[Samba] Samba 3.0 + LDAP

[Gonzalo Servat]

On Tue, 2002-05-28 at 18:10, abartlet at samba.org wrote:
> On Tue, May 28, 2002 at 10:09:12AM +1000, Gonzalo Servat wrote:
> > Hi All
> > 
> > I've compiled Samba 3.0 alpha 17 using --with-ldapsam. In smb.conf I've
> > got:
> > 
> > passdb backend = ldapsam
> > ldap admin dn = "cn=Manager,o=Sambatest,c=AU"
> > ldap suffix = c=AU
> > ldap ssl = off
> > 
> > ... and the admin dn password is in the secrets.tdb file.
> > 
> > Other than missing an "n" in "backend", :), is there anything clearly
> > wrong with my setup? Am I missing a configuration directive in smb.conf?
> 
> You need to set that to 'passdb backend= ldapsam:ladp://ldap.server:port

Ah ha! Thanks. That did it...

Another question. I've mapped the group 'domadm' (using smbgroupedit) to
'Domain Admins'. In my /etc/group, I have:

domadm: smbadmin

... and smbadmin is a user in the LDAP tree. I've confirmed that I can
successfully map a share on the samba server using smbadmin.

I tried to join my samba domain (it's a Win2k box) and I get prompted
for a login/password of a user that has enough privileges to join the
domain. I entered 'smbadmin' and the password and I get 'Access is
denied'. I noticed in the logs that it tries various combinations of the
name 'smbadmin' before giving up with this error:

Get_Pwnam didn't find a valid username!

The combinations are uppercase/lowercase. The username is
DOMAIN\smbadmin though. Shouldn't it just be 'smbadmin' ?

Should it be auto-creating the computer account in the LDAP tree when I
try to join the domain or should I be creating the computer account
manually?

Thanks in advance!

Regards,

Gonzalo.


> > I've had Samba 2.2.x working with LDAP but I guess things have changed
> > in 3.0.
> 
> Yes, I have changed a few things.  We may change them again - if I can come 
> up with a better way to express this stuff.
> 
> Andrew Bartlett