[Samba] Samba (--with-ldapsam) and replication LDAP-Server

Hoetzel, Juergen hoetzel at cyperfection.de
Tue May 6 13:28:25 GMT 2003


I try to configure Samba using the ldap-Backend. Users can authenticate against the
PDC (i have imported the users with the "import_smbpasswd.pl" script). But i can 
not add a machine accounts to the domain, because the available LDAP-Server in the network
is a Read-Only Replication Server (openldap 2.0.x). The Read/Write Ldap-Server is not accessable from this

This Server (www05) tries to join:
[root at www05 /root]# smbpasswd -D 1 -j DOMAIN -r PDC -U administrator%password
session setup ok
Domain=[DOMAIN] OS=[Unix] Server=[Samba 2.2.8a]
error setting trust account password: NT_STATUS_ACCESS_DENIED

This is the Logfile on the Server:
[2003/05/05 18:07:52, 0] passdb/pdb_ldap.c:ldap_connect_system(316)
  ldap_connect_system: Binding to ldap server as "cn=root,LDAP_BASE"
[2003/05/05 18:07:52, 0] passdb/pampass.c:smb_pam_passchange(865)
  smb_pam_passchange: PAM: Password Change Failed for user www05$!

The user www05$ exists in the ldap tree:

dn: uid=www05$, LDAP_BASE
sn: www05$
userPassword:: SECRET
loginShell: /bin/false
uidNumber: 13020
gidNumber: 10000
uid: www05$
objectClass: top
objectClass: posixAccount
objectClass: sambaAccount
cn: www05 Server
homeDirectory: /dev/null
rid: 27040
lmPassword: SECRET
ntPassword: SECRET
acctFlags: [UX         ]
pwdLastSet: 1052150140

Is it possible to store machine accounts in the local filesystems and users in the LDAP-Tree. This would be a perfect solutions for me.


Cyperfection - agentur für neue medien gmbh

Jürgen Hötzel
hoetzel at cyperfection.de

Karl-Kraemer-Str. 4 - 67061 Ludwigshafen
fon: 0621/587104-36 - fax: 0621/587104-90 

Anfahrt - http://www.cyperfection.de/Anfahrt/


More information about the samba mailing list