
Before i used the network to login at tjener. Only as workgroup member.
I used smbpasswd -w  because of the Problem, that xp told me:
unknown user - now , after some more tests i think, that the error messages of xp are not exact.


now, when i try to bind a machine (xp-pro) to get memeber of the domain i get the following error
domain=skolelinux
asking about user who is allowed = root passwd=smbadminpw(it works with wlus)



The smbadminpw should not be known to anyone. it is only used to add some samba entities to the objects in the ldap tree. the reason for splitting them up is that the password for the smbadmin is stored on the server. It is scrambled, but it's rather easy to descramble. what happens when you use "smbpasswd -w something" is that you tell samba that the password "something" is to be used when it should add some samba entities to an already existing object in the ldap tree. there is another account - the samba root account - that is not the same as the unix root account. Someone asked if we could have used another name for this account, maybe "Administrator", like in windows, but "root" is so much shorter to type :)

I dont want to use smbpasswd -w now because i have a running system - it is now my server in my net.


This is a pure samba account, but originally, it has no password set. this is it should be ok to give out this password to junior admins, to let them add machines to the domain. It is also possible to set up a group, and let this group add machines to the samba domain.

ok - to debug your installation - this is a strict debian-edu_sarge-based installation right ? No packages are added from outside the debian-repository (or debian-edu) ?

then to see if the user root exist, you may use the following command ldapserch -h ldap -x -LLL \
           -b ou=People,dc=skole,dc=skolelinux,dc=no \
           uid=root
(The "\" at the end, tells bash that the command continues on the next line)

ldapsearch -- command not found, what do i have to install to get it working ?


You should get some output like this:
 dn: uid=root,ou=People,dc=skole,dc=skolelinux,dc=no
 objectClass: sambaSamAccount
 objectClass: account
 uid: root
 sambaSID: S-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXX-1000

xp shows me, that there is no user root found

when i touch the log of the client in /var/samba/
on tjener :
Undefined subroutine &main: :read_adduser_config called at /etc/samba/smbaddclient.pl line 20, <DATA> line 225.
the script smbaddclient.pl has no line 225 and in
ldap-users.pl in line 225 there is
#search for users in a given domain $basedn.
sub ldap_search_users ..........



Looks like we have a bug - I'm not surprised :)

i have tested more things ---

if i create a user test with adduser from debian-edu-tools i get no error.
If i look in /skole/tjener/home0  there is a new craeted home test
but if i use wlus -- there is no user test listed

slapcat |more to browse my ldap ---- no user test
the users i created with wlus are there -----

when i read the smbaddclient.pl in line 20 there is  read_adduser_config
and the error message shows me, that
         Undefined subroutine &main: :read_adduser_config called at
         /etc/samba/smbaddclient.pl line 20, <DATA> line 225.

I have tested other things to get the xp-pro workstation to the domain but there are always errors --- because of it i dont post it here, its only "try and error".

One Question :
In smb.conf
there is one line :
; invalid users = root   --- what means the ;  ??



Anyone who ever had this Problem ?
I read a lot of things over googling the net but now i am at the point that i think its better to ask .



NO, this one is new to me (And I think I have seen most of them)

now it has happened, i tried again to use smbpasswd -w pw

everything breaks at this moment, no longer network connection to msclients in the workgroup skolelinux
I will repair it and then i will post the things i need help with
Bernd Grah
Repair with deleting secrets.tdb and play back from my backup (i have made it before i tested smbpasswd -w)
system works-- but i am not able to create a user with wlus ----
top shows me that slapd is working the whole time

Because of this i make a workaround with:
/etc/init.d/slapd stop
rm /var/lib/ldap/*
/usr/bin/ldap-debian-edu-install
After that i get the message that something failed, i rebootet the server and i can see, that slapd is running again ------
Creating new users with wlus is ok-------
Network is ok

add xp client returns with the error, that the user is not known ...
nothing changes at all
Because of my Holiday in greece today is my last day to test these things. Everything that i have tested with tjener i have written down and on my holiday i write a short documentation.
thanks for helping me
Bernd Grah








Reply to: