[Samba] samba 3.0 - ldap - pdc

Wolfgang Pichler madmin at dialog-telekom.at
Mon Dec 29 14:48:40 GMT 2003 

hi all,

i am actually trying to get samba 3.01 (on SLES 8.0) working as PDC with
the ldap backend. I have already configured nsswitch to also use ldap
for groups and passwords (the root user is still in the /etc/passwd file
- i can't imagine that putting the root user into openldap is a really
good idea).

There is one sentence in the howto
(http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html#create_ldap_recs)
which i don't understand complete - "Remember that if you need  join a
XP to the domain, an uidNumber=0 account is ALSO required (ie
Administrator or root accounts)." - should this mean that i need (when
i'd like to join XP's - not win2k?) to add the objectClass posixaccount
to the Administrator entrie with the uidNumber 0 ? - If this is so -
doesn't this collidates then with the root user in the /etc/passwd file
?

There is also another thing - I've triied to add a workstation with:
"smbpasswd -a -m nomicro$ -D 256" - then i got this:
-----------
some messages about connecting...
The LDAP server is succesful connected
pdb backend ldapsam has a valid init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
smbldap_search_suffix: searching
for:[(&(uid=nomicro$)(objectclass=sambaSamAccount))]
smbldap_open: already connected to the LDAP server
ldapsam_getsampwnam: Unable to locate user [nomicro$] count=0
Finding user nomicro$
Trying _Get_Pwnam(), username as lowercase is nomicro$
Trying _Get_Pwnam(), username as uppercase is NOMICRO$
Checking combinations of 0 uppercase letters in nomicro$
Get_Pwnam_internals didn't find user [nomicro$]!
Failed to initialise SAM_ACCOUNT for user nomicro$.
Failed to modify password entry for user nomicro$
------

this looks like it is searching for the user so that it can alter his
password - but i wanted to add the user not to alter the password, so
what is here wrong.

and, the relevant parts from my smb.conf
-------------
[global]
        workgroup = DIALOG-TELEKOM
        netbios name = ZION
        comment = Dialog PDC
        security = user
        null passwords = Yes
        encrypt passwords = yes
        logon drive = U:
        logon path = \\%N\profiles\%g
        domain master = yes
        domain logons = yes
        preferred master = yes
        os level = 255
        wins support = yes
        public = No
        browseable = No
        writable = No
        debug level = 255
        # ldap parameters
        passdb backend = ldapsam
        ldap admin dn   = "cn=administrator,dc=dialog-telekom,dc=at"
        ldap suffix     = dc=dialog-telekom,dc=at
        ldap machine suffix     = ou=computers
        ldap user suffix        = ou=people
        ldap ssl = No
        ldap delete dn = no
-----------

hope this arn't stupid questions ;-)

have a nice day
wolfi

More information about the samba mailing list