[Samba] Samba 2.2.3a + LDAP Domain Logons

Gonzalo Servat gonzalo at linuxaus.com
Sat Feb 16 07:24:26 GMT 2002

Hi all

After 6 odd hours of trying to get this to work I thought I'd email the
list incase someone can point out my mistake.

I have a setup at home with samba (2.2.3a), LDAP, nss-ldap and domain
logons work fine from 95/98/W2K/XP

I then go to a brand new server in another location. Do the exact same
setup (i even copied smb.conf and changed the netbios name, etc)

I can do domain logons from Win95/98 but W2K/XP report "Access Denied"
(once I type in the login/password for the admin user to join the
My user is called ntadmin and is part of the 'sysadmin' group. If I do a
'id ntadmin' it shows that the user is part of the group sysadmin.
In my smb.conf I have 'domain admin group = @sysadmin'
I have even exported the machine account I have on my home LDAP tree and
imported it on this new machine (of course, changing the dn, uid,
uidNumber, rid, etc) and it simply does not work. It always says Access

The only error that I can see in the log file is:

ldap_open_connection: Cannot use LDAP when not root

followed by the all-around-famous "NT_STATUS_ACCESS_DENIED" message in
the logs.

I would reaaaaaaally appreciate it if anyone had any ideas/suggestions
to throw my way on this problem. I'm going bald here!

Thanks in advance!


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20020216/63b7e5bf/attachment.bin

More information about the samba mailing list