rid and pwdLastSet set with 2.2.2 and Lotus Notes Ldap

KFuerstberger at haitec.de KFuerstberger at haitec.de
Tue Oct 23 05:15:49 GMT 2001


Hi all,

I use a 2.2.2 PDC and Notes Ldap. After many tests and a few grey hair I
succeeded in joining the domain  with w2k and xp and announcing me as a
user whereby the accounts are stored in the LDAP directory of a Lotus Notes
Server.
I make the following:
In order to generate a machine account:
If I try to generate an account with smbpasswd, then that fails, user not
found. Therefore I first generate a SambaAccount for the machine in the
LDAP directory  with uid and uidNumber, the other fields empty. Now an
smbpasswd:

smbtest:/usr/local/samba/bin# ./smbpasswd -D 2 -a -m nttest
ldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
ldap_search_one_user: searching for:[(&(uid=nttest
$)(objectclass=sambaAccount))]
get_single_attribute: [uid] = [nttest$]
Entry found for user: nttest$
get_single_attribute: [sambaDomain] = [NULL]
get_single_attribute: [pwdLastSet] = [0]
get_single_attribute: [logonTime] = [0]
get_single_attribute: [logoffTime] = [0]
get_single_attribute: [kickoffTime] = [0]
get_single_attribute: [pwdCanChange] = [0]
get_single_attribute: [pwdMustChange] = [0]
get_single_attribute: [gecos] = [NULL]
get_single_attribute: [homeDrive] = [NULL]
get_single_attribute: [smbHome] = [\\%N\]
get_single_attribute: [scriptPath] = [NULL]
get_single_attribute: [profilePath] = [\\%N\\profile]
get_single_attribute: [description] = [NULL]
get_single_attribute: [userWorkstations] = [NULL]
get_single_attribute: [rid] = [0]
get_single_attribute: [primaryGroupID] = [NULL]
get_single_attribute: [lmPassword] = [67E5DC9874306DC5AAD3B435B51404EE]
get_single_attribute: [ntPassword] = [BC1A251B15F2F27F4118CE32EF8090DA]
get_single_attribute: [acctFlags] = [[U          ]]
ldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
ldap_search_one_user: searching for:[(&(uid=nttest
$)(objectclass=sambaAccount))]
Setting entry for user: nttest$
successfully modified uid = nttest$ in the LDAP database

Here the "acctFlags" are not set to "W", and the rid=0.
When I trie to join the domain I got the uid was found, but the rid=21420
was not found, hmm...
[2001/10/23 13:57:03, 0] passdb/pdb_ldap.c:pdb_getsampwrid(750)
  We don't find this rid [21420] count=0
So I delete the lmPassword Hash Entry and the ntPassword Hash Entry, set
acctFlags to [W          ], and rid to 21420
Now I can join the domain from win xp client.
Is this not implemented in smbpasswd to set the entries or make I an error?

If I try afterwards to log in as a user , function also, I requested to
modify my password, also ok. Nevertheless smbpasswd modify not the entry "
pwdLastSet" in the LDAP directory. So if I log in thus again, I again
requested the password to modify...

Any hints?
Thanx Klaus








More information about the samba-ntdom mailing list