Hi lithorus!
Everything goes smooth until the part:
Then I get on the samba server:
Code:
user@samba:~$ sudo smbpasswd -a root
New SMB password:
Retype new SMB password:
ldapsam_modify_entry: LDAP Password could not be changed for user root: Insufficient access
unknown
ldapsam_add_sam_account: failed to modify/add user with uid = root (dn = uid=root,ou=people,dc=example,dc=com)
Failed to add entry for user root.
Failed to modify password entry for user root But I have observed Zimbra LDAP before and after the command.
Before I had the root alias:
Code:
zimbraId: d9cefdae-faf3-4ef1-8c80-a580b059de4b
uid: root
zimbraAliasTargetId: 10f53e81-fbb8-44d7-9565-d3b1856b7b56
zimbraCreateTimestamp: 25/9/2009 20:50:31
objectClass: zimbraAlias
After the command
sudo smbpasswd -a root I get:
Code:
uid: root
sambaSID: S-1-5-21-3810401420-4072428212-1875409752-1000
displayName: root
sambaNTPassword: BE2CB981BC8F1F6F43E51DC08CE097A7
sambaPasswordHistory: 0000000000000000000000000000000000000000000000000000000000000000
sambaPwdLastSet: 1254161288
sambaAcctFlags: [U ]
objectClass: sambaSamAccount
objectClass: account
Then (I already have added the "Domain Admins" group):
Code:
user@samba:~$ sudo net rpc rights grant "EXAMPLE\Domain Admins" SeAddUsersPrivilege SeMachineAccountPrivilege SePrintOperatorPrivilege
Password:
Successfully granted rights.
Later, I canīt get the Windows XP Pro computer to get in the domain...
I have created a user called "domainadmin" with password "teste1".
On the first login to the webmail, Zimbra asks for password change. I changed it to "teste2".
When I tried to enter the domain with the last password, it says that user or password is incorrect. I go back to webmail and change the password to "teste3" hoping that Zimbra syncs the password now with Samba.
Again, "user or password incorrect".
If I try the first assigned password (on user creation on Zimbra Admin) "teste1", Windows XP Pro says that "password must be changed before first login"...
If I go back to Zimbra Admin and sets the user password to no expire when I tried to join the domain Windows XP Pro says something like "a device connected to the system isnīt working" (my Windows XP is portuguese BR).
dns-01.example.com = 192.168.1.201
dns-02.example.com = 192.168.1.202
dhcp.example.com = 192.168.1.203
zimbra.example.com = 192.168.1.205
samba.example.com = 192.168.1.206
dhcpd.conf at
dhcp.example.com Code:
ddns-update-style none;
option domain-name "example.com";
option domain-name-servers 192.168.1.201, 192.168.1.202;
option netbios-name-servers 192.168.1.206;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.254;
default-lease-time 600;
max-lease-time 7200;
authoritative;
log-facility local7;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.101 192.168.1.109;
} nsswitch.conf at
samba.example.com Code:
passwd: files ldap
group: files ldap
shadow: compat
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
smb.conf at
samba.example.com Code:
[global]
workgroup = EXAMPLE
netbios name = samba
os level = 33
preferred master = yes
enable privileges = yes
server string = %h server (Samba, Ubuntu)
wins support =yes
dns proxy = no
name resolve order = wins bcast hosts
log file = /var/log/samba/log.%m
log level = 3
max log size = 1000
syslog only = no
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
ldap passwd sync = yes
passdb backend = ldapsam:ldap://zimbra.example.com/
ldap ssl = off
ldap admin dn = "uid=zmposixroot,cn=appaccts,cn=zimbra"
ldap suffix = dc=example,dc=com
ldap group suffix = ou=groups
ldap user suffix = ou=people
ldap machine suffix = ou=machines
obey pam restrictions = no
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
domain logons = yes
logon path = \\samba.example.com\%U\profile
logon home = \\samba.example.com\%U
logon script = logon.cmd
add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
add machine script = /usr/sbin/adduser --shell /bin/false --disabled-password --quiet --gecos "machine account" --force-badname %u
socket options = TCP_NODELAY
domain master = yes
local master = yes
[homes]
comment = Home Directories
browseable =yes
read only = No
valid users = %S
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = yes
locking = no
[profiles]
comment = Users profiles
path = /var/lib/samba/profiles
read only = No
[profdata]
comment = Profile Data Share
path = /var/lib/samba/profdata
read only = No
profile acls = Yes
[printers]
comment = All Printers
browseable = no
path = /tmp
printable = yes
public = no
writable = no
create mode = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
What else can I inform to help to diagnose why I canīt get this to work?