[Samba] Second Post: Unable to add user with Samba 2.2.7 - LDAP - PDC

Buchan Milne bgmilne at cae.co.za
Thu Jan 16 17:16:00 GMT 2003


> Message: 5
> From: "Matthieu Turpault" <matthieu.turpault at comelis.fr>
> To: "Samba" <samba at lists.samba.org>
> Date: Thu, 16 Jan 2003 11:27:30 +0100
> Subject: [Samba] Second Post: Unable to add user with Samba 2.2.7 - LDAP - PDC
> 
> Hello,
> 
> 	I did not have any response of my first mail. Perhaps I did not be enough
> clear:
> 
> 		Since I have installed the latest version of samba (2.2.7), I can't see
> user of my domain with the Win2K User management console. I have try to
> change several attribute in my user ( in particular acctFlags ) but I cannot
> manage with making my system works.
> 

(BTW, are you using RPMs or not? If so, which ones please?).

> Do you have any idea ?
> 

See below ...

> Thanks in advance
> 
> Matthieu Turpault
> 
> Appendice:
> 	- a sample of a user in my LDAP directory
> 	- my first post
> 
> -----------------------------------------------------------
> 
> =====================================================
> A sample of a user in my LDAP directory:
> =====================================================
> 
> dn: uid=mat,ou=users,o=comelis
> loginShell: /bin/bash
> objectClass: cmlsPerson
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: sambaAccount
> objectClass: account
> objectClass: posixAccount
> objectClass: top
> objectClass: qmailUser
> sn: Turpault
> gecos: Matthieu Turpault
> mail: matthieu.turpault at comelis.fr
> qmailGID: 100
> givenName: Matthieu
> uidNumber: 1002
> homeDirectory: /homes/matthieu
> pwdLastSet: 1042190742
> logonTime: 0
> logoffTime: 2147483647
> kickoffTime: 2147483647
> pwdCanChange: 0
> pwdMustChange: 2147483647
> displayName: Matthieu Turpault
> cn: Matthieu Turpault
> rid: 998
> primaryGroupID: 999
> acctFlags:: IFtVWCAgICAgICAgIF0=       ( ie [UX      ] )
> gidNumber: 100
> uid: mat
> 
[...]


> 
> -------------- my smb.conf --------------------
> [global]
>     workgroup = MDKGROUP
>     server string = Samba Server %v
>     log file = /var/log/samba/log.%m
>     max log size = 5000
>     security = user
>     encrypt passwords = yes
>     ldap admin dn = "cn=manager,id=1"
Should this not be something like 'ldap admin dn =
"cn=manager,o=comelis"? Or does :

$ ldapsearch -x -h ldap.comelis.fr -D "cn=manager,id=1" -W "(uid=mat)"

work for you (with the password you have added to samba with 'smbpasswd
-w <password> when prompted)?

>     ldap server = ldap.comelis.fr
>     ldap ssl = off
>     ldap port = 389
>     ldap suffix = "id=1"
As above, I think this needs to be "o=comelis", unless the following
works for you:
$ ldapsearch -x -h ldap.comelis.fr -b "id=1" "(uid=mat)"
>     ldap filter = "(&(uid=%u)(objectclass=sambaAccount))"
>     unix password sync = Yes
>     passwd program = /usr/share/samba/scripts/smbldap-passwd.pl %u
>     passwd chat = *New*password*:* %n\r *Retype*new*password*:* %n\r
> *all*authentication*tokens*updated*successfully*

We use 'pam password change = yes" and have pam_ldap in the passwd
section on /etc/pam.d/samba instead.

Buchan

-- 
|--------------Another happy Mandrake Club member--------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7




More information about the samba mailing list