Update [Samba] root can't login to smb-ldap-pdc

Chris McKeever cgmckeever at prupref.com
Sun May 25 16:29:16 GMT 2003

> On Sat, 2003-05-24 at 18:08, Chris McKeever wrote:
> > are your other root related samba functions working correctly?
> > such as smbpasswd -a USERNAME?
> Yep,
> The ldap story is all ok, i can add and login any new user. The ldap
> directory is correctly populated for root afaik, there are the same
> password hashes in there as for my test machine and ldap pam works
> > just wondering if you did the smbpasswd -w PASSWORD 
> > for the root account.
> Yes, rootdn password is stored in secrets.tdb
> > Shot in the dark here - since the root samba pasword is 
> stored in a secrets
> > file, maybe there isnt one in the LDAP, and therefore your 
> get your error.
> > Maybe run smbpasswd for the root (without the -w) so it 
> populates the LDAP
> > directory.
> Password hashes are in place as a said before.
> > try a search using your ldap rootdn for the 
> ntPassword,lmPassword of the
> > root user..
> No problem, as rootdn or as user root, I get all entries from 
> user root.
> And as I said before normal users can login.
> Thanks for your suggestions, but I have a feeling it's got 
> something to
> do with not being able to su root not because of the password but
> because of some permission or security setting but I can not 
> figure out
> what.
> So I put the log level a bit higher. Now there seems to be a new check
> in username.c against a list root instead of list. Root is in 
> that list
> and so samba makes me guest. When I login as administrator 
> I am accepted just like in the 2.2.6 samba which checks against list,
> not list root. Has this got something to do with the root 
> exploit fixed
> in 2.2.8a?
> Do I have to make some administrator able to have write priviliges in
> /var/lib/samba so it can add computers or am I completely wrong?

have me stumped (which is really easy), but to allow administrator to add
machines on my implementation, I used domain admin group in the smb.conf

> Thanks in advance,
> Regards
> Bas

More information about the samba mailing list