[Samba] LDAP Domain Trust

Arthur H. Johnson II arthur at linuxbox.nu
Thu Aug 8 13:30:03 GMT 2002 

I have a small problem.  I'm an LDAP newbie, and am having trouble getting
Samba to authenticate.  What I have is an LDAP tree, with the samba.schema
loaded in out LDAP configuration.  I already tested smb.conf without
ldap-sam compiled in, and it authenticates just fine to smbpasswd and
locally added machine trust accounts.

Submitted for your assistance:

Prelim:

1. WSName = workstation name
2. TESTDOM = domain name
3. myuser = User in LDAP database
   a. authenticated via smbpasswd
4. Joined domain as configured with LDAP with smbpasswd


On Server:

1. User accounts added
2. run:  smbldap-useradd.pl -w WSName
   a. Not sure where the perl script came from
   b. LDAP was set up for my by my boss
3. Added "root" user to LDAP


On XP: First Run

1. Edit registry to zero out requiresignorseal
2. Reboot
3. right click on My Computer, to to properties
4. Go to Computer Name, click on Change
5. Make sure name is:  WSName
6. Click on Domain, add "TESTDOM" to domain field
7. Asks for user allowed access, enter "root" user and pass
8. After long wait, it says "Welcom to domain...." blah blah
9. Reboot, try to authenticate as "myuser"
   a. Says something about not being able to find the domain
10. Log in as administrator local, says that I am joined to the
    domain.

On XP, second run:

1. right click on My Computer, go to properties
2. go to computer name, go to Network ID
3. Follow directions in Wizard
4. When I get to the final window, where it asks to
   add a user, it tells me that it cant establish a
   "Trust Account" with the server.  WTF?

Like I said, when I manually add all the info in Samba's smbpasswd with
Samba compiled without LDAP, everything goes smooth.  I can auth as
different users, etc.

Any help out there?  We are a commercial company and would be willing to
pay someone.  I have a feeling this has something to do with Samba and
LDAP not playing well together.  My LDAP samba.schema is located here:

http://arthur.linuxbox.nu/samba.schema

-- 

Arthur H. Johnson II
Senior Systems Engineer

The Linux Box
206 S. Fifth Ave. Suite 150
Ann Arbor, MI  48104

tel.  734-761-4689
fax.  734-769-8938
pgr.  734-882-0323

More information about the samba mailing list