[Samba] Second Post: Unable to add user with Samba 2.2.7 - LDAP - PDC

[Matthieu Turpault]

Thanks for the answer

> (BTW, are you using RPMs or not? If so, which ones please?).

I use the RPM samba-common-ldap-2.2.7-1.1mdk, samba-server-ldap-2.2.7-1.1mdk
and samba-client-2.2.7-1.1mdk.

> > [global]
> >     workgroup = MDKGROUP
> >     server string = Samba Server %v
> >     log file = /var/log/samba/log.%m
> >     max log size = 5000
> >     security = user
> >     encrypt passwords = yes
> >     ldap admin dn = "cn=manager,id=1"
> Should this not be something like 'ldap admin dn =
> "cn=manager,o=comelis"? Or does :
>
> $ ldapsearch -x -h ldap.comelis.fr -D "cn=manager,id=1" -W "(uid=mat)"
>
> work for you (with the password you have added to samba with 'smbpasswd
> -w <password> when prompted)?

Yes, it does ! My base dn is "id=1".

> >     ldap server = ldap.comelis.fr
> >     ldap ssl = off
> >     ldap port = 389
> >     ldap suffix = "id=1"
> As above, I think this needs to be "o=comelis", unless the following
> works for you:
> $ ldapsearch -x -h ldap.comelis.fr -b "id=1" "(uid=mat)"

See above.

> >     ldap filter = "(&(uid=%u)(objectclass=sambaAccount))"
> >     unix password sync = Yes
> >     passwd program = /usr/share/samba/scripts/smbldap-passwd.pl %u
> >     passwd chat = *New*password*:* %n\r *Retype*new*password*:* %n\r
> > *all*authentication*tokens*updated*successfully*
>
> We use 'pam password change = yes" and have pam_ldap in the passwd
> section on /etc/pam.d/samba instead.

But I *can* log with a user, i.e. a valid credential stored in the
directory. My computer *can* contact the PDC... and it worked with
samba-common-ldap-2.2.3a-10mdk..

I *really* don't understand

Matthieu