Windows 2000 Domain Logon with LDAP backend

Joachim.Tork at gad.de Joachim.Tork at gad.de
Thu Oct 18 03:44:04 GMT 2001


Hello everybody,

I am trying to perform a Windows 2000 Domain Logon on a Samba-2.2.2 Server
compiled with ldapsam against an ldap server. Unfortunately it isn't
working.

I think that my smb.conf is alright because the logon is working fine when
I compile
the samba source without ldapsam and use the smbpasswd  file as the
password
storage.

So it may be caused by a misconfiguration of my ldap-server. So that's what
I have done:

1. I created an ldapserver containing sambaAccounts (+posixAccounts, cause
I use
this server for Linux authentification).
2. I put a samba user -xgadjto- into it with posix root previleges to be an
admin
3. I made this user known using - username map = filename - in smb.conf,
addintionally
    with admin users xgadjto (I don't know if this is necessary)
4. I gave this user windows passwords using -smbpasswd xgadjto-. These
passwords
    were successfully stored in the ldap database.
5. Next I wrote a small perl script named user_add.pl. This scripts adds an
user to the
    ldap database with the necessary attributes.
6. I made this script known in smb.conf with - add user script.
7. I put the needed ldap configurations in smb.conf

I can see from the log-Files that my script is used and a maschine account
is created
in the ldap database. But unhappily that's it. :-(

On my Windows machine a get an error window saying "Username not found
(translated from
german: Benutzername nicht gefunden.)"

On log.smbd I can see this messages apart from others:

[2001/10/18 10:53:00, 0] rpc_server/srv_samr_nt.c:
_samr_delete_dom_user(2673)
  _samr_delete_dom_user: Not yet implemented.

May this be the reason why the logon fails ?

Can anybody help or has anybody realized such a domain logon and give me
tips ?

Best regards

Joachim





More information about the samba-ntdom mailing list