[Samba] smbpasswd and LDAP

Markus Amersdorfer markus.amersdorfer at aon.at
Fri Aug 1 07:26:21 GMT 2003

On Sat, 26 Jul 2003 12:38:12 +0700
Beast <beast at setuid.com> wrote:


> Is it possible to use smbpasswd command to add necessary objectclasses
> and attributes to existing ldap entries which contain only posix
> account??

Yes, it should work.

> I got invalid DN syntax when adding smbuser using smbpasswd :
> -----
> [root at potato root]# smbpasswd -a beast
> New SMB password:
> Retype new SMB password:
> failed to add domain dn= sambaDomainName=DJKT,dc=mydomain,dc=com with:
> Invalid DN syntax
>         invalid DN
> Adding domain info for DJKT failed with NT_STATUS_UNSUCCESSFUL
> failed to add user dn= uid=beast,ou=people,"dc=mydomain,dc=com" with:
> Invalid DN syntax
>         invalid DN
> failed to modify/add user with uid = beast (dn =
> uid=beast,ou=people,"dc=mydomain,dc=com") Failed to add entry for user
> beast. Failed to modify password entry for user beast
> ----
> I have necessary ldap entry under
> ou=people,ou=mysite,dc=mydomain,dc=com.

Your LDAP entries really are at "ou=, ou=, dc=, dc="? This setup is not
a "standard" setup (which holds people in
"ou=People,dc=mydomain,dc=net". You'll have to tell Samba about where to
search for your Users using smb.conf's option "ldap suffix".
Here are my LDAP-settings in smb.conf:

  # Without SSL:
  ldap admin dn = cn=manager,dc=mydomain,dc=net
  ldap server = ldap.mydomain.net
  ldap suffix = ou=People,dc=mydomain,dc=net

  # Plus these options for SSL support:
  #ldap port = 636
  #ldap ssl = on


The first time any man's freedom is trodden on, we're all damaged.
                       <Cpt. Picard, "The Drumhead", StarTrek TNG>


More information about the samba mailing list