[Samba] Cannot join Win2k with Samba+LDAP PDC

[Dennis Lattka]

NSC - NetworkServiceCenter wrote:

>hi dennis
>
>  
>
>>I cannot join a Win2k machine to the Samba LDAP PDC. Have added a root
>>account in ldap
>>    
>>
>did you set the password with >>smbpasswd -w PASSWORD -D
>uid=root,dc=TEST,dc=NET<< ? you need the root password to bind stored in
>secrets.tdb. after this, set the password stored in the dit with
>  
>
>>>smbpasswd root<< .
>>>      
>>>
>
>  
>
>>added the machine in /etc/passwd and added the machine
>>via smbpasswd but to no avail. I have turned up logging to level 3 and
>>    
>>
>why in /etc/passwd and not in the directory-tree (dit)?
>make an entry for the ws in the dit and set the passwd with >>smbpasswd -m -
>a CLIENTNAME$<<.
>
>it should work now, but only if your pam.d files and nsswitch.conf where
>modified correctly!
>nsswitch.conf can you test with >>getent passwd<<. if you get entries
>from /etc/passwd and the dit your nsswitch.conf is configured correctly
>
>i hope i could help
>lg
>thomas reisenbichler
>
>
>  
>
Thanks. I think the problem may lie in the fact that the rootdn for our 
ldap db is cn=manager,dc=... and when I set the password in samba using 
smbpasswd -w PASSWORD it responds :

Setting stored password for "cn=Manager,dc=... in secrets.tdb

I have created a "root" user in ldap and even set it up with the same 
password. I noticed that when I try to add a machine using different 
users samba will do a search using the following search parameters :

(&(uid=username)(objectclass=sambaAccount))

which means the ldap rootdn when set to cn=Manager may create problems. 
I don't really want to reset the rootdn and would hope that this is in 
fact not the real issue.

I would like to say thank you, in all sincerity, for the quick, rapid 
response. I'm still always amazed with the opensource community and it's 
willingness to respond and help others. Thank you!