[Samba] Samba 3.0 PDC+LDAP Help in Fedora Core 1

Jason P Holland jholland at cs.selu.edu
Fri Jan 9 20:08:29 GMT 2004 

Hello,

I am hoping someone will offer some help.  I'm currently trying to setup a
samba 3 PDC with LDAP authentication backend in Fedora core 1.  I've read
loads of documentation, including

http://www.hilinski.net/samba/ldap_PDC_samba.doc
http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html
http://samba.idealx.org/samba-ldap-howto.pdf

As well as tons of posts in the mailing list archives, but I still cannot
get this combination to work.

As for the setup, I've installed Openldap 2.1.22, Samba 3.0.0,
smbldap-tools-0.8.2.  I've run smbpasswd -w to add my slapd.conf password
to the secrets.tdb file.  I've setup smbldap_conf.pl with my correct SID
and ldap dn.  I've populated my ldap database using smbldap-populate.pl,
everything shows up correctly.  I've gone in to the ldap db and fixed
roots uid and gid as well as its sambaSID so that it can act as
administrator.  As far as I can tell, its setup correctly.

However, when I go to join a W2k Workstation client, I get "The user name
could not be found.".  Thats using root-testing combination from my config
files.  Samba does automatically create the machine account, that looks
fine.  But it refuses to join the machine.  Yes, I'm aware of the registry
hack for XP,W2K machines, and that has also been changed.


The weird thing is from that client, who I cannot join, I can view shares
on the PDC using root-testing user pass combination, so I know the
authentication is working correctly through ldap.  So what does that
user name not found error really mean?

Does anyone see anything obviously wrong in my config files that would
cause this?  I've cut them into the post below.  I would appreciate any
help as I'm just tired of reading and just can't seem to get past adding
a machine.  Thanks for any help...

Jason


--- begin ldap.conf ----

HOST 127.0.0.1
BASE dc=test,dc=edu

---- end ldap.conf ----


--- begin slapd.conf ----

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/samba.schema

pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
database bdb
suffix "dc=test,dc=edu"
rootdn "cn=root,dc=test,dc=edu"
rootpw testing

directory /var/lib/ldap
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUid eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub

---- end slapd.conf ----


---- begin smb.conf ----
[global]
passdb backend = ldapsam
ldap suffix = "dc=test,dc=edu"
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = "cn=root,dc=test,dc=edu"
ldap ssl = no
idmap backend = ldap:ldap://127.0.0.1
passwd chat debug = Yes
passwd program =/usr/local/sbin/smbldap-passwd.pl -o %u
passwd chat = *new*password* %n\n *new*password:* %n\ *successfully*
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add machine script = /usr/local/sbin/smbldap-useradd.pl -w %m
add user script = /usr/local/sbin/smbldap-useradd.pl -a %u
delete user script = /usr/local/sbin/smbldap-userdel.pl %u
add group script = /usr/local/sbin/smbldap-groupadd.pl %g
delete group script = /usr/local/sbin/smbldap-groupdel.pl %g
add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m %u %g
delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x %u %g
set primary group script = /usr/local/sbin/smbldap-usermod.pl -G %g %u
workgroup = TEST
netbios name = donald
comment = test samba pdc
security = user
null passwords = yes
encrypt passwords = yes
logon script=logon.bat
logon drive =
logon path =
domain master = yes
domain logons = yes
preferred master = yes
os level = 33
wins support = yes
wins proxy = no
log file = /var/log/samba/%m.log
public = No
browseable = yes
writable = No

; necessary share for domain controller
[netlogon]
path = /netlogon
locking = no
read only = yes
write list = ntadmin

;test share
[tmp]
writeable = yes
public = yes
path = /tmp

[profiles]
path = /profiles
read only = no
writeable = yes
create mask = 0600
directory mask = 0700

---- end smb.conf ---

More information about the samba mailing list