[Samba] Followed John's book, frustrating smbldap-problem

Rolf A. Vaglid rolf at qt-developer.org
Sun Dec 12 23:40:27 GMT 2004

Hi all, Im having a hard time figuring whats wrong with my Samba-ldap 
setup. I hope somebody may point out the error.

I've set it up according to John H. Terpstra's excellent "Samba 3 by 
example". This book is also availible from samba.org, and chapter I'm 
referencing is this: 

I followed the book character by character, and it seemed to work.
I added two test-users, elev1 and elev2 by doing 'smbldap-useradd -m -a 
elev1; smbldap-passwd elev1; smbpasswd -a elev1'. Everything worked 
fine. I put elev1 in the 'Domain Admins' group to allow him to add 
computers to the domain. Worked fine. I tried adding more users, but now 
something is very wrong. I may have tampered a little, but I have no 
clue to what's wrong.

If I try logging on an Windows 2000 machinge with one of the new users,
the logs says nothings wrong, but i still cant log on. Strange

"check_ntlm_password:  authentication for user [mhervik] -> [mhervik] -> 
[mhervik] succeeded"

If i do a "smbclient //FILSERVER/netlogon -Umhervik", still no error, 
everything seems to be just fine:

tkelev:/tmp/smbldap # smbclient //FILSERVER/netlogon -Umhervik
Domain=[ELEV] OS=[Unix] Server=[Samba 3.0.7-5.2-SUSE]
smb: \>

As you see, authentication works fine, just not on the Win2000-clients.
May this have something to do with machine trust accounts?

To keep this email as short as possible, I've uploaded the needed log- 
and conf-files (log-level 4) to http://www.tysvernett.no/smbldap/, 
please give it a look and I'll buy you a beer if we meet :)

Distribution: SuSE 9.2
Clients: Windows 2000

More information about the samba mailing list