[Samba] using LDAP and PDC together
Bradley W. Langhorst
brad at langhorst.com
Thu Sep 5 18:00:01 GMT 2002
On Thu, 2002-09-05 at 10:46, Louis-David Mitterrand wrote:
> I am in the process of migrating to
> passdb backend = ldapsam
> on debian unstable with the latest 3.0pre samba package.
> All users have a ldap sambaAccount object which was added by hand after
> using migrationtools from padl.com. Testing auth with smbclient works
> fine, however when using samba as a PDC from WinXP I can't log into the
> domain as I used to when "passdb backend = smbpasswd". However adding
> the machine to the domain seems to work.
when? during the install or after?
you may need to set use spnego= no in your smb.conf (if your use pre18
I assume you applied the signorseal reg patch to the clients since you
mention that using a different backend works for you.
> I haven't dug very deep into the problem, at this point I am just
> wondering if there is any known issue with using LDAP and PDC
> functionalities together?
i'm using this with no problems
> Also in the sambaAccount ldap object I noticed a mandatory "rid" field.
> What does relative id mean? I populated the rid's with unix id's, is it
> a good or bad idea?
a bad idea - i think they're supposed to be unique from unix uid
try making them unique (the old formula is 1000+uid*2)
here is an entry from my ldap db:
userPassword:: passwd here
gecos: generic lab user
displayName: generic lab user
cn: generic lab user
lmPassword: lm hash here
ntPassword: nt hash here
acctFlags: [U ]
it was a bit of a hassle getting this set up but i'm pretty happy with
the reliablity and ease of adding new applications that authenticate
against the common password db. (ie phpgroupware)
More information about the samba