[Samba] Samba 3.0 PDC+LDAP Help in Fedora Core 1
Sundaram Ramasamy
sun at percipia.com
Fri Jan 9 21:09:03 GMT 2004
Can you put user and computer account in the same tree.
change in smb.conf
ldap machine suffix = ou=User
also change you smbldap_conf.pm file also.
----- Original Message -----
From: "Jason P Holland" <jholland at cs.selu.edu>
To: <samba at lists.samba.org>
Sent: Friday, January 09, 2004 3:08 PM
Subject: [Samba] Samba 3.0 PDC+LDAP Help in Fedora Core 1
>
> Hello,
>
> I am hoping someone will offer some help. I'm currently trying to setup a
> samba 3 PDC with LDAP authentication backend in Fedora core 1. I've read
> loads of documentation, including
>
> http://www.hilinski.net/samba/ldap_PDC_samba.doc
> http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html
> http://samba.idealx.org/samba-ldap-howto.pdf
>
> As well as tons of posts in the mailing list archives, but I still cannot
> get this combination to work.
>
> As for the setup, I've installed Openldap 2.1.22, Samba 3.0.0,
> smbldap-tools-0.8.2. I've run smbpasswd -w to add my slapd.conf password
> to the secrets.tdb file. I've setup smbldap_conf.pl with my correct SID
> and ldap dn. I've populated my ldap database using smbldap-populate.pl,
> everything shows up correctly. I've gone in to the ldap db and fixed
> roots uid and gid as well as its sambaSID so that it can act as
> administrator. As far as I can tell, its setup correctly.
>
> However, when I go to join a W2k Workstation client, I get "The user name
> could not be found.". Thats using root-testing combination from my config
> files. Samba does automatically create the machine account, that looks
> fine. But it refuses to join the machine. Yes, I'm aware of the registry
> hack for XP,W2K machines, and that has also been changed.
>
>
> The weird thing is from that client, who I cannot join, I can view shares
> on the PDC using root-testing user pass combination, so I know the
> authentication is working correctly through ldap. So what does that
> user name not found error really mean?
>
> Does anyone see anything obviously wrong in my config files that would
> cause this? I've cut them into the post below. I would appreciate any
> help as I'm just tired of reading and just can't seem to get past adding
> a machine. Thanks for any help...
>
> Jason
>
>
> --- begin ldap.conf ----
>
> HOST 127.0.0.1
> BASE dc=test,dc=edu
>
> ---- end ldap.conf ----
>
>
> --- begin slapd.conf ----
>
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include /etc/openldap/schema/nis.schema
> include /etc/openldap/schema/inetorgperson.schema
> include /etc/openldap/schema/samba.schema
>
> pidfile /var/run/slapd.pid
> argsfile /var/run/slapd.args
> database bdb
> suffix "dc=test,dc=edu"
> rootdn "cn=root,dc=test,dc=edu"
> rootpw testing
>
> directory /var/lib/ldap
> index objectClass eq
> index cn pres,sub,eq
> index sn pres,sub,eq
> index uid pres,sub,eq
> index displayName pres,sub,eq
> index uidNumber eq
> index gidNumber eq
> index memberUid eq
> index sambaSID eq
> index sambaPrimaryGroupSID eq
> index sambaDomainName eq
> index default sub
>
> ---- end slapd.conf ----
>
>
> ---- begin smb.conf ----
> [global]
> passdb backend = ldapsam
> ldap suffix = "dc=test,dc=edu"
> ldap machine suffix = ou=Computers
> ldap user suffix = ou=Users
> ldap group suffix = ou=Groups
> ldap admin dn = "cn=root,dc=test,dc=edu"
> ldap ssl = no
> idmap backend = ldap:ldap://127.0.0.1
> passwd chat debug = Yes
> passwd program =/usr/local/sbin/smbldap-passwd.pl -o %u
> passwd chat = *new*password* %n\n *new*password:* %n\ *successfully*
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> add machine script = /usr/local/sbin/smbldap-useradd.pl -w %m
> add user script = /usr/local/sbin/smbldap-useradd.pl -a %u
> delete user script = /usr/local/sbin/smbldap-userdel.pl %u
> add group script = /usr/local/sbin/smbldap-groupadd.pl %g
> delete group script = /usr/local/sbin/smbldap-groupdel.pl %g
> add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m %u %g
> delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x %u
%g
> set primary group script = /usr/local/sbin/smbldap-usermod.pl -G %g %u
> workgroup = TEST
> netbios name = donald
> comment = test samba pdc
> security = user
> null passwords = yes
> encrypt passwords = yes
> logon script=logon.bat
> logon drive =
> logon path =
> domain master = yes
> domain logons = yes
> preferred master = yes
> os level = 33
> wins support = yes
> wins proxy = no
> log file = /var/log/samba/%m.log
> public = No
> browseable = yes
> writable = No
>
> ; necessary share for domain controller
> [netlogon]
> path = /netlogon
> locking = no
> read only = yes
> write list = ntadmin
>
> ;test share
> [tmp]
> writeable = yes
> public = yes
> path = /tmp
>
> [profiles]
> path = /profiles
> read only = no
> writeable = yes
> create mask = 0600
> directory mask = 0700
>
> ---- end smb.conf ---
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list