[Samba] Samba + LDAP problem...

Collins, Kevin KCollins at nesbittengineering.com
Fri Jun 13 18:30:06 GMT 2003

On Friday, June 13, 2003 1:44 PM, Bruno Gimenes Pereti wrote:
> Hi Kevin,

Hi Bruno, and thanks for responding...

> > Below are some files that I think are pertinent.  The
> > /etc/openldap/ldap.conf, /etc/openldap/slapd.conf 
> /etc/samba/smb.conf, the
> > base.ldif that is from the IDEALX.org HOWTO.
> >
> > I'm hoping that someone with much more experience than me 
> will be able to
> > help me.
> I´m not so experience but I think you forgot one thing. Do 
> you have this:
> passwd:     files ldap
> shadow:     files ldap
> group:      files ldap
> in your /etc/nsswitch.conf and this:
> auth        required      /lib/security/pam_env.so
> auth        sufficient    /lib/security/pam_unix.so likeauth nullok
> auth        sufficient     use_first_pass
> auth        required      /lib/security/pam_deny.so
> account     sufficient     /lib/security/pam_ldap.so
> account     required      /lib/security/pam_unix.so
> password    required      /lib/security/pam_cracklib.so retry=3
> password    sufficient    /lib/security/pam_unix.so nullok 
> use_authtok md5
> shadow
> password    sufficient     /lib/security/pam_ldap.so
> password    required      /lib/security/pam_deny.so
> session     required      /lib/security/pam_limits.so
> session     sufficient      /lib/security/pam_ldap.so
> session     required      /lib/security/pam_unix.so
> in /etc/pam.d/system-auth?
> In redhat you can do this with authconfig.

I did have these set, as I used 'authconfig' to generate the PAM/LDAP

What I didn't have (but do now) is some settings in /etc/ldap.conf.  Those
that look like nns_base_passwd, nss_base_shadow, and nss_base_group or very
similar.  I have those set now, and the error message that I'm getting is

On the Windows 2000 machine when I join the domain, I get:

"The account used is a computer account.  Use your global user account, or
local user account to access this server."

It almost sounds like the "administrator" account is misconfigured and is
appearing to Windows as a computer account instead of a user account.  Have
you heard of this happening before?

I used 'smbldap-useradd.pl -a -m -g 200 administrator' to add the
"administrator" account after I had LDAP up and running.

Thanks again for your input.

Kevin L. Collins, MCSE
Systems Manager
Nesbitt Engineering, Inc.

More information about the samba mailing list