Talk:OES as PDC

From MicroFocusInternationalWiki
Revision as of 09:59, 8 February 2007 by Pridg17 (Talk | contribs) (Event notification)

Jump to: navigation, search

Have any questions or comments about creating an eDirectory-enabled Primary Domain Controller? Want something clarified? Post here and I'll try to answer them.

--Justin Grote - JWG Networks 19:38, 13 April 2006 (MDT)

SMB.conf Security Settings

What are your security settings in smb.conf (security = user ?)
-B Sundqvist

Answer: All smb.conf values not specified should be left at their OES defaults. OES's default for security is security = user, so you are correct. I'll add a note to the main page.
--Justin Grote - Network Architect - JWG Networks 13:50, 26 April 2006 (MDT)

Setting Admin UID with iManager

I can't get "Successfully granted rights." message after "net -U Admin%Adm1nPW rpc rights grant Admin SeMachineAccountPrivilege".
I get no message and imanager can't assign UID 0 to admin user. Is there another way to assign UID=0 to admin user?


  • What is the message you get about iManager not being able to assign UID 0?
  • Did you substitute your admin password for Adm1nPW?
  • Are you running OES SP2? You need the version of Samba that comes with it, OES SP1 or earlier will NOT work.
  • Did you make sure that the LDAPsearch mentioned in the article returned a SambaGroupIDNumber of 512?
  • Is your Admin user LUM and Samba enabled?
  • To give Admin a UID number of 0 (you shouldn't have to do this), You should go to the "Modify Object" tab of eDirectory Administration in iManager, select the user, go to the "Other" tab, and change the uidNumber to 0 (it should be in the neighborhood of 600 or so)

--Justin Grote - Network Architect - JWG Networks 09:24, 10 May 2006 (MDT)

Reply: solved after samba enabling the user. the article doesn't say to samba enable the admin, =)

Yep, you're right. I added that, thanks for the note. --Justin Grote - Network Architect - JWG Networks 11:22, 10 May 2006 (MDT)

Using eDirectory Groups in the PDC

Is it ok to groupmap other LUM enabled groups to see them when creating policies?
I am trying to use nitrobit group policy to create group policies but can't see other groups then Domain Admins, Domain Guests etc. which we have enabled before.

Answer: Yes, absolutely. Just use the net groupmap command to map each LUM-enabled Group to a Samba group, just don't include the "rid" option, as the rid of these groups doesn't have to be special and should be autogenerated.

--Justin Grote - Network Architect - JWG Networks 07:54, 18 May 2006 (MDT)

SambaDomain not updating correctly if Hostname and Domain are the same

When I try 'net getlocasid' I get the following error:

Adding domain info for WAYS failed with NT_STATUS_UNSUCCESSFUL SID for domain GWAYS-W is: S-1-5-21-2818485225-3817732705-1415268070

The log files indicate that the SambaDomainName has already an entry.

Answer: Don't name your domain the same as the hostname.. It might be that it is connected to something else as well as I have completely reconstructed the samba entries in edir.

Response: I'll add a note to the article.
--Justin Grote - Network Architect - JWG Networks 19:52, 14 June 2006 (MDT)

Problem when adding Admin to primary group 'Domain Admins'


when I tried to enable Admin for linux, it was not possible for me to assign him the group 'Domain Admins' as primary group. The reason: Admin was already linux enabled with the primary group 'admingroup' and it was not possible for me to remove this. So 'Domain Admins' was only a secondary group of Admin, and this was not enough (it was not possible to grant SeMachineAccountPrivilege to Admin). Also Admin had from some earlier tests a wrong sambaPrimaryGroupSID, and I couldn't find out how to remove this. Is it possible to remove a wrong LUM- and Samba-Configuration from an existing user?

My solution: I created a Samba-Admin with Supervisor-Rights to the tree, enabled this user for Linux and Samba, changed the samba ldap admin in smb.conf to this user, and added the password with 'smbpasswd -w <pwd>' to secrets.tdb.

Now it works for me, I am able to add computers to the domain and I can log on to the domain.


Erhard Gruber

NTLM using Novell edirecotry


      I have installed novell edirectory in my win2000 server which is part of a domain.Prior to novell i was using NTLM

with Active directory services.Now instead of ADS i want to use edirectory.Can you please tell me how i have to configure the NTLM to work with Novell directory services instead of ADS.

By default NTLM always checks for the ADS.How to configure the NTLM to work with edirectory?

Thanks, Jai

Windows Login Scripts

Your document has helped me quite a bit in setting up this system. I am wondering if you have any documentation to the effect of setting up Windows Login scripts in this environment. Can it be done and if so how?

Thanks in Advance

Event notification

I have developed a client application to work as a Change notification (add/delete/modify) agent to Novell eDirectory 8.8. My query goes like this: if my client application goes down, and by that time it may happen that some entries get deleted from backend, when client comes up again, how can I get details of deleted entries?

Can anybody please help me out to know, is there any node in Novell edirectory, which stores deleted entries. Or is ther any way to keep track of deleted entries in ther Novell edirectory server?