FDS as Domain Controller Howto - replace Windows 2003 - Part 1

[lau_swat]

Hi again, I tried many times to make it work, but it doesn't work how it should. I always use a fresh install because I use a virtual machine and I just copy it. I'll upgrade my FDS today and let you know if I succeed.

Regards, Laurentiu

[lau_swat]

I tried to install FDS 1.1 as shown here http://directory.fedoraproject.org/wiki/Download , I use CentOS 5, but when I issue the command yum install fedora-ds it says the following:

[root@server yum.repos.d]# yum install fedora-ds
Loading "installonlyn" plugin
Setting up Install Process
Setting up repositories
http://directory.fedoraproject.org/y...ta/repomd.xml: [Errno 14] HTTP Error 404: Not Found
Trying other mirror.
Error: Cannot open/read repomd.xml file for repository: dirsrv-noarch

I followed exactly the steps from that link but I cannot do anything if the mirror is not available. What can I do? Please help because I'm going crazy.

Regards, Laurentiu

[lau_swat]

I'm using FDS 1.1 now, I did everything as it was in the tutorial and after I issue: /usr/lib/dirsrv/slapd-<server>/ldif2ldap "cn=Directory manager" password /tmp/sambaAdmin.ldif it enters the Administrator at ou=People and I can see it in the directory server, but when I do: smbpasswd -a Administrator it says:Failed to modify password entry for user Administrator. If I issue pdbedit -v -u Administrator it still says Username not found! Where did I do wrong.

PS Do I have to install openldap too?

Regards, Laurentiu

[redcap]

console's up. I'm starting on part 2. Thanks for the help

[lau_swat]

It still doesn't work for me, I tried like a hundred times but nothing. Still no username found when I issue pdbedit -v -u Administrator. (

[redcap]

Hey lau,
Finally caught up with you, and i had the same issue. Try adding an Administrator user straight into you r users and groups utility then running the smbpasswd -a

[redcap]

Back to whining about my own problems. I'm trying to get the scripts for adding users and machines to work. I ended up entering the lines to the machine script by hand to see where my problem was and found that the line /usr/share/openldap/migration/migrate_passwd.pl ./newMachine.tmp > ./newMachine.ldif did indeed create an ldif file called newMachine.ldif, but it was completely blank.

Since this command worked with the sambaAdmin file the only difference that I call tell is that I did not create the newMachine.tmp from hand before trying to convert it to an ldif. So here is the newMachine.tmp file:

fdsserver$:x:502:100:Workstation (fdsserver$):/nohome:/bin/false

Does this look right? Any idea why it won't convert to ldif?

[lau_swat]

@redcap Did you managed to solve the problem with the Administrator, I mean if you issue pdbedit -v -u Administrator it returns the info's about the user or Username not found!

Regards, Laurentiu

[redcap]

Create the samba admin file. Then follow the how-to as far as creating the ldif and adding to FDS. Then I ran into the same issues as you. Here's how I got around it. Create a user called Administrator in your machine with useradd or or use the "Users and Groups" utility in the gui, then do the smbpasswd -a command. When you do the pdbedit substitute the $(net getlocalsid | sed 's/SID for domain SEAGOON is: //') with the actual sid you want to use. That worked for me.

[barry905]

redcap:

I just had a look at your penultimate message, and as far as I can see your newMachine,tmp file looks perfect. What the script attempts to do is to create a machine account (just a regular account, but one that ends with a $), and then extract the line listing that account from the passwd file. As you are getting a blank tmp file you should check to make sure that you really have added the machine account to the passwd file. And I have no idea why that file won't convert to an ldif. You might try comparing the file with the one you created for the Administrator account.

Laurentiu:

I have just created a new user (tester) and added it to my directory. I used the script I listed above. Everything worked, or at least seemed to. To check I first opened the console and checked in the directory server to make sure that I could see it. To do this I opened the Admin Server, then the Directory Server itself. Then I went to the 'DIrectory' tab, and under that looked under the "home" listing in the 'People' ou. And sure enough, there was the tester user.

So next I checked to see it I could access the user from outside FDS. So I ran the command /usr/lib/mozldap/ldapsearch -x -b dc=home 'uid=tester', which extracted the user details from FDS. FInally I ran pdbedit -v -u tester, which again got the user details.

Maybe you would like to try that an let us know how you fare: if this works then we can look more closely at your Administrator problem.

[redcap]

It's up and working! One more issue and I'm good to go. When the domain user tries to change their passwords from the domain client they are logged onto, they get a message stating that they do not have permission to change their password. Any ideas what could be causing this?

[V!ctor]

Hi
I have small problem ...
After install - all worked wonderful,
computers join to domain ...
but ...
wbinfo -t
checking the trust secret via RPC calls succeeded
wbinfo -u
Error looking up domain users
wbinfo -u
Error looking up domain users

have you any ideas?

Thank's

[theodric]

I realise this is probably a very noobish question, but I'm stuck here:

Now for the groups. First create a file sambaGroups which contains:

Domain Admins:x:2512:
Domain Users:x:2513:
Domain Guests:x:2514:
Domain Computers:x:2515:

Then convert it to an ldif file and add it to FDS

Q: Exactly how to I convert that to an ldif file?
I've read up on LDIFs here -> http://www.novell.com/documentation/...wenu/ldif.html but the quantity of information there has left me bewildered and in need of coffee, or perhaps even beer.

Any assistance greatly appreciated...

[sangamc]

Quote:

Originally Posted by V!ctor

Hi
I have small problem ...
After install - all worked wonderful,
computers join to domain ...
but ...
wbinfo -t
checking the trust secret via RPC calls succeeded
wbinfo -u
Error looking up domain users
wbinfo -u
Error looking up domain users

have you any ideas?

Thank's

i too have the same problem once the configuratioin is done. the only difference is wbinfo -g returns BUILTIN\users which is no where in my fedora directory.

on another note, does anyone have a solif method for configuring the fds dns server. it really helps alot when windows workstations are in a domain with dns configured

[sangamc]

can anyone expand on the instructions for setting up the DNS server? id really like to eliminate the windows pdc's in my netowrk, and this is the last thing holding me up

thx