From: Evan H. <eh...@gm...> - 2005-02-07 19:20:54
|
David- I think I get the gist of the problem. Are you familiar with Sambas group aliasing and User aliasing? Here is a link to the official Smaba by example Tutorial that a section on using Windows to Unix Group mapping and User mapping, This is a really good way to make root and Administrator interchangable on from the Windows/smb side of the network "http://us4.samba.org/samba/docs/man/Samba-Guide/small.html#initGrps" Evan On Sun, 06 Feb 2005 20:42:38 -0500, David Trask <dt...@vc...> wrote: > Hi all! > > First of all....if you haven't heard of the smbldap-installer > script....allow me to introduce it to you. Here's the latest announcement > that Matt Oquist posted to the K12OS list (Matt and I are working on this > together....he's the scripter and I'm the tester/documenter) First the > announcement and then read on below to see what we need help with....and > some questions I have..... > > ###################### > Version 1.2-beta of the smbldap-installer script is available at > http://majen.net/smbldap-installer-1.2-beta.tgz > > This version has been updated to include "shell" and "home" fields in > the input to smbldap-useradd bulk. This means that you can use > userinfo.start and 'make' to create users just as you could > previously, but if you wish you can also manipulate the input for > smbldap-useradd-bulk yourself. > > For example, you could use create-usernames to create your usernames, > and then use a spreadsheet (or whatever else) to add customized home > directories and/or shells. Then you could give that input to > smbldap-useradd-bulk to create your users on the system. > > Both create-usernames and smbldap-useradd-bulk have inline > documentation: > $ create-usernames --help > $ smbldap-useradd-bulk --help > > And, as always, you can look in the Makefile to see how it's using the > two scripts. > > This is a beta version because: > 1. the roving profiles problem we've been discussing is not solved > 2. the included Samba-LDAP_smbldap-installer document is not updated > to reflect the changes to smbldap-useradd-bulk > 3. it has not undergone full testing > > Please let me know if these changes are the "right changes", and of > course let me know about all the bugs you find. :) > > --matt > ##################### > > Ok....now for the issues we know about. First, the script right now is > written to only work with Fedora Core 3 or K12LTSP 4.2 (we had to start > somewhere...if you'd like to alter or repackage for another > distro....PLEASE do and share with us). Now....everything works in my > test environment and in others...we can add users....Linux users can > authenticate....Windows users can authenticate.....we can join Windows > machines to the domain...BUT we're haveing a problem with roaming > profiles. The login goes fine so we know the authentication takes > place....but then Windows gives an error that it doesn't have permission > to access the profiles directory and as a result is using a TEMP directory > which will (and indeed does) disappear once the user logs off. We could > use some help finding out why this is happening. (We'd like to have it > fixed in time for Linux World in Boston next week) We are using the > latest version of smbldap-tools in this script (0.86 I believe) > > Now for some questions.... > > There appear to be some issues with the Administrator user this time > around (I have a perfectly working Samba/LDAP server in production at my > school running version 0.84 of smbldap-tools and version 3.0.7-2 of Samba) > and I noticed that John T. had mentioned that smbldap-populate should be > run differently (See below) > ################# > Get rid of the "Administrator" account. Use the "root" account instead. > You > have ambiguous names that can NOT unambiguously resolve to one identity. > > ie: Is uid=0 root or is it Administrator? > Does uid=0 map to the Administrator SID or to some other SID? > > Also, use: > net rpc join -S 'PDC_Name' -Uroot%secret > > PS: It is best to populate your LDAP directory using: > "smbldap-populate -a root", not just the default which creates an > "Administrator" account. > > - John T. > ################ > If I do it this way do I join machines to the domain using "root" as > opposed to administrator? And when I run smbpasswd -w secretpassword > will that set it for "root"? > > Secondly....I noticed this.... > > when I run getent passwd on my current functioning Samba/LDAP > server (production box...pre smbldap-installer) I get ... > > Administrator:x:0:512:Netbios Domain Administrator:/home/:/bin/false > > Where as on a machine I just set up with smbldap-installer....I get... > > Administrator:x:0:512:Netbios Domain > Administrator:/home/Administrator:/bin/false > > Note the difference in "home". Are you guys seeing this? I'm having > issue running programs like gedit as it wants to write to > /home/Administrator, but it isn't there. I wonder if this is > contributing? > > Anyway...I could really use some help trying to debug this > situation....not only for me, but for all of us. Plus I'm supposed to be > teaching a class about it in 2 weeks....(hence the panicking)....I tested > everything except roaming profiles and never would have even thought to > check if it hadn't been for Jim K. I have a functioning Samba/LDAP server > already thus I hadn't needed to try it, but I do need to fix this as I run > Windows roaming profiles and will need it to work when I upgrade this > summer. Arrrgghhh! Any help gratefully appreciated....If you go to > Linux World I'll buy you a beer. :-) > > David N. Trask > Technology Teacher/Coordinator > Vassalboro Community School > dt...@vc... > (207)923-3100 > > ------------------------------------------------------- > This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting > Tool for open source databases. Create drag-&-drop reports. Save time > by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. > Download a FREE copy at http://www.intelliview.com/go/osdn_nl > _____________________________________________________________________ > Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: > https://lists.sourceforge.net/lists/listinfo/ltsp-discuss > For additional LTSP help, try #ltsp channel on irc.freenode.net > |