[Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED

José Ildefonso Camargo Tolosa icamargo at merkurio.com.ve
Tue Jul 20 15:31:46 GMT 2004 

Mohammad Reza wrote:

>Dear lists...
> 
>But this still un-solved the real problem to join w2k to samba3-ldap .
>I'm here with the same situation.
>I even switch my distro to SuSe with same result, still cant join domain.
>Please give us hint how to solve or debug this problem.
>  
>

Sorry, I looked at the thread, and I don't have info about your problem 
with w2k.  According to what I read at the link posted by Abebe, I think 
it may be a problem with the unix system not "seeing" the machine 
account created automatically by samba (ie, the smbldap-useradd 
script).  You should be able to do a "su - winxp\$" as root, and it 
should log in:

obelix:~# su - virtualxp\$
No directory, logging in with HOME=/

Off course, it will not give you a prompt as virtualxp\$, because the 
shell is /bin/false, but If the user didn't existed, it would answered: 
Unkown ID, or something like that.

> 
>regards
>reza
>
>-----Original Message-----
>From:	Craig White [mailto:craigwhite at azapple.com]
>Sent:	Tue 7/20/2004 9:48 AM
>To:	samba at lists.samba.org
>Cc:	
>Subject:	Re: [Samba] Samba+LDAP - so close yet so far  :) ...STILL NOT SOLVED
>On Mon, 2004-07-19 at 19:34, José Ildefonso Camargo Tolosa wrote:
>
>  
>
>>>http://samba.idealx.org/smbldap-howto.fr.html as you
>>>recommended. I have one big question, which one do I
>>>put in '/etc/ldap.conf'
>>>
>>>nss_base_passwd dc=wbcoll,dc=edu?one
>>>nss_base_shadow dc=wbcoll,dc=edu?one
>>>nss_base_group  ou=Groups,dc=wbcoll,dc=edu?one
>>>
>>>or
>>>
>>>nss_base_passwd        ou=Users,dc=wbcoll,dc=edu?one
>>>nss_base_shadow        ou=Users,dc=wbcoll,dc=edu?one
>>>nss_base_group         ou=Groups,dc=wbcoll,dc=edu?one
>>> 
>>>
>>>      
>>>
>>Neither, use this:
>>
>>nss_base_passwd dc=wbcoll,dc=edu?sub
>>nss_base_shadow dc=wbcoll,dc=edu?sub
>>nss_base_group  ou=Groups,dc=wbcoll,dc=edu?one
>>
>>Look at the sub, it tells the system to descend to all the sub-objects it may have.
>>
>>    
>>
>---
>It is pertinent to consider that this suggestion waives any efficiency
>for ease of use as it will tell all user lookups to search the entire
>LDAP tree.
>
>I already told him to use his second choice as that is most efficient. I
>recognize that your option would permit the option of trying to use a
>separate organizational unit for Computers but this guy is endlessly
>confused, and simple is clearly better for his purposes, without
>considering the impact of excessive searching of the LDAP db.
>
>Craig
>
>  
>

More information about the samba mailing list