[Samba] Samba 3.0 PDC+LDAP Help in Fedora Core 1
Jason P Holland
jholland at cs.selu.edu
Fri Jan 9 21:19:22 GMT 2004
Thanks for the response. Doesn't the machine account have to have a $ at
the end?? In which case the user and machine account are not the same
right?
Jason
On Fri, 9 Jan 2004, Sundaram Ramasamy wrote:
> Can you put user and computer account in the same tree.
>
> change in smb.conf
>
> ldap machine suffix = ou=User
>
> also change you smbldap_conf.pm file also.
>
>
> ----- Original Message -----
> From: "Jason P Holland" <jholland at cs.selu.edu>
> To: <samba at lists.samba.org>
> Sent: Friday, January 09, 2004 3:08 PM
> Subject: [Samba] Samba 3.0 PDC+LDAP Help in Fedora Core 1
>
>
> >
> > Hello,
> >
> > I am hoping someone will offer some help. I'm currently trying to setup a
> > samba 3 PDC with LDAP authentication backend in Fedora core 1. I've read
> > loads of documentation, including
> >
> > http://www.hilinski.net/samba/ldap_PDC_samba.doc
> > http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html
> > http://samba.idealx.org/samba-ldap-howto.pdf
> >
> > As well as tons of posts in the mailing list archives, but I still cannot
> > get this combination to work.
> >
> > As for the setup, I've installed Openldap 2.1.22, Samba 3.0.0,
> > smbldap-tools-0.8.2. I've run smbpasswd -w to add my slapd.conf password
> > to the secrets.tdb file. I've setup smbldap_conf.pl with my correct SID
> > and ldap dn. I've populated my ldap database using smbldap-populate.pl,
> > everything shows up correctly. I've gone in to the ldap db and fixed
> > roots uid and gid as well as its sambaSID so that it can act as
> > administrator. As far as I can tell, its setup correctly.
> >
> > However, when I go to join a W2k Workstation client, I get "The user name
> > could not be found.". Thats using root-testing combination from my config
> > files. Samba does automatically create the machine account, that looks
> > fine. But it refuses to join the machine. Yes, I'm aware of the registry
> > hack for XP,W2K machines, and that has also been changed.
> >
> >
> > The weird thing is from that client, who I cannot join, I can view shares
> > on the PDC using root-testing user pass combination, so I know the
> > authentication is working correctly through ldap. So what does that
> > user name not found error really mean?
> >
> > Does anyone see anything obviously wrong in my config files that would
> > cause this? I've cut them into the post below. I would appreciate any
> > help as I'm just tired of reading and just can't seem to get past adding
> > a machine. Thanks for any help...
> >
> > Jason
> >
> >
> > --- begin ldap.conf ----
> >
> > HOST 127.0.0.1
> > BASE dc=test,dc=edu
> >
> > ---- end ldap.conf ----
> >
> >
> > --- begin slapd.conf ----
> >
> > include /etc/openldap/schema/core.schema
> > include /etc/openldap/schema/cosine.schema
> > include /etc/openldap/schema/nis.schema
> > include /etc/openldap/schema/inetorgperson.schema
> > include /etc/openldap/schema/samba.schema
> >
> > pidfile /var/run/slapd.pid
> > argsfile /var/run/slapd.args
> > database bdb
> > suffix "dc=test,dc=edu"
> > rootdn "cn=root,dc=test,dc=edu"
> > rootpw testing
> >
> > directory /var/lib/ldap
> > index objectClass eq
> > index cn pres,sub,eq
> > index sn pres,sub,eq
> > index uid pres,sub,eq
> > index displayName pres,sub,eq
> > index uidNumber eq
> > index gidNumber eq
> > index memberUid eq
> > index sambaSID eq
> > index sambaPrimaryGroupSID eq
> > index sambaDomainName eq
> > index default sub
> >
> > ---- end slapd.conf ----
> >
> >
> > ---- begin smb.conf ----
> > [global]
> > passdb backend = ldapsam
> > ldap suffix = "dc=test,dc=edu"
> > ldap machine suffix = ou=Computers
> > ldap user suffix = ou=Users
> > ldap group suffix = ou=Groups
> > ldap admin dn = "cn=root,dc=test,dc=edu"
> > ldap ssl = no
> > idmap backend = ldap:ldap://127.0.0.1
> > passwd chat debug = Yes
> > passwd program =/usr/local/sbin/smbldap-passwd.pl -o %u
> > passwd chat = *new*password* %n\n *new*password:* %n\ *successfully*
> > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> > add machine script = /usr/local/sbin/smbldap-useradd.pl -w %m
> > add user script = /usr/local/sbin/smbldap-useradd.pl -a %u
> > delete user script = /usr/local/sbin/smbldap-userdel.pl %u
> > add group script = /usr/local/sbin/smbldap-groupadd.pl %g
> > delete group script = /usr/local/sbin/smbldap-groupdel.pl %g
> > add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m %u %g
> > delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x %u
> %g
> > set primary group script = /usr/local/sbin/smbldap-usermod.pl -G %g %u
> > workgroup = TEST
> > netbios name = donald
> > comment = test samba pdc
> > security = user
> > null passwords = yes
> > encrypt passwords = yes
> > logon script=logon.bat
> > logon drive =
> > logon path =
> > domain master = yes
> > domain logons = yes
> > preferred master = yes
> > os level = 33
> > wins support = yes
> > wins proxy = no
> > log file = /var/log/samba/%m.log
> > public = No
> > browseable = yes
> > writable = No
> >
> > ; necessary share for domain controller
> > [netlogon]
> > path = /netlogon
> > locking = no
> > read only = yes
> > write list = ntadmin
> >
> > ;test share
> > [tmp]
> > writeable = yes
> > public = yes
> > path = /tmp
> >
> > [profiles]
> > path = /profiles
> > read only = no
> > writeable = yes
> > create mask = 0600
> > directory mask = 0700
> >
> > ---- end smb.conf ---
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: http://lists.samba.org/mailman/listinfo/samba
> >
>
>
More information about the samba
mailing list