[Samba] XP Join Samba 3 ; cannot find user name
L.P.H. van Belle
belle at bazuin.nl
Tue Jul 5 14:03:03 GMT 2005
Hi,
Im having a problem while joining my domain.
i use samba 3.014a, ldap , samba as PDC.
When my XP is joinin the domain, i say's
cannot find user name
BUT !! when i look in my ldap database,
the new computer is created in the OU=Computers
i use the idealx setup and tools.
It was working, but i changed something and i don't know anymore what i
changed.
i must be a nss / ldap problem.
here are some configs
-------------------------------------------------
/etc/ldap/ldap.conf ( client )
HOST 127.0.0.1
BASE dc=rotterdam,dc=bazuin,dc=nl
TLS_CACERT /etc/ldap/ssl/ldap-cacert.pem
TLS_REQCERT try
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
-------------------------------------------------
/etc/ldap/slapd.conf
allow bind_v2
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/samba.schema
include /etc/ldap/schema/autofs.schema
include /etc/ldap/schema/rolodap.schema
include /etc/ldap/schema/postfix.schema
schemacheck on
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd.args
#The <hash> to use for userPassword generation. One
#of {SSHA}, {SHA}, {SMD5}, {MD5}, {CRYPT},
#KERBEROS}, {SASL}, and {UNIX}. The default is {SSHA}.
password-hash {MD5}
loglevel 0
#
# loglevel Logging description
# -1 enable all debugging
# 0 no debugging
# 1 trace function calls
# 2 debug packet handling
# 4 heavy trace debugging
# 8 connection management
# 16 print out packets sent and received
# 32 search filter processing
# 64 configuration file processing
# 128 access control list processing
# 256 stats log connections/operations/results
# 512 stats log entries sent
# 1024 print communication with shell backends
# 2048 print entry parsing debugging
#
modulepath /usr/lib/ldap
moduleload back_bdb
#Server and CA Certificates
TLSCipherSuite HIGH:MEDIUM:+SSLv3
TLSCertificateFile /etc/ldap/ssl/ldap-servercrt.pem
TLSCertificateKeyFile /etc/ldap/ssl/ldap-serverkey.pem
TLSCACertificateFile /etc/ldap/ssl/ldap-cacert.pem
sasl-realm rotterdam.bazuin.nl
sasl-host ldap.rotterdam.bazuin.nl
#######################################################################
# Specific Backend Directives for bdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend bdb
#######################################################################
# Set the entry cache size to 5000.
#
# This value is separate from the set_cachesize value set in
# the DB_CONFIG file under the bdb directory. That value
# should be set as well to optimize database caching for the
# Berkeley DB subsystem.
#
#cachesize 5000
#######################################################################
# Set transactional checkpoint (writing of changed data to
# to disk) to occur when either
#
# 512 Kilobytes of data have been written to the bdb sub-
# system.
# 720 Minutes have passed since the last checkpoint.
## the default
checkpoint 512 720
#######################################################################
# Specific Directives for database #1, of type bdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database bdb
suffix "dc=rotterdam,dc=bazuin,dc=nl"
rootdn "cn=admin,dc=rotterdam,dc=bazuin,dc=nl"
rootpw #### CHANGED ####
directory "/var/lib/ldap"
checkpoint 128 30
### !!!!! Always run slapindex(8) after changing indices!!!!!!
### and first STOP the LDAP SERVER ( /etc/init.d/slapd stop )
index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName pres,eq,sub
index memberUid,mail,givenname eq,subinitial
index sambaSID,sambaPrimaryGroupSID,sambaDomainName, eq
index mailLocalAddress eq
### Addressbook entries
index memberof eq
index active,userscode eq,sub,pres
index companyname eq,sub,pres
## default index
index default pres,eq
lastmod on
#cachesize 1000
#dbcachesize 10000
replogfile /var/lib/ldap/replog
# Access list for samba
# uses user admin (the rootdn) at the moment.
#
include /etc/ldap/samba-access.conf
# Access list for the ou=addressbook and user addressbook
# use user addressguest for outlook
#
include /etc/ldap/address-access.conf
## GLOBAL ACCESS
access to dn.base="dc=rotterdam,dc=bazuin,dc=nl"
by dn="cn=admin,dc=rotterdam,dc=bazuin,dc=nl" write
by * read
# The admin dn has full write access, everyone else
# can read everything.
access to *
by dn="cn=admin,dc=rotterdam,dc=bazuin,dc=nl" write
by * read
-------------------------------------------------
#/etc/ldap.conf ( and libnss-ldap.conf ) these are the same.
host 127.0.0.1
base dc=rotterdam,dc=bazuin,dc=nl
ldap_version 3
rootbinddn cn=admin,dc=rotterdam,dc=bazuin,dc=nl
timelimit 30
bind_timelimit 30
idle_timelimit 3600
pam_password md5
nss_base_passwd ou=Users,dc=rotterdam,dc=bazuin,dc=nl?one
nss_base_shadow ou=Users,dc=rotterdam,dc=bazuin,dc=nl?one
nss_base_group ou=Groups,dc=rotterdam,dc=bazuin,dc=nl?one
nss_base_hosts ou=Computers,dc=rotterdam,dc=bazuin,dc=nl?one
-------------------------------------------------
# /etc/nsswitch.conf
passwd: compat ldap
group: compat ldap
shadow: compat ldap
hosts: files dns ldap
networks: files ldap
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
--
*** Bazuin & Partners Managed E-mail Filter scanned this email for viruses ***
More information about the samba
mailing list