[Samba] samba 3.0 - ldap - pdc

John H Terpstra jht at samba.org
Mon Dec 29 17:00:10 GMT 2003


Wolfgang,

What script are you calling, and with what parameters for "add user
script" and "add machine script"?

If you do not have them you will have the exact problem you have reported.

Cheers,
John T.

On Mon, 29 Dec 2003, Wolfgang Pichler wrote:

> hi all,
>
> i am actually trying to get samba 3.01 (on SLES 8.0) working as PDC with
> the ldap backend. I have already configured nsswitch to also use ldap
> for groups and passwords (the root user is still in the /etc/passwd file
> - i can't imagine that putting the root user into openldap is a really
> good idea).
>
> There is one sentence in the howto
> (http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html#create_ldap_recs)
> which i don't understand complete - "Remember that if you need  join a
> XP to the domain, an uidNumber=0 account is ALSO required (ie
> Administrator or root accounts)." - should this mean that i need (when
> i'd like to join XP's - not win2k?) to add the objectClass posixaccount
> to the Administrator entrie with the uidNumber 0 ? - If this is so -
> doesn't this collidates then with the root user in the /etc/passwd file
> ?
>
> There is also another thing - I've triied to add a workstation with:
> "smbpasswd -a -m nomicro$ -D 256" - then i got this:
> -----------
> some messages about connecting...
> The LDAP server is succesful connected
> pdb backend ldapsam has a valid init
> Attempting to find an passdb backend to match guest (guest)
> Found pdb backend guest
> pdb backend guest has a valid init
> smbldap_search_suffix: searching
> for:[(&(uid=nomicro$)(objectclass=sambaSamAccount))]
> smbldap_open: already connected to the LDAP server
> ldapsam_getsampwnam: Unable to locate user [nomicro$] count=0
> Finding user nomicro$
> Trying _Get_Pwnam(), username as lowercase is nomicro$
> Trying _Get_Pwnam(), username as uppercase is NOMICRO$
> Checking combinations of 0 uppercase letters in nomicro$
> Get_Pwnam_internals didn't find user [nomicro$]!
> Failed to initialise SAM_ACCOUNT for user nomicro$.
> Failed to modify password entry for user nomicro$
> ------
>
> this looks like it is searching for the user so that it can alter his
> password - but i wanted to add the user not to alter the password, so
> what is here wrong.
>
> and, the relevant parts from my smb.conf
> -------------
> [global]
>         workgroup = DIALOG-TELEKOM
>         netbios name = ZION
>         comment = Dialog PDC
>         security = user
>         null passwords = Yes
>         encrypt passwords = yes
>         logon drive = U:
>         logon path = \\%N\profiles\%g
>         domain master = yes
>         domain logons = yes
>         preferred master = yes
>         os level = 255
>         wins support = yes
>         public = No
>         browseable = No
>         writable = No
>         debug level = 255
>         # ldap parameters
>         passdb backend = ldapsam
>         ldap admin dn   = "cn=administrator,dc=dialog-telekom,dc=at"
>         ldap suffix     = dc=dialog-telekom,dc=at
>         ldap machine suffix     = ou=computers
>         ldap user suffix        = ou=people
>         ldap ssl = No
>         ldap delete dn = no
> -----------
>
> hope this arn't stupid questions ;-)
>
> have a nice day
> wolfi
>
>

-- 
John H Terpstra
Email: jht at samba.org


More information about the samba mailing list