[Samba] Second Post: Unable to add user with Samba 2.2.7 - LDAP
- PDC
Buchan Milne
bgmilne at cae.co.za
Thu Jan 16 17:16:00 GMT 2003
> Message: 5
> From: "Matthieu Turpault" <matthieu.turpault at comelis.fr>
> To: "Samba" <samba at lists.samba.org>
> Date: Thu, 16 Jan 2003 11:27:30 +0100
> Subject: [Samba] Second Post: Unable to add user with Samba 2.2.7 - LDAP - PDC
>
> Hello,
>
> I did not have any response of my first mail. Perhaps I did not be enough
> clear:
>
> Since I have installed the latest version of samba (2.2.7), I can't see
> user of my domain with the Win2K User management console. I have try to
> change several attribute in my user ( in particular acctFlags ) but I cannot
> manage with making my system works.
>
(BTW, are you using RPMs or not? If so, which ones please?).
> Do you have any idea ?
>
See below ...
> Thanks in advance
>
> Matthieu Turpault
>
> Appendice:
> - a sample of a user in my LDAP directory
> - my first post
>
> -----------------------------------------------------------
>
> =====================================================
> A sample of a user in my LDAP directory:
> =====================================================
>
> dn: uid=mat,ou=users,o=comelis
> loginShell: /bin/bash
> objectClass: cmlsPerson
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: sambaAccount
> objectClass: account
> objectClass: posixAccount
> objectClass: top
> objectClass: qmailUser
> sn: Turpault
> gecos: Matthieu Turpault
> mail: matthieu.turpault at comelis.fr
> qmailGID: 100
> givenName: Matthieu
> uidNumber: 1002
> homeDirectory: /homes/matthieu
> pwdLastSet: 1042190742
> logonTime: 0
> logoffTime: 2147483647
> kickoffTime: 2147483647
> pwdCanChange: 0
> pwdMustChange: 2147483647
> displayName: Matthieu Turpault
> cn: Matthieu Turpault
> rid: 998
> primaryGroupID: 999
> acctFlags:: IFtVWCAgICAgICAgIF0= ( ie [UX ] )
> gidNumber: 100
> uid: mat
>
[...]
>
> -------------- my smb.conf --------------------
> [global]
> workgroup = MDKGROUP
> server string = Samba Server %v
> log file = /var/log/samba/log.%m
> max log size = 5000
> security = user
> encrypt passwords = yes
> ldap admin dn = "cn=manager,id=1"
Should this not be something like 'ldap admin dn =
"cn=manager,o=comelis"? Or does :
$ ldapsearch -x -h ldap.comelis.fr -D "cn=manager,id=1" -W "(uid=mat)"
work for you (with the password you have added to samba with 'smbpasswd
-w <password> when prompted)?
> ldap server = ldap.comelis.fr
> ldap ssl = off
> ldap port = 389
> ldap suffix = "id=1"
As above, I think this needs to be "o=comelis", unless the following
works for you:
$ ldapsearch -x -h ldap.comelis.fr -b "id=1" "(uid=mat)"
> ldap filter = "(&(uid=%u)(objectclass=sambaAccount))"
> unix password sync = Yes
> passwd program = /usr/share/samba/scripts/smbldap-passwd.pl %u
> passwd chat = *New*password*:* %n\r *Retype*new*password*:* %n\r
> *all*authentication*tokens*updated*successfully*
We use 'pam password change = yes" and have pam_ldap in the passwd
section on /etc/pam.d/samba instead.
Buchan
--
|--------------Another happy Mandrake Club member--------------|
Buchan Milne Mechanical Engineer, Network Manager
Cellphone * Work +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering http://www.cae.co.za
GPG Key http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
More information about the samba
mailing list