[Samba] Samba PDC With LDAP Backend, Failed to initialise SAM_ACCOUNT for user

zdennis zdennis at mktec.com
Wed Jul 12 14:39:04 GMT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cybionet wrote:
> Greating Zach,
> 
> Samba 3 with LDAP backend work perfectly without problem (For Windows
> and Linux client). But be sure that your configuration are OK. With the
> log, I can suppose that you can’t reach your LDAP directory entry and
> the Aries computer don’t exist in the LDAP directory.


[snip]

Changes have been made to my smb.conf. At the point I tried to use "smbpasswd -m -a aries" Aries did not exist in LDAP. I thought
smbpasswd would add Aries$ to LDAP. Is this not correct?

If I use smbldap-useradd it works successfully. If I add a user account or a machine account with smbldap-useradd, I can then
successfully use smbpasswd to change that user's password.

It seems like the user or machine account must exist in LDAP before smbpasswd can be used. Is this correct?

> 
> After that, be sure that you have done this command. Samba need it to
> access LDAP. It’s the cn=admin,dc=mktec,dc=com password.
> 
>   smbpasswd -w password

Yep, did.

> 
> Also check that the ldap.conf in /etc/openldap/ldap.conf is OK. He must
> be like that.
> 
> BASE dc= mktec,dc=com
> URI ldap://127.0.0.1
> 
> rootbinddn cn=admin,dc=mktec,dc=com
> scope one
> ldap_version 3
> pam_filter objectclass=posixAccount
> pam_login_attribute uid
> pam_member_attribute memberuid
> pam_password exop
> 
> #Base parameters.
> nss_base_passwd dc=mktec,dc=com
> nss_base_shadow dc=mktec,dc=com
> 
> # Advanced parameters.
> nss_base_passwd ou=Users,dc=mktec,dc=com?sub
> nss_base_shadow ou=Users,dc=mktec,dc=com?sub
> nss_base_group ou=Groups,dc=mktec,dc=com?sub
> 
> # Why don’t use Computers in your DIT?
> # nss_base_hosts ou=Computers,dc=mktec,dc=com
> nss_base_hosts ou=Users,dc=mktec,dc=com

Ok, I made my changes for this in /etc/libnss-ldap.conf.


> 
> Did your Samba server can ping yourservername.mkteck.com? If not, ajust
> your resolv.conf (if you use BIND) or/and add the map in the hosts file.
> And at last, be sure the mktec.com, the computer Aries$ and
> cn=admin,dc=mktec,dc=com exist in LDAP directory.

Samba and LDAP reside on the same server. It is currently not resolvable outside of ip address except for DNS SRV records which
are used for my winboxes to find the PDC. Aries is a mobile client that uses dhcp, so aries.mktec.com is not resolvable. Am I
missing something?

I tried again and I get the same error as before when trying to use smbpasswd to add a user or machine account to LDAP.

Thanks again for your reply,

Zach
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFEtQmIMyx0fW1d8G0RAudvAJ9e4hWyW8GAxNjcc8C+1TbyBYFHDwCeJcP/
c7+kCKxjvWSsDmP/FQaciQs=
=cn6I
-----END PGP SIGNATURE-----

More information about the samba mailing list