[Samba] samba 3.0 - ldap - pdc

Stéphane Purnelle stephane.purnelle at tiscali.be
Mon Dec 29 15:10:17 GMT 2003

Wolfgang Pichler a écrit :

>thanx for this fast reply
>at http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html#smbpasswd there
>is documented that
>Example for  (-a )dd a new  (-m)achine named icb$ with debug  (-D )  set
>to 256:
>./bin/smbpasswd  -m -a icb$ -D 256
>this command is needed to add a machine to my PDC - but there isn't
>mentioned that i first have to create an user account with the same name
>(which doesn't seems to be logically to me). The aboce command should
>create the account (or i am wrong?)
>Am Mo, den 29.12.2003 schrieb Stéphane Purnelle um 15:51:
>>Wolfgang Pichler a écrit :
>>>hi all,
>>>i am actually trying to get samba 3.01 (on SLES 8.0) working as PDC with
>>>the ldap backend. I have already configured nsswitch to also use ldap
>>>for groups and passwords (the root user is still in the /etc/passwd file
>>>- i can't imagine that putting the root user into openldap is a really
>>>good idea).
>>>There is one sentence in the howto
>>>which i don't understand complete - "Remember that if you need  join a
>>>XP to the domain, an uidNumber=0 account is ALSO required (ie
>>>Administrator or root accounts)." - should this mean that i need (when
>>>i'd like to join XP's - not win2k?) to add the objectClass posixaccount
>>>to the Administrator entrie with the uidNumber 0 ? - If this is so -
>>>doesn't this collidates then with the root user in the /etc/passwd file
>>>There is also another thing - I've triied to add a workstation with:
>>>"smbpasswd -a -m nomicro$ -D 256" - then i got this:
>>>some messages about connecting...
>>>The LDAP server is succesful connected
>>>pdb backend ldapsam has a valid init
>>>Attempting to find an passdb backend to match guest (guest)
>>>Found pdb backend guest
>>>pdb backend guest has a valid init
>>>smbldap_search_suffix: searching
>>>smbldap_open: already connected to the LDAP server
>>>ldapsam_getsampwnam: Unable to locate user [nomicro$] count=0
>>>Finding user nomicro$
>>>Trying _Get_Pwnam(), username as lowercase is nomicro$
>>>Trying _Get_Pwnam(), username as uppercase is NOMICRO$
>>>Checking combinations of 0 uppercase letters in nomicro$
>>>Get_Pwnam_internals didn't find user [nomicro$]!
>>>Failed to initialise SAM_ACCOUNT for user nomicro$.
>>>Failed to modify password entry for user nomicro$
>>>this looks like it is searching for the user so that it can alter his
>>>password - but i wanted to add the user not to alter the password, so
>>>what is here wrong.
>>>and, the relevant parts from my smb.conf
>>>       workgroup = DIALOG-TELEKOM
>>>       netbios name = ZION
>>>       comment = Dialog PDC
>>>       security = user
>>>       null passwords = Yes
>>>       encrypt passwords = yes
>>>       logon drive = U:
>>>       logon path = \\%N\profiles\%g
>>>       domain master = yes
>>>       domain logons = yes
>>>       preferred master = yes
>>>       os level = 255
>>>       wins support = yes
>>>       public = No
>>>       browseable = No
>>>       writable = No
>>>       debug level = 255
>>>       # ldap parameters
>>>       passdb backend = ldapsam
>>>       ldap admin dn   = "cn=administrator,dc=dialog-telekom,dc=at"
>>>       ldap suffix     = dc=dialog-telekom,dc=at
>>>       ldap machine suffix     = ou=computers
>>>       ldap user suffix        = ou=people
>>>       ldap ssl = No
>>>       ldap delete dn = no
>>>hope this arn't stupid questions ;-)
>>>have a nice day
>>Have you created the account nomicro ?
>>smbuseradd -w nomicro
Could you see in your LDAP tree is you are a nomicro$$, samba add the 
'$' directly.

More information about the samba mailing list