[Samba] Domain authentification problem with LDAP

James Taylor jtaylor at laszlosystems.com
Fri Mar 17 19:45:33 GMT 2006 

Just reported it to IDEALX.  My IE Client did not show the convert to
English function but when you made the comment I swiped my mouse over the
screen and it showed me the link.  I should load Mozilla on this box.

Thanks

James

-----Original Message-----
From: Craig White [mailto:craigwhite at azapple.com] 
Sent: Friday, March 17, 2006 11:27 AM
To: James Taylor
Cc: 'Daniel Tousignant'; samba at lists.samba.org
Subject: RE: [Samba] Domain authentification problem with LDAP

You still should report the problem and your 'fix' to wherever you got
the smbldap-tools package from, be it your distribution or idealx.com

FWIW, I have never seen this issue myself and while I generally use
tools other than idealx to manage users/groups, I do add machines on the
fly which does use the idealx script to accomplish and is the discussion
item...adding machine accounts and getting the proper attributes. This
of course does require a properly configured smbldap-tools configuration
for both 'binding' to LDAP and for attributes, the configuration of
which has been split into 2 files for some time now.

Idealx.com - as I said, the 'English flag' button at the top right takes
you to their English language site.

As for the wiki - that belongs to you - the users - we just try to
maintain some semblance of order.

Craig

On Fri, 2006-03-17 at 11:03 -0800, James Taylor wrote:
> Cool, will post on your wiki...
> 
> -----Original Message-----
> From: Craig White [mailto:craigwhite at azapple.com] 
> Sent: Friday, March 17, 2006 10:58 AM
> To: James Taylor
> Cc: 'Daniel Tousignant'; samba at lists.samba.org
> Subject: RE: [Samba] Domain authentification problem with LDAP
> 
> #1 - click on the 'English flag' button - et voila, English
> 
> #2 - you should at least state which smbldap-tools you are speaking of
> that you have fixed so others have a chance to compare and where you got
> it from, idealx.com or from your distribution, and report the issue to
> the place where it came from.
> 
> #3 - people are likely to ask you for if they are struggling and they
> don't know why and you authoritatively suggest that your solution will
> fix things for them. I think we had a very recent issue where that
> wasn't the problem but the problem lied in his pam/ldap.conf.
> 
> #4 - suggesting that people do a complete replace the file that came
> packaged with their system by one that you have modified doesn't seem
> like the best solution at all...you could offer a 'patch' which should
> throw up an alert if the file looks different or just the suggestions
> about where you have modified the code and why...in fact, we have a wiki
> for that kind of stuff now... http://wiki.samba.org
> 
> Craig
> 
> On Fri, 2006-03-17 at 10:22 -0800, James Taylor wrote:
> > I know that the last 2 versions of the script I am working with are
> missing
> > this function when using the -w switch (as documented) it will NOT add
the
> > sambaSAMAccount information.  I have had several users also request a
copy
> > of this script from me solving their problems with a similar issue.  It
> > seems very odd that there are so many similar issues lately on the posts
> > concerning the (I can't connect to the Domain).  Had it not been for the
> > fact I decided to look at the script itself I would not have found this
> > problem.  Going to the IDEALX site I would love to send them comments
but
> as
> > my French is very minimal not too sure where to go.
> > 
> > Thanks
> > 
> > James
> > 
> > -----Original Message-----
> > From: Craig White [mailto:craigwhite at azapple.com] 
> > Sent: Friday, March 17, 2006 10:09 AM
> > To: James Taylor
> > Cc: 'Daniel Tousignant'; samba at lists.samba.org
> > Subject: RE: [Samba] Domain authentification problem with LDAP
> > 
> > James - this is the second time you have made that reference to the
> > smbldap-useradd script.
> > 
> > There have been a lot and lot of versions of the smbldap-tools and
> > perhaps the version that you are looking at is missing something like
> > that but I assure you that most versions aren't.
> > 
> > Craig
> > 
> > On Fri, 2006-03-17 at 10:03 -0800, James Taylor wrote:
> > > The LDAP users you have created (including the machines) need to have
> the
> > > objectclass: sambaSAMAccount and the subsequent fields.  What are your
> > user
> > > add scripts and machine add scripts you are using.  Also, I have found
> > that
> > > the IDEALX tools have an error in the smbldap-useradd script which
> > includes
> > > that when you use the add machine switch the sambaSAMAccount
information
> > is
> > > not added to the LDAP database.  I do have a copy of this modified
file
> if
> > > you need it.  Otherwise if you can edit the script yourself.
> > > 
> > > James
> > > 
> > > -----Original Message-----
> > > From: samba-bounces+jtaylor=laszlosystems.com at lists.samba.org
> > > [mailto:samba-bounces+jtaylor=laszlosystems.com at lists.samba.org] On
> Behalf
> > > Of Daniel Tousignant
> > > Sent: Friday, March 17, 2006 9:11 AM
> > > To: samba at lists.samba.org
> > > Subject: [Samba] Domain authentification problem with LDAP
> > > 
> > > We use samba 3.0.13 and openldap 2.3.6
> > > Members of the ldap group "Domain Admins" are working fine, but
> > > members of the group "Domain Users" can not login to the domain,
> > > and do not have access to the shares. Also, we are unable to join
> > > a windows xp workstation to the domain.
> > > Can anyone give me a hint where to start looking ... 
> > > 
> > > Thank you
> > > 
> > > 
> > > -- 
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  https://lists.samba.org/mailman/listinfo/samba
> > > 
> > 
> > 
> 
>

More information about the samba mailing list