[Samba] Samba 3.0.2rc1 / LDAP login fails, pdbedit shows user

John Schmerold john at katy.com
Tue Jan 20 00:57:05 GMT 2004

I'm running 3.0.2rc1.  User authentication was working, until I got
the bright idea to change ntgroup _users_ to users
Now no one can login, any ideas how to fix?
I've tried deleting the tree & starting over from scratch, no joy:

[root at chs root]# smbclient //chs/tmp -U doj
tree connect failed: Call returned zero bytes (EOF)
[root at chs root]#

When I run pdbedit -v, the use is listed

I can browse the LDAP tree with Jarek Gawor's LDAP Browser\Editor

smb.conf is as follows:
force user = root
hosts allow = 192.168.10. 192.168.20.
hosts deny = all
interfaces = eth0 eth1
passdb backend = ldapsam
ldap suffix = dc=hbclp,dc=com
#ldap machine suffix = ou=_COMPUTERS_
#ldap user suffix = ou=_USERS_
#ldap group suffix = ou=_GROUPS_
ldap machine suffix = ou=computers
ldap group suffix = ou=groups
ldap user suffix = ou=users

ldap admin dn = "cn=root,dc=hbclp,dc=com"
#not using ssl because this is all happening on the localhost
ldap ssl = no
#ldap ssl = Yes
#ldap ssl = start tls
idmap backend = ldap:ldap://
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
wins support = yes
idmap gid = 10000-20000
idmap uid = 10000-20000

passwd chat debug = Yes
passwd program =/usr/bin/smbldap-passwd.pl -o %u
passwd chat = *new*password* %n\n *new*password:* %n\ *successfully*

#mentioned that these options improve performance
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 

add machine script = /usr/bin/smbldap-useradd.pl -w %ms"
add user script = /usr/bin/smbldap-useradd.pl -a %u
delete user script = /usr/bin/smbldap-userdel.pl %u
add group script = /usr/bin/smbldap-groupadd.pl %g
delete group script = /usr/bin/smbldap-groupdel.pl %g
add user to group script = /usr/bin/smbldap-groupmod.pl" -m %u %g
delete user from group script = /usr/bin/smbldap-groupmod.pl -x %u %g
set primary group script = /usr/bin/smbldap-usermod.pl -G %g %u

workgroup = workgroup
netbios name = chs 
comment = Chesterfield Server
server string = Chesterfield Server
security = user
null passwords = yes
encrypt passwords = yes
logon script=logon.bat

### These left Blank will force local profiles but will not override LDAP config
##if set LDAP takes precedence.
logon drive =
logon path =

domain master = yes
domain logons = yes
preferred master = yes
os level = 33

wins support = no 
wins proxy = no

log file = /var/log/samba/%m.log

public = No
browseable = yes
writable = No

; necessary share for domain controller
path = /netlogon
locking = no
read only = yes
write list = ntadmin 

;test share
	writeable = yes
	public = yes
	path = /tmp

path = /profiles
read only = no
writeable = yes
create mask = 0600
directory mask = 0700

        path = /home/sys
        read only = No

        path = /home/vol1
        read only = No

        path = /home/cdroms
        read only = No

More information about the samba mailing list