Talk:OES as PDC
Have any questions or comments about creating an eDirectory-enabled Primary Domain Controller? Want something clarified? Post here and I'll try to answer them.
- 1 SMB.conf Security Settings
- 2 Setting Admin UID with iManager
- 3 Using eDirectory Groups in the PDC
- 4 SambaDomain not updating correctly if Hostname and Domain are the same
- 5 Problem when adding Admin to primary group 'Domain Admins'
- 6 NTLM using Novell edirecotry
- 7 Windows Login Scripts
- 8 Event notification
SMB.conf Security Settings
Answer: All smb.conf values not specified should be left at their OES defaults. OES's default for security is security = user, so you are correct. I'll add a note to the main page.
--Justin Grote - Network Architect - JWG Networks 13:50, 26 April 2006 (MDT)
Setting Admin UID with iManager
- What is the message you get about iManager not being able to assign UID 0?
- Did you substitute your admin password for Adm1nPW?
- Are you running OES SP2? You need the version of Samba that comes with it, OES SP1 or earlier will NOT work.
- Did you make sure that the LDAPsearch mentioned in the article returned a SambaGroupIDNumber of 512?
- Is your Admin user LUM and Samba enabled?
- To give Admin a UID number of 0 (you shouldn't have to do this), You should go to the "Modify Object" tab of eDirectory Administration in iManager, select the user, go to the "Other" tab, and change the uidNumber to 0 (it should be in the neighborhood of 600 or so)
Reply: solved after samba enabling the user. the article doesn't say to samba enable the admin, =)
Using eDirectory Groups in the PDC
Answer: Yes, absolutely. Just use the net groupmap command to map each LUM-enabled Group to a Samba group, just don't include the "rid" option, as the rid of these groups doesn't have to be special and should be autogenerated.
SambaDomain not updating correctly if Hostname and Domain are the same
Answer: Don't name your domain the same as the hostname..
It might be that it is connected to something else as well as I have completely reconstructed the samba entries in edir.
Problem when adding Admin to primary group 'Domain Admins'
when I tried to enable Admin for linux, it was not possible for me to assign him the group 'Domain Admins' as primary group. The reason: Admin was already linux enabled with the primary group 'admingroup' and it was not possible for me to remove this. So 'Domain Admins' was only a secondary group of Admin, and this was not enough (it was not possible to grant SeMachineAccountPrivilege to Admin). Also Admin had from some earlier tests a wrong sambaPrimaryGroupSID, and I couldn't find out how to remove this. Is it possible to remove a wrong LUM- and Samba-Configuration from an existing user?
My solution: I created a Samba-Admin with Supervisor-Rights to the tree, enabled this user for Linux and Samba, changed the samba ldap admin in smb.conf to this user, and added the password with 'smbpasswd -w <pwd>' to secrets.tdb.
Now it works for me, I am able to add computers to the domain and I can log on to the domain.
NTLM using Novell edirecotry
I have installed novell edirectory in my win2000 server which is part of a domain.Prior to novell i was using NTLM
with Active directory services.Now instead of ADS i want to use edirectory.Can you please tell me how i have to configure the NTLM to work with Novell directory services instead of ADS.
By default NTLM always checks for the ADS.How to configure the NTLM to work with edirectory?
Windows Login Scripts
Your document has helped me quite a bit in setting up this system. I am wondering if you have any documentation to the effect of setting up Windows Login scripts in this environment. Can it be done and if so how?
Thanks in Advance
I have developed a client application to work as a Change notification (add/delete/modify) agent to Novell eDirectory 8.8. My query goes like this: if my client application goes down, and by that time it may happen that some entries get deleted from backend, when client comes up again, how can I get details of deleted entries?
Can anybody please help me out to know, is there any node in Novell edirectory, which stores deleted entries. Or is ther any way to keep track of deleted entries in ther Novell edirectory server?