[Samba] using LDAP and PDC together

Yura Pismerov ypismerov at tucows.com
Fri Sep 6 13:36:42 GMT 2002 

Andrew Bartlett wrote:
> 
> Louis-David Mitterrand wrote:
> >
> > On Fri, Sep 06, 2002 at 04:56:57AM +0000, abartlet at dp.samba.org wrote:
> > > On Fri, Sep 06, 2002 at 12:32:48AM -0400, Terry Katz wrote:
> > > > So i dug deeper and looked at the logs, this is what I found:
> > > >
> > > > [2002/09/06 00:19:23, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(422)
> > > >    ldapsam_search_one_user: searching
> > > > for:[(&(uid=)(objectclass=sambaAccount))]
> > > > [2002/09/06 00:19:23, 2] auth/auth.c:check_ntlm_password(273)
> > > >    check_password:  Authentication for user [] -> [] FAILED with error
> > > > NT_STATUS_NO_SUCH_USER
> >
> > Exactly my problem as well.
> >
> > > You must put the guest user (RID 501 I think) into ldap, or run 'unixsam' to
> > > get it via smb.conf's 'guest account' and the system getpw* calls.
> > >
> > > Without a guest account, the system cannot operate correctly.  Furthermore,
> > > the guest account is used by the Workstation in the user authenticaion
> > > process.
> >
> > Thanks you! The nobody (== guest) account existed in ldap but hadn't had
> > a samaAccount added to it. Using pdbedit (just discovered that handy
> > tool) to import all smbpasswd info into ldap it now works fine.
> >
> > Although the latest PDC-LDAP howto
> > http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html implies that an
> > Administrator account is necessary my setup works without one. Why is
> > that account needed?
> 
> It isn't.  But if you want to add 'root' with rid 500 (I think that's
> it) then it might make NT/Win2k a little happier.  From time to time,
> NT/Win2k seems to query some 'well known' users - I don't know why, but
> I had to add the guest-must-be-in-passdb stuff for this reason


	Actually, anu user that is listed in admin users (hence has root
privileges)
and that has the mentioned rid will suffice. I don't thin adding root is
a good idea...

> 
> Andrew Bartlett
> 
> --
> Andrew Bartlett                                 abartlet at pcug.org.au
> Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
> Student Network Administrator, Hawker College   abartlet at hawkerc.net
> http://samba.org     http://build.samba.org     http://hawkerc.net
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list