From 389 Directory Server

you need to add ou=Computers to ldap tree, otherwise, when joining samba pc to pdc, you are not able to add computer name -Maumar

I found that the step to use pdbedit to modify the administrator account was failing. after much searching i realized it is expecting the Administrator account that was added with ldif2ldap of the sambaAdministrator.ldap to *already* have a sambasamaccount object class associated with it. -BarnacleBob

Contents 1 How-To is *VERY* poor 2 success with ubuntu 804 3 migration tools are not 100% 4 Creation of NT directories 5 Different SID with samba and FDS on Fedora 10

How-To is *VERY* poor

This how-to is not even close to being correct.

I recommend the use of smbldap-tools... All of this "manual" population is bogus. Use smbldap-populate and it's setup.

I tried to follow this how-to and got no where. After deleting my screw-ups and using smbldap-tools I got everything up and running.

/* ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*/ /* Is not clear how to add Samba Administrator account: */ /* pdbedit Fails and do not add SID */ /* */ /* smbpasswd -a testuser fail and cannot add new users */ /* */ /* ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*/

I think: "# smbpasswd -a Administrator -w<ldap-admin-password>" should be: "# smbpasswd -a Administrator" and then enter a password. The following pdbedit then succeeds at least.

success with ubuntu 804

after a week of late nights and migranes i finally got FDS+PAM+SAMBA to work on Ubuntu804, i was just about to post that most of this howto doesnt work, and i guess im not the only one whos encountered problems. alot of updates to the procedures are needed. if someone could let me know how to submit 'suggested changes' i think we could make this a useful doc for future readers

migration tools are not 100%

The migration_common.ph modifications do not allow migrate_group.pl and migrate_passwd.pl to generate the correct ldif for use in fedora ds 1.0.4

you have to modify you Ldifs in order for them to work, especially the ldif for the samba Administrator account. it is missing sambasamaccount and sambaid among other things

Creation of NT directories

Please please add the following lines above the "cat /tmp/sambaGroups" section $ groupadd -g 2512 Domain_Admins $ groupadd -g 2513 Domain_Users $ groupadd -g 2514 Domain_Guests $ groupadd -g 2515 Domain_Computers

Then modify the groupmap lines to match, i.e:

1. net groupmap add rid=2512 ntgroup='Domain Admins' unixgroup='Domain_Admins'
2. net groupmap add rid=2513 ntgroup='Domain Users' unixgroup='Domain_Users'
3. net groupmap add rid=2514 ntgroup='Domain Guests' unixgroup='Domain_Guests'
4. net groupmap add rid=2515 ntgroup='Domain Computers' unixgroup='Domain_Computers'

It can save someone a hundred hours of googling

And it seems the comments above may be even more apposite. Not all of us have time for admin geekery for its own sake.

Different SID with samba and FDS on Fedora 10

Seems that U need to make the workgroup the same as the netbios name in smb.conf else you get different SID's in you FDS structure. One for your workgroup name and another for your netbios name.

[smb.conf] workgroup = SMBDOM netbios = SAMBA

1. net getdomainsid

SID for local machine SAMBA is: S-1-5-21-2772938853-1483296875-2792897013 SID for domain SMBDOM is: S-1-5-21-560590361-2444412543-837310132