Hello,
I have installed MANDRIVA DIRECTORY SERVER at debian etch r2 with your howto
but i have some probems at installation in 5.2 paragraph
when i using command net -U Administrator rpc rights grant 'DOMAIN\Domain Admins' SeMachineAccountPrivilege a have a message
Could not connect to server 127.0.0.1
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE

I searched some forums and find this decision
write to smbuser string `root=Administrator`

After that i successfully granted privileges to user Administrator.When the setup was completed i logined in mmc and coundn`t see any user (and users in groups)... I had an error(mmc errors)
Then I added a new user and successfully authenticated in windows... I think second problem depends at first.
(phpldapadmin can see all user)

If you want to see configs -> ask me them i`ll post them

Hi,

I set this up a few times while I was writing the howto and it worked proper. Maybe the version of one or more mmc-packages have changed. I'll set it up again next weekend - looking for errors/problems.

Best regards,

Olli

I'm using Debian 4.0r2 Etch, and set this up a couple of times getting the same error at installation step 5.2
entering command net -U Administrator rpc rights grant 'DOMAIN\Domain Admins' SeMachineAccountPrivilege gets message
Could not connect to server 127.0.0.1
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE

ok,i `ll wait :)

Do you know Fedora Directory Server?.. Is it same as Mandriva? Can you make guide?

ok,i `ll wait :)

Do you know Fedora Directory Server?.. Is it same as Mandriva? Can you make guide?
Fedora directory server is an LDAP server Mandriva is a packaging of an ldap server samba server mail server and dns server with a pretty front end to allow you to run a domain.

You cannot replace one for the other.

Hi,

found & fixed the problems.

1.) Added a system-reboot at the end of step 6
2.) Moved the "net" command from step 5.2 to step 6 (after the reboot)

Additionally I fixed two typos in step 15.1.2 .

A few minutes ago I set up a MDS system - following the howto step by step (copy&paste). Worked fine.

Best regards,

Olli

You're right Olli it works fine. Thanks for this great piece of art.

Now, I ask you if it's posible to obtain your permission to translate this how-to into spanish.

Thanks,works well...
Can you also add to guide how to join linux computers to that domain?.

I second that. I have about 40 linux servers, all running debian.. I`d like to use mandriva, to administer administrator accounts, and such.. How do I add Linux servers to the domain, correctly? Tried the "add computer" option. What are the correct steps on the linux servers?

Hi. First i want to thank this perfect job. The author diserves the heaven!
I don't understand a lof of linux, but sometimes i use webmin. I tried but seems to be incompatible. For exemple, on DNS Bind Server on webmin i can see the zone created with de mmc but i can't edit the zone. Do you know how to solve this?
Thank you for your time.

Hi,

@daniel_rodriguez:

Sorry, but I don't agree to that - you can link to the howto if you want.

@Nikitos & raypettersen:

I haven't tried to add linux machines to this setup - but I think it's possible with a few modifications to the linux systems you want to add. I think you'll have to...

1.) Set up and configure libnss-ldap & libpam-ldap.
2.) Adjust the LDAP-client configuration.
3.) Enable the useraccounts within the MDS configuration (so they'll able to log in on linux systems)
4.) Adjust the sshd configuration on all servers so that the enabled useraccounts are not able to log in to a linux server in your LAN.

Like I said, not tested - only a rough theory.

@lfreire:

Sorry, but I haven't ever worked with webmin :rolleyes:

Well Olli, I really cannot understand your reasons but if so, let it be.

Now, back into the howto I made an install using etch release 3 version, and it works fine. However, something I can´t accomplish is to add more than one DNS server at step 19.2. In the picture I can see "192.168.0.100, 192.168.0.2". But doing that gives me an error and also tried separate the Ip addresses with ";", "." and " " getting the same error.

Hi daniel_rodriguez,

I'll do some testing tomorrow. If there are bugs/typos remaining, I'll find them :rolleyes:

Best regards,

Olli

If anyone has luck with adding a linux computer to the mds domain, please let us know how. Im out of time this week, so I can`t experiment myself.. We have our hands full here, after a nasty dns crash.. :/

@daniel_rodriguez:

The entrys for the domain servers have to be separated by a comma - without spaces. You got error messages because you had a space before or after the comma.

thanks for you time and patience Olli



best regards from Argentina

Hello,
I have installed MDS at Debian 4.0 with success but i can't configure Thunderbird.
Can you help me please ?
Thanks for everything

but i can't configure Thunderbird.

What exactly is the problem? Is it that you don't know how to configure your mail account in Thunderbird, or do you get connection errors, or anything else?

MDS updated
i keep old base.ini ...
mmc don`t work correctly ..
Samba and proxy sub-menus disappeared from page.
I`m waiting for new update guide :)

Hi Nikitos,

yes, they updated the MDS and changed a few things... I'll update the howto next weekend.

Best regards,

Olli

Edit: Sorry to say that I had not the time to update the howto last weekend - so I have to move this to the next weekend...

Hi,

@daniel_rodriguez:

Sorry, but I don't agree to that - you can link to the howto if you want.

Why? I want too translate this howto

Why? I want too translate this howto
The problem is that if there's a bug in Olli's tutorial and he updates it, your translated version will still contain the bug, and people who read your translation will start to contact Olli although the bug has already been fixed in the original version. That's why he doesn't want you to translate it.

It seems long time - no update.
Olli, When will you update your guide? :)

Hi,

I need a second head and additional arms :rolleyes:

I'll try to update the howto next weekend.

Best regards,

Olli

Hello, Olli :)

If you will have more free time can you add also ntlm auth to squid?
and try to adding linux comps to domain :rolleyes:

thanks for this great howto, I really would love to utilize this, but I am having a problem logging into the system. I am stuck at the end of step six... where you
reboot
then your supposed to
net -U Administrator rpc rights grant 'DOMAIN\Domain Admins' SeMachineAccountPrivilege
but I cannot even log into the system anymore to issue this command... No matter if I use
root account or my own account (houms).... It keeps telling me that the password is incorrect...?
Any suggestions would be greatly appreciated. Thank you in advance for your assistance.

If you cannot log back into the system after step 6 of the howto....
I figure I let other learn from my mistake...

check your vi /etc/pam.d/common-auth

make sure its

auth sufficient pam_unix.so nullok_secure (mine was on required)
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so

you can boot in single user mode from the grub menu and login with the root password
and see if so make that change.. Hope it helps..Thats how I solved it..

but now I'm getting this:
# net -U Administrator rpc rights grant 'DOMAIN\Domain Admins' SeMachineAccountPrivilege
Password:
Could not connect to server 127.0.0.1
Connection failed: NT_STATUS_CONNECTION_REFUSED

Any ideas? Thanks again for your help

Hi houms,

if you are not able to log in into the system after the reboot at the end of step 6 you made a mistake in step 6 (the PAM configuration) - please have a look at these settings on your system.

Btw, the howto is not up to date at the moment - currently I have no time to update it. The new MDS packages need additional configuration.

Best regards,

Olli

Ollie,
Thanks for the response. It is greatly appreciated . Is it better to not follow this tutorial then? If so, any suggestions on whats the best way to setup something similar. basically I would like to install something to replace AD.
I have looked over my PAM settings and compared them to the writeup and they are the same, yet i cannot login.. not sure what mistake i may have made. any suggestions would be appreciated.

MDS 2.2.0 to MDS 2.3.0 upgrade notes

update mail.schema

cp /usr/share/doc/python-mmc-base/contrib/ldap/mail.schema /etc/ldap/schema/
edit /etc/mmc/plugins/samba.ini

[main]
disable = 0
# Computers Locations
baseComputersDN = ou=Computers,dc=example,dc=com
sambaConfFile = /etc/samba/smb.conf
sambaInitScript = /etc/init.d/samba
sambaClamavSo = /usr/lib/samba/vfs/vscan-clamav.so
# Default SAMBA shares location
defaultSharesPath = /home/samba
# You can specify authorized paths for share creation
# Default value is the defaultSharesPath value
# authorizedSharePaths = /shares, /opt, /srv

# Default value when adding samba attributes to an user
# DELETE means the attibute is removed from the user LDAP entry
[userDefault]
sambaPwdMustChange = DELETE

MDS 2.3.0 to MDS 2.3.1 upgrade notes

add to /etc/mmc/plugins/network.ini

bindgroup = bind

Nikitos, your the man!! I don't know if your updates are what did it, but it resolved my issues and I am now at step 19.1 (inside the MMC configuring DNS). For anyone having trouble... make sure you make the adjustments that nikitos posted... As of today, this howto + Nikitos suggestions works perfect with debian etch r3-netinstall.

Thank Ollie for taking the time to put together this wonderful howto...
Nikitos thanks for the suggestions... Don't know how you knew that but big props.

:D
Thanks for your HowTo.
I have a question.
for login to http://x.x.x.x/mmc/
I only need to put user: mmc and password: s3cr3t ? that mmc.ini has.

# HTTP basic authentication credentials to use for XMLRPC communication
login = mmc
password = s3cr3t

if this ok,, doesnt work for me,,,
but I can login with root and password system. is correct?

thx, great job...

you shouldn`t use login as mmc. Only samba users:)

mmc user is user to link webui with mmc-agent

HI.
I have another problem, this time is with postfix


Jun 26 05:19:40 vme postfix/local[4156]: E6B2B24042: to=<pinfante@example.com>, relay=local, delay=0.2
, delays=0.11/0.03/0/0.07, dsn=5.2.0, status=bounced (maildir delivery failed: create maildir file /home/samba/users/pinfante/Maildirtmp/1214482780.P4156.vme.example.com: Permission denied)
Jun 26 05:19:40 vme postfix/cleanup[4154]: 17D0524044: message-id=<20080626121940.17D0524044@vme.example.com>


the point is when or how put the permissions?
thats for when i send email at first time, postfix want to create mail skel. on /home/samba/users/pinfante/Maildir/



#ls -al /home/samba/users/
total 20
drwx------ 5 root root 4096 2008-06-26 04:46 .
drwxr-xr-x 8 root root 4096 2008-06-26 03:17 ..
drwx------ 2 gvazquez Domain Users 4096 2008-06-26 03:17 gvazquez
drwx------ 2 pinfante Domain Users 4096 2008-06-26 04:46 pinfante
drwx------ 2 pnavajas Domain Users 4096 2008-06-26 04:32 pnavajas

What can i do?:rolleyes:
as i know i have to put permissions to root or maybe postfix user,but i have to respect user and domain users

Im not use Dovecot.

Ok, I try another way with virtual domains, with conf that has folder with-virtual-domains,
curiously the users that I add via WEB Interface MMC doesnt has the attribute maildrop.
and the conf for virtual domains has something like this:
/etc/postfix/Main.cf

[...]
Virtual Domains Control
virtual_mailbox_domains = ldap:/etc/postfix/ldap-domains.cf
virtual_mailbox_maps = ldap:/etc/postfix/ldap-accounts.cf
virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf, ldap:/etc/postfix/ldap-maildrop.cf
virtual_mailbox_base = /
virtual_alias_domains =
virtual_minimum_uid = 100
virtual_uid_maps = ldap:/etc/postfix/ldap-uid.cf
virtual_gid_maps = ldap:/etc/postfix/ldap-gid.cf
[...]

And ldap:/etc/postfix/ldap-accounts.cf

server_host = 127.0.0.1
server_port = 389
search_base = ou=Users,dc=example,dc=com
query_filter = (&(objectClass=mailAccount)(mailenable=OK)(mail=%s))
result_attribute = mailbox
version = 3
expansion_limit = 1

the result:
# postmap -q pinfante@example.com ldap:/etc/postfix/ldap-accounts.cf

*empty

then I try to change the result_attribute to homedirectory
the result:
# postmap -q pinfante@example.com ldap:/etc/postfix/ldap-accounts.cf
/home/samba/users/pinfante

thats may be nice, but without the / at the end of homedirectory, when I send a email for firstime, i have a error like this:
#mail pinfante@example.com

vme postfix/virtual[7754]: 87CA924047: to=<pinfante@artedigital-mx.net>, relay=virtual, delay=
0.25, delays=0.17/0.04/0/0.05, dsn=4.2.0, status=deferred (delivery failed to mailbox ///home/samba/users/pinfante: cannot open file: Is a directory)

somebody knows where can I add the slash at the end of homedirectory,,, just conf files,,, i know that i can add manually with any ldap tools. I want to set default the slash at the end always I add users.

Thanks a lot for your help.

I hope mailbox attribute isnt a big mistake.

I answer my own question....
the next day when I restarted my server, enter to MMC web interface and...
SURPRISE!!!!!
Apear this:

When i use MMC with virtual domains, on Mail tab

add boxes like:
Mail delivery path:
Mail server host:

THATS ALL!!!! this mailbox attribute!

Sorry for the misunderstanding.

Hi,

In section 5.4 the command 'chown -R :"Domain Users" /home/samba' gives an error due to the fact that unix groups aren't allowed to have spaces or capital letters in them.

Does the unix group name have to match the LDAP group "Domain Users" or does the name not matter? If it does matter is there some way of 'mapping' a unix group onto an LDAP group?

Hi,

I have the same problem as above, when I try to set the folder group to "Domain Users" it gives an error saying "Invalid Group". I figure this is because the program trying to set the group does not check the ldap database for groups i.e. it is a problem with the nsswitch.conf file.

However, that file is exactly the same as the one in the tutorial here (http://www.howtoforge.com/mandriva-directory-server-on-debian-etch). I have also checked that the ldap server is up and running and that there is an entry called "Domain Users" which is a subclass of "Group". So, I'm wondering is there some way of checking whether the changes in the nsswitch.conf file have been implemented? i.e. whether the system is using the ldap database and if not why it is not using it?

I also checked the /etc/ldap/ldap.conf file and the details seem to be correct as well, with the only two lines being 'host' and 'base'.

ok, figured it out. Just had to change a line in the /etc/libnss-ldap.conf file. It turns out that the installation added 'host ldap://127.0.0.1/' instead of 'uri ldap://127.0.0.1/'.

and now... how to setup MS Outlook or Thunderbird smtp and pop server settings so that I am able to use my server? You can use any IP address or FQDN that's pointing to your server.

Cause here is an output of my .../mail.log that yells me something regarding
config: dcc_path "/usr/bin/dccproc


Aug 7 23:05:22 tuxer amavis[2092]: Using internal av scanner code for (primary) ClamAV-clamd
Aug 7 23:05:22 tuxer amavis[2092]: Using internal av scanner code for (primary) check-jpeg
Aug 7 23:05:22 tuxer amavis[2092]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
Aug 7 23:05:22 tuxer amavis[2092]: Creating db in /var/lib/amavis/db/; BerkeleyDB 0.31, libdb 4.4
Aug 7 23:05:25 tuxer spamd[2126]: config: dcc_path "/usr/bin/dccproc" isn't an executable
Aug 7 23:05:25 tuxer spamd[2126]: config: SpamAssassin failed to parse line, "/usr/bin/dccproc" is not valid for "dcc_path", skipping: dcc_path /usr/bin/dccproc
Aug 7 23:05:26 tuxer spamd[2126]: logger: removing stderr method
Aug 7 23:05:27 tuxer spamd[2131]: pyzor: check failed: internal error
Aug 7 23:05:27 tuxer spamd[2131]: rules: meta test FM_DDDD_TIMES_2 has dependency 'FH_HOST_EQ_D_D_D_D' with a zero score
Aug 7 23:05:27 tuxer spamd[2131]: rules: meta test FM_SEX_HOSTDDDD has dependency 'FH_HOST_EQ_D_D_D_D' with a zero score
Aug 7 23:05:27 tuxer spamd[2131]: rules: meta test HS_PHARMA_1 has dependency 'HS_SUBJ_ONLINE_PHARMACEUTICAL' with a zero score
Aug 7 23:05:27 tuxer spamd[2131]: spamd: server started on port 783/tcp (running version 3.2.3)
Aug 7 23:05:27 tuxer spamd[2131]: spamd: server pid: 2131
Aug 7 23:05:28 tuxer spamd[2131]: spamd: server successfully spawned child process, pid 2395
Aug 7 23:05:28 tuxer spamd[2131]: spamd: server successfully spawned child process, pid 2396
Aug 7 23:05:28 tuxer spamd[2131]: prefork: child states: II
Aug 7 23:05:42 tuxer postfix/master[2637]: fatal: /etc/postfix/master.cf: line 80: bad transport type: smtpd_tls_wrappermode=yes
Aug 9 12:31:42 tuxer postfix/master[12832]: fatal: /etc/postfix/master.cf: line 80: bad transport type: smtpd_tls_wrappermode=yes


Thank You for reading and maybe helping me to find an answer
What's the output of ls -l /usr/bin/dccproc?

This is the output of ls -l /usr/bin/dccproc

ls: /usr/bin/dccproc: Datei oder Verzeichnis nicht gefunden

The thing regarding the configuration of Outlook etc.. was easy.
IP or FQDN of Server that's what I've did already but I missed the
@domainname at the end of the username. ;-)

Hi @ ALL

before I've started to get known with LDAP, I had nearly the same setup in my network enviroment without LDAP.
And I used the rcnd.key function so that DHCP and DNS could work together so that DHCP updated dynamic the dns zones. I've been also able to use reservation in conjuction with the MAC Address for some host so that they will only got a specified IP Address.

Now I am wondering who can I (we) uses this feature with this LDAP Setup?

Something like that for host IP reservation e.g.:

dn: cn=stka, cn=DHCP Config, dc=lokal,dc=de
cn: stka
objectClass: top
objectClass: dhcpHost
dhcpHWAddress: ethernet 00:0a:e4:22:af:de
dhcpStatements: fixed-address 192.168.123.3


But how about the dns zone dynamic update?

Maybe someone can give me a hint on that please.

net -U Administrator rpc rights grant 'DOMAIN\Domain Admins' SeMachineAccountPrivilege gets message
Could not connect to server 127.0.0.1
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE


1. the solution given in this forum
2. or another solution
check smb.conf regarding:

interfaces = 192.168.1.0/24 eth0
bind interfaces only = true

this was my failure so I could use the net command.
Just comment out or correct those lines ;-)

I didn't figured out yet how to access the backup-tool - using the web-gui ? or what does the trick?

Everyone how went through this How To of Falko,
should have:
/usr/lib/mmc/backup-tools

there is a shell script

For what did we create a archive share ?
For what did we point to sharepath etc. in the ../plugins/base.ini ??


Can anyone help me please

I had some problems and to save anyone else scratching their head for hours this may help you.

When running

smbldap-populate -m 512 -a Administrator

I was getting auth errors even though my password was correct and matched the LDAP passwords entered at the beginning. My password was using unusual characters like $#@ etc. and simply wouldn't work. I tried a really basic password like "howtoforge" in the How To and this resolved the problem.

Thanks

Oh and also I discovered when running

/etc/init.d/mmc-agent start

....
SAMBA option 'ldap delete dn' must be disabled.
Plugin samba not loaded.
....

I commented out the following in /etc/samba/smb.cf as follows

# ldap delete dn = yes

And it fixed it

I tried this in order to fix the "chown: `:Domain Users': invalid group" problem in section 5.4 but it did not work for me.

ok, figured it out. Just had to change a line in the /etc/libnss-ldap.conf file. It turns out that the installation added 'host ldap://127.0.0.1/' instead of 'uri ldap://127.0.0.1/'.

I've gone back through everything to ensure that I have made no errors, but I cant seem to figure it out.
Anyone have any suggestions?

Many thanks.
Steve

It is sorry, but to date a problem remained (((

Did everything on instruction...copy.

But at Command

net -U Administrator rpc rights grant 'DOMAIN\Domain Admins' SeMachineAccountPrivilege

gives out

Could not connect to server 127.0.0.1
Connection failed: NT_STATUS_LOGON_FAILURE

Help please :(

I tried this in order to fix the "chown: `:Domain Users': invalid group" problem in section 5.4 but it did not work for me.

I've gone back through everything to ensure that I have made no errors, but I cant seem to figure it out.
Anyone have any suggestions?

Many thanks.
Steve

Ok it was an error of mine. while adjusting the guide to fit my needs I overlooked a couple of areas that I had to ammend to my needs. All working now. A great guide and Mandriva DS is superb.
Many thanks.

Ok it was an error of mine. while adjusting the guide to fit my needs I overlooked a couple of areas that I had to ammend to my needs. All working now. A great guide and Mandriva DS is superb.
Many thanks.

It too "net -U Administrator rpc rights grant 'DOMAIN\Domain Admins' SeMachineAccountPrivilege" works for you?

It too "net -U Administrator rpc rights grant 'DOMAIN\Domain Admins' SeMachineAccountPrivilege" works for you?
Yes this worked fine, might sound obvious but have you replaced:-

"net -U Administrator rpc rights grant 'DOMAIN\Domain Admins' SeMachineAccountPrivilege"

with:-

"net -U Administrator rpc rights grant 'YOUR_WORKGROUP_NAME_DEFINED_IN_SAMBA\Domain Admins' SeMachineAccountPrivilege"

This is the Domain name you chose in section 3.2.2 Samba. of the guide

This is one of the things I first overlooked.

Yes this worked fine, might sound obvious but have you replaced:-

"net -U Administrator rpc rights grant 'DOMAIN\Domain Admins' SeMachineAccountPrivilege"

with:-

"net -U Administrator rpc rights grant 'YOUR_WORKGROUP_NAME_DEFINED_IN_SAMBA\Domain Admins' SeMachineAccountPrivilege"

This is the Domain name you chose in section 3.2.2 Samba. of the guide

This is one of the things I first overlooked.
Good afternoon.
I did all as in how to, and have stopped on this problem.
What you use Repositories?

Please Lay out the /etc/apt/sources.list

I install Debian 4.0r6 and have trouble on first step.
My sources.list
debian:~# cat /etc/apt/sources.list
#
# deb cdrom:[Debian GNU/Linux 4.0 r6 _Etch_ - Official i386 CD Binary-1 20081219-16:03]/ etch contrib main

deb cdrom:[Debian GNU/Linux 4.0 r6 _Etch_ - Official i386 CD Binary-1 20081219-16:03]/ etch contrib main

deb http://security.debian.org/ etch/updates main contrib
deb-src http://security.debian.org/ etch/updates main contrib

# MDS repository
deb http://mds.mandriva.org/pub/mds/debian etch main

# Debian Volatile
deb http://volatile.debian.org/debian-volatile etch/volatile main contrib non-free

# Debian Etch Backports
deb http://www.backports.org/debian etch-backports main

When I try install all packege
debian:~# apt-get install mmc-web-base mmc-web-mail mmc-web-network mmc-web-proxy mmc-web-samba mmc-agent python-mmc-plugins-tools python-mmc-base python-mmc-mail python-mmc-network python-mmc-proxy python-mmc-samba postfix postfix-ldap sasl2-bin libsasl2 libsasl2-modules amavisd-new libdbd-ldap-perl libnet-ph-perl libnet-snpp-perl libnet-telnet-perl lzop nomarch zoo clamav clamav-daemon gzip bzip2 unzip unrar-free unzoo arj spamassassin libnet-dns-perl razor pyzor dcc-client slapd ldap-utils libnss-ldap libpam-ldap dhcp3-server dhcp3-server-ldap bind9 samba smbclient smbldap-tools cupsys cupsys-client foomatic-db-engine foomatic-db foomatic-db-hpijs foomatic-db-gutenprint foomatic-filters foomatic-filters-ppds fontconfig hpijs-ppds linuxprinting.org-ppds
Reading package lists... Done
Building dependency tree... Done
Package sasl2-bin is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package sasl2-bin has no installation candidate


Why author don`t show your repositories list?
So. What i must do?

Ok. I`m fix my first problem. My repository was the following.
debian:/etc/squid# cat /etc/apt/sources.list
deb http://http.us.debian.org/debian/ etch main contrib non-free
deb http://security.debian.org/ etch/updates main contrib non-free

# MDS repository
deb http://mds.mandriva.org/pub/mds/debian etch main

# Debian Volatile
deb http://volatile.debian.org/debian-volatile etch/volatile main contrib non-free

# Debian Etch Backports
deb http://www.backports.org/debian etch-backports main
I installed everything, except for dcc-client.

Then install went fine. He received only a few mistakes.
When
debian:~# chown -R :"Domain Users" /home/samba/
Get
chown: `:Domain Users': invalid group

When
debian:/etc/squid# net -U Administrator rpc rights grant 'PZAS\Domain Admins' SeMachineAccountPrivilege
Get
Password:
Could not connect to server 127.0.0.1
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE

PZAS - is my workgroup name in samba. Password I put correct.


Next were no errors. Set in Mandriva Managment Console. All items performed correctly. When you add a user, I do not see "Samba user properties".

When start mmc-agent
debian:/etc/squid# /etc/init.d/mmc-agent start
Starting Mandriva Management Console XML-RPC Agent: mmc-agent starting...
Registering authenticator baseldap / base.BaseLdapAuthenticator
Registering authenticator externalldap / mmc.plugins.base.externalldap.ExternalLdapAuthenti cator
Registering provisioner externalldap / mmc.plugins.base.externalldap.ExternalLdapProvisio ner
Plugin base loaded, API version: 6:0:2 build(620)
Error while trying to load plugin samba
{'info': 'no global superior knowledge', 'desc': 'Server is unwilling to perform'}
Traceback (most recent call last):
File "/var/lib/python-support/python2.4/mmc/agent.py", line 339, in agentService
if (func()):
File "/var/lib/python-support/python2.4/mmc/plugins/samba/__init__.py", line 129, in activate
samba.addOu(ouName, path)
File "/var/lib/python-support/python2.4/mmc/plugins/base/__init__.py", line 1718, in addOu
self.l.add_s(addrdn,attributes)
File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 163, in add_s
return self.result(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 405, in result
res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 409, in result2
res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout)
File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 415, in result3
rtype, rdata, rmsgid, serverctrls = self._ldap_call(self._l.result3,msgid,all,timeout)
File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 94, in _ldap_call
result = func(*args,**kwargs)
UNWILLING_TO_PERFORM: {'info': 'no global superior knowledge', 'desc': 'Server is unwilling to perform'}
Plugin proxy loaded, API version: 1:0:0 build(620)
Plugin mail loaded, API version: 6:1:4 build(620)
Plugin network loaded, API version: 1:1:0 build(620)
Selecting authenticator baseldap / base.BaseLdapAuthenticator
Authenticator baseldap successfully validated
Selecting provisioners: None
Selecting computer manager: none
done.

Explain why I have problems and how to fix them.

I fix my problem.
In the tutorial given is not about editing the file /etc/mmc/plugins/samba.ini.
There must indicate their preference.
baseComputersDN = ou=Computers, dc=example, dc=com
After restart mmc-agent i recive error. Samba is not started.
Then in file /etc/samba/smb.conf i delete line ldap delete dn = yes.
Restart samba, restart mmc-agent and all be work.


But now i can`t join other computer to my domain.
To be continiue.