[Samba] Samba and LDAP backend - howto docs problems?

John H Terpstra jht at samba.org
Tue Mar 9 23:36:08 GMT 2004 

On Wed, 10 Mar 2004, Graham Leggett wrote:

> Hi all,
>
> I have followed the instructions at
> http://samba.mirror.ac.uk/samba/docs/man/passdb.html in an attempt to

Ok. I am one of the authors of that. It should work. Email me you
smb.conf file and I will try to help.

> set up a Samba v3.0.2 (supplied by Redhat as part of RHEL v3.0) PDC.
>
> I have got as far as trying to get a windows 2k box to join this new
> domain that I have created, however this fails with the error "Logon
> failure: unknown user name or password".
>
> Samba itself logs nothing of this failure.
>
> Looking at the LDAP logs, I see that Samba is trying to do the following
> LDAP search:
> (&(&(uid=admin)(objectClass=sambaSamAccount))(objectClass=sambaSamAccount))
>
> This search fails, because the ldif displayed in the howto does not
> include the sambaSamAccount objectclass in the admin object:
>
> dn: cn=admin,ou=People,dc=quenya,dc=org
> cn: admin
> objectclass: top
> objectclass: organizationalRole
> objectclass: simpleSecurityObject
> userPassword: {SSHA}c3ZM9tBaBo9autm1dL3waDS21+JSfQVz
>
> Does anyone have any step by step instructions for getting a Win2k box
> to join a Samba domain that is known to work?

Fully documented step-by-step instructions that work with SuSE and Red Hat
are in the new book "Samba-3 by Example" - can be ordered from Amazon.Com
now. Will ship starting March 26th.

Have you also checked chapter 2 of TOSHARG (The Official Samba-3 HOWTO and
Reference Guide)? While not as comprehensive as the new book, this chapter
was the seed that started the avalance of the "Give us more ..." litany
that resulted in "Samba-3 by Example".

Have you set up your scripts?
	- add user script
	- delete user script
	- add machine script
	- add group script
	- delete group script
	- add user to group script
	- etc.

Have you test driven each manually to prove that it works?

Have you configured nss_ldap and proven that it works?
	ie: getent passwd
	    getent group

Does:
	pdbedit -Lw

list the users in the old smbpasswd format?

Many, many more questions ... what have you done to demonstrate that each
element of your configuration works?


Cheers,
John T.
-- 
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list