Samba-3.0-alpha19 as PDC and Openldap

georges.goebel at georges.goebel at
Fri Aug 23 06:07:00 GMT 2002


I have installed Openldap 2.0.23 and downloaded the alpha version of Samba
(Samba-3.0-alpha19)  because I need the "userWorkstations" attribute of the 
samba.schema. With Samba 2.2.5, everything works fine but 
the "userWorkstations" attribute is not implemented, which I need. After having 
compiled the alpha version of Samba 3.0, I took the same configuration file and 
changed some parameters. Now the "userWorkstations" attribute is respected 
(some users may only login on their own machine), but I am not able to login to 
the Domain from a Windows 2000 SP2 client. With the command: "net use 
\\servername\sharename /user:name" I may access the share name (only when the 
user is on the machine I specified in userworkstations), but I cannot join the 
domain under Windows.

My Question now: Is it POSSIBLE to join a domain with ldap password 
authentification und samba 3.0 alpha, or do I have to wait for the release ?

I try under Red Hat 7.2 and Solaris 9

Here my global section:


   workgroup = SIN-NT2
   netbios name = testlinux
   server string = samba / nfs
   encrypt passwords = yes
   passwd program = /usr/local/smbldap-tools-0.7/ -o %u
   passwd chat = *new*password* %n\n *new*password* %n\n *successfully*
   unix password sync = yes

   log file = /var/log/samba/%m.log
   log level = 7
#   max log size = 0

   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

   domain logons = yes
   os level = 255 
   preferred master = true
   domain master = true
   dns proxy = no
   wins support = no

   ldap suffix = dc=pch,dc=etat,dc=lu
   ldap admin dn = cn=Manager,dc=pch,dc=etat,dc=lu
   ldap filter = (&(uid=%u)(objectClass=sambaAccount))
   ldap machine suffix = ou=Computers,dc=pch,dc=etat,dc=lu
   ldap user suffix = ou=Users,dc=pch,dc=etat,dc=lu
   ldap ssl = no

   security = user

   passdb backend = ldapsam_nua
   use spnego = no

   add machine script = /usr/local/smbldap-tools-0.7/ -w %u
   add user script = /usr/local/smbldap-tools-0.7/ -a %u
#   domain admin group = @"Domain Admins"

   logon path = \\TESTLINUX\profiles\%u
   logon home = \\TESTLINUX\%u
   logon drive = H:
   logon script = start.bat



This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
mswadmin at

This footnote also confirms that this email message has been swept
 for the presence of computer viruses.

More information about the samba-technical mailing list