[Samba] My story installing Samba-LDAP PDC (it has a happy ending)

Andrei Mikhailovsky andrei at arhont.com
Thu Jan 15 15:26:31 GMT 2004


Hello,

I've looked at your post at samba mailing list.

Same as you are, I am having a nightmare making a windows 2000 pro to
logon to my domain.

But unlike you, smbldap-tools worked fine-ish for me. They have
populated the database with initial users,groups and created computer
entry. The setup works fine for shares/workgroup. But I can't make it
connect to my pdc. By the way, I am running Debian unstable with samba
3.0.1 and ldap 2.1.23.

By following your experience, i've managed to resolve some of the issues
while i was trying to logon to my domain.

Initially, looking at the ldap logs, windows was trying to search for
entries that where not found in the ldap. Like pid 501, which is ment to
be a guest account, and few other things.

But after correcting these issues, ldap finds all the entries, but still
gives me Logon Failure: unknown username or bad password.

But looking at samba logs, I don't see any errors. This is the output of
the slapd when I atempt to logon to domain:

--------
Jan 15 14:07:23 whale slapd[24434]: conn=5 fd=19 ACCEPT from
IP=192.168.77.7:38423 (IP=0.0.0.0:389)
Jan 15 14:07:23 whale slapd[24434]: conn=5 op=0 BIND
dn="cn=root,dc=arhont,dc=com" method=128
Jan 15 14:07:23 whale slapd[24434]: conn=5 op=0 BIND
dn="cn=root,dc=arhont,dc=com" mech=simple ssf=0
Jan 15 14:07:23 whale slapd[24434]: conn=5 op=0 RESULT tag=97 err=0 text=
Jan 15 14:07:23 whale slapd[24434]: conn=5 op=1 SRCH
base="dc=arhont,dc=com" scope=2
filter="(&(objectClass=sambaDomain)(sambaDomainName=ARHONT))"
Jan 15 14:07:23 whale slapd[24434]: conn=5 op=1 SRCH
attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid
sambaSID sambaAlgorithmicRidBase objectClass
Jan 15 14:07:23 whale slapd[24434]: conn=5 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text=
Jan 15 14:07:23 whale slapd[24434]: conn=5 op=2 SRCH
base="dc=arhont,dc=com" scope=2
filter="(&(uid=root)(objectClass=sambaSamAccount))"
Jan 15 14:07:23 whale slapd[24434]: conn=5 op=2 SRCH attr=uid uidNumber
gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange
sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn
displayName sambaHomeDrive sambaHomePath sambaLogonScript
sambaProfilePath description sambaUserWorkstations sambaSID
sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName
objectClass sambaAcctFlags sambaMungedDial
Jan 15 14:07:23 whale slapd[24434]: conn=5 op=2 SEARCH RESULT tag=101
err=0 nentries=1 text=
Jan 15 14:07:23 whale slapd[24434]: conn=5 fd=19 closed

-------

and this is the example of my smb.conf

#LDAP Support for samba 3+
passdb backend          = ldapsam:ldap://whale.core.arhont.com
ldap admin dn           = "cn=root,dc=arhont,dc=com"
idmap backend           = ldap:ldap://whale.core.arhont.com
ldap suffix             = dc=arhont,dc=com
ldap machine suffix     = ou=computers
ldap user suffix        = ou=users

#ldap ssl       = off
#ldap user suffix       = "ou=users,dc=arhont,dc=com"

##Default LDAP FILTER
#ldap filter    = "(&(uid=%u)(objectClass=SambaSamAccount))"
ldap filter     = "(uid=%u)"

ldap delete dn          = no
#ldap password sync     = yes


In addition, you have mentioned that the win2k registry has to be
changed. I've looked at the registry key on my workstation, and it was
already 0, from the default install. Is it normal, as i've read in few
places that it has to be changed. but my one was already 0 from the
initial installation.

Do you have any suggestions, what might be going wrong? I am already at
my third day trying to integrate samba/ldap. What a nighmare!

Thanks in advance for any help )



-- 
Andrei Mikhailovsky




More information about the samba mailing list