[Samba] using LDAP and PDC together

Bradley W. Langhorst brad at langhorst.com
Thu Sep 5 18:00:01 GMT 2002

On Thu, 2002-09-05 at 10:46, Louis-David Mitterrand wrote:
> Hello,
> I am in the process of migrating to
> passdb backend = ldapsam
> on debian unstable with the latest 3.0pre samba package. 
> All users have a ldap sambaAccount object which was added by hand after
> using migrationtools from padl.com. Testing auth with smbclient works
> fine, however when using samba as a PDC from WinXP I can't log into the
> domain as I used to when "passdb backend = smbpasswd". However adding
> the machine to the domain seems to work.
when? during the install or after?
you may need to set use spnego= no in your smb.conf (if your use pre18
or earlier)
I assume you applied the signorseal reg patch to the clients since you
mention that using a different backend works for you.
> I haven't dug very deep into the problem, at this point I am just
> wondering if there is any known issue with using LDAP and PDC
> functionalities together?
i'm using this with no problems 
> Also in the sambaAccount ldap object I noticed a mandatory "rid" field.
> What does relative id mean? I populated the rid's with unix id's, is it
> a good or bad idea?
a bad idea - i think they're supposed to be unique from unix uid
try making them unique (the old formula is 1000+uid*2)

here is an entry from my ldap db:

dn: uid=lauelab,ou=People,dc=bitc,dc=unh,dc=edu
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: sambaAccount
userPassword:: passwd here
shadowLastChange: 11715
shadowMax: 99999
loginShell: /bin/bash
gidNumber: 100
homeDirectory: /home/lauelab
gecos: generic lab user
uidNumber: 4491
uid: lauelab
pwdLastSet: 1027535857
logonTime: 0
logoffTime: 2147483647
kickoffTime: 2147483647
pwdCanChange: 0
pwdMustChange: 2147483647
displayName: generic lab user
cn: generic lab user
rid: 9982
primaryGroupID: 1201
lmPassword: lm hash here
ntPassword: nt hash here
acctFlags: [U          ]

it was a bit of a hassle getting this set up but i'm pretty happy with
the reliablity and ease of adding new applications that authenticate
against the common password db. (ie phpgroupware)

good luck!


More information about the samba mailing list