[Samba] Problem w/ Samba 3 & LDAP
ted at ness.plymouth.edu
Thu Apr 1 14:19:58 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Thanks for the response, but the odd thing is that both had the same set of
parameters in the LDAP. I took your advice and added some other parameters
to the LDAP for a non working entry... Same result.
Example LDIF (Working):
dn: uid=newuser, ou=People, dc=plymouth,dc=edu
sambaAcctFlags: [U ]
displayName: New User
Example LDIF (NOT WORKING)
dn: uid=notworking, ou=People, dc=plymouth,dc=edu
sambaAcctFlags: [U ]
displayName: Not Working
Any ideas? I can map to the home share without difficulty... It is only a
problem when doing a domain logon. If I delete the LDAP entry and do the
(smbpasswd -a) from the command line, the entries look identical. The only
difference is one works and the other does not. Is there another place
where info is recorded? In the LDAP? in a TDB file?
>On Wed, 2004-03-31 at 12:47, Ted Wisniewski wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> Here is a description of what I am trying to do (with Samba 3.0.2a &
>> I have all my users populated into the LDAP with all the applicable
>> attributes; Users can map drives to a server using LDAP as the
>> authentication backend without issue.
>> Where I am running into problems is bringing up a PDC using Samba w/LDAP.
>> * I added the appropriate machine accounts (using smbpasswd -a -m) and was
>> able to join the domain.
>> * Any user in the pre-populated LDAP cannot log in, however, any user I add
>> the LDAP from the machine with Samba running on it CAN log in properly.
>> If I delete the original entry from the LDAP, add a new on via (smbpasswd
>> then the user can log in. This works, but is ultimately not scalable...
>> can then place the original LDAP entry back in place and they can log in...
>> Just as long as the password for the account is not changed.
>> I am sure there is something I am missing, but I cannot see it for the life
>> me. The odd thing is, that in the log.smbd, I get odd errors about
> a socket, but only for the users that have not been added by the local
> "smbpasswd" command. They are both in the same LDAP. Any help would be
> greatly appreciated.
- -- SNIP --
> Global section of smb.conf
it appears that the 'non-functional' user doesn't have the domain
attribute set (or at least set properly).
ldapsearch -x -h whateverhost -D 'rootbinddn' -W '(uid=non-functional)'
ldapsearch -x -h whateverhost -D 'rootbinddn' -W '(uid=functional)'
and the functional users will have attributes such as sambaDomainName
properly set that the non-functional's do not.
| Ted Wisniewski E-Mail: ted at mail.plymouth.edu |
| Manager, Systems Group WEB: http://oz.plymouth.edu/~ted/ |
| Information Technology Services |
| Plymouth State University Phone: (603) 535-2661 |
| Plymouth NH, 03264 Fax: (603) 535-2263 |
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
-----END PGP SIGNATURE-----
More information about the samba