Am Freitag, 15. Dezember 2006 22:15 schrieb Bolke de Bruin: > [EMAIL PROTECTED] wrote: > > Am Freitag, 15. Dezember 2006 15:26 schrieb Vijay Sankar: > >> Sorry, I meant to write smbldap-useradd. > >> > >> FWIW, all I had to do were the following three steps: > >> > >> 1) added an OpenBSD user account called FTL37$ > >> 2) smbldap-useradd -w FTL37$ > >> 3) did a smbpasswd -a FTL37$ > >> > > > > With the normal users this is a practicable way and works for me too. > > However creating a machine account when joining the domain with a > > client does not work at all. At least in my case. > > > > > >> Currently I am using samba-3.0.21bp3-ldap and samba-docs-3.0.21b > >> packages on OpenBSD 3.9. > > > > I have the same packages on OpenBSD 4.0 > > > >> > >> Relying solely on documentation that comes with the OpenBSD packages > >> was what helped me solve the various problems I had with Samba and > >> OpenLDAP. I found the smb-docs package immensely helpful. > >> > > Believe me, I have read a lot in the documentation, however didn4t > > find any solution. Under Linux I already have set up several machines > > as samba PDCs with Openldap. However, authentication there works in a > > totally different way (pam and nsswitch). > > > > Harry > > Did you check the logs? I remember an issue with the password chat of samba that fails some sanity checks from OpenBSD. Something along the lines of "Who are you?", which has something to do with the uid/gid it is executed under. > > It has been a while I tried this so I might be completely off. > > Regards, > Bolke >
The logs of openldap tell me that everything works well. All my users and also the machine account are found in the database. The logs of samba don't tell anything suspicious exept a complain when the machine account (posixAccount not sambaSAMAccount) already exists. The problem seems to be as follows (in my opinion): Samba needs an entry in its own password database (in my case this is secrets.tbd). To do this smbpasswd has to be invoked. smbpasswd looks for an entry in OpenBSD's password database (/etc/passwd etc.). Because it doesn't find such an entry yet, it refuses to make the entry in secrets.tbd, and beause of that fact is not able to update the machine account in my ldap to become a sambaSAMAcoount. (please correct that if I'm wrong.) My goal would be to use ldap alone for authetication for my samba users and circumvent the use of /etc/passwd at all. I. e all authtication requests should be managed by my ldap database. In a further step I would like to have all other authentication requests (exept root of course) of other applications should be resolved by ldap (by using login_ldap). Harry
