[Samba] Win2k, Samba 2.2.5 and LDAP

Eddie Lania e.lania at elton.nl
Thu Jul 25 00:32:08 GMT 2002

Hi ?,

I have had the same problem a while ago.

After downloading and installing the smbldap tools, I modified the
smbldap-conf.pm according to my own needs.
Pay special attention to the group (number) parameter for the computers in
the ldap tree and smbldap-conf.pm, and the location of your smbpasswd
program (/usr/local/samba/bin/smbpasswd).

You also need to add the computers group (102 in my case) to the /etc/group


I added the parameter "add user script =
/usr/local/sbin/smbldap-useradd.pm -g 102 -w %u" to my smb.conf.
I restarted the smb and nmb services.

After that I was able to succesfully add a win2k/xpclient pc to the domain.
Later I noticed that the client pc was added to /etc/password AND it was
added twice to my ldap tree, one time as a user in the Users tree and also
as a computer in the Computers tree.
This makes sence to me since samba (smbpasswd) needs to find the pc in the
/etc/passwd file but the authentication is also done to the ldap database.

Look for the Softerra ldap browser and Administrator, they are helpfull

I hope this works for you too?



----- Original Message -----
From: <drgn65 at ufl.edu>
To: <samba at lists.samba.org>
Sent: Thursday, July 25, 2002 3:35 AM
Subject: [Samba] Win2k, Samba 2.2.5 and LDAP

> I can't get a Win2k computer to execute a login script. Also, on both the
> computer and the w2k computer I get this message in their log file
> [2002/07/24 13:27:17, 0] rpc_server/srv_netlog_nt.c:get_md4pw(188)
>   get_md4pw: Workstation sales1$: no account in domain
> sales1 is the XP computer, but I get the exact same error for win2k.  Both
> computers (appear) to log on to the domain (as in, I get no errors).  The
> computer does run the logon script, the win2k does not.
> I have about 10 Win98 computers on my network (all of which work fine). 1
> Win2k and 1 XP Pro computer. I just recently moved to Samba 2.2.5
> with --enable-cups and
> --with-ldapsam I am running OpenLDAP on the same host.
> Here is my snippet of smb.conf
>     ldap admin dn = "cn=Manager, dc=lifesafety, dc=net"
>     ldap server = lifesaver.lifesafety.net
>     ldap ssl = off
>     ldap port = 389
>     ldap suffix = "ou=People, dc=lifesafety, dc=net"
> here is the output of ldapsearch uid=scott$ (win2k computer)
> dn: uid=scott$,ou=People, dc=lifesafety, dc=net
> displayName: NTMachine
> cn: NTMachine
> objectClass: sambaAccount
> pwdLastSet: 0
> logonTime: 0
> pwdCanChange: 0
> pwdMustChange: 0
> rid: 2072
> primaryGroupID: 2079
> lmPassword: 1798EC6B0B0802BAFAF6645E5F76DB8E
> ntPassword: 6971B307565F4A730E594ED40F5132AF
> acctFlags: [W          ]
> uid: SCOTT$
> logoffTime: 2147483647
> kickoffTime: 2147483647
> # search result
> here is its entry in /etc/passwd
> scott$:x:530:533:NTMachine:/dev/null:/bin/false
> Note, I did notice that uid: SCOTT$ is capitalized.  For some reason when
> did the "join Domain" in win2k setup it rewrote the ldap file, and made it
> capitalized.  I have modified the LDAP database to show scott$ but then I
> couldn't even log into the domain.
> Any help on this would be great!
> Thank you so much!
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list