[Samba] Samba3 & LDAP Can't join domain with Win2k Pro

Jean-Marc Pouchoulon jean-marc.pouchoulon at ac-montpellier.fr
Tue Oct 21 21:57:35 GMT 2003


So when i create an user account with the script from IdealX
(smbldap-useradd.pl), i can log with this user on my Linux Box it's
but if i want to use this account on Samba Network i have to create the
account in /etc/passwd  with useradd ?

use pdbedit -a username to add samba attribute to the user ( the user
must exist in the backend - ldap for me ). 

So i have to create a root account too in my Ldap ? And an Administrator
Account in my /etc/passwd ?

Have a look at http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html

In the [SAMBA_3_0] and [HEAD] only a few basic entries are required:
nobody and administrator BUT an account with uidNumber=0 (root or
administrator) MUST  be present if you need add XP/W2K ws. The reason:
an administrative account is demanded in the ws side in the join
process, and that account must have a uidNumber=0 in the unix world. 

Remember that in the ldapsam backend the rid mapping is algorthmic
based: rid='2*uidNumber+1000' and primaryGroup='2*uidNumber+100+1', so a
root or any administrative account must have a rid of 1000, and a
sambaSID like: 

sambaSID: S-1-5-21-298858960-1863792627-3661451959-1000
sambaPrimaryGroupSID: S-1-5-21-298858960-1863792627-3661451959-1001

The root/administrator (uidNumber=0) SHOULD be present in the NT's
Admins group (rid=512). 



More information about the samba mailing list