[Samba] samba ldap with smbldap-tools cant join domain.

Muhammad Reza reza at mra.co.id
Wed Jun 9 05:48:14 GMT 2004

Dear Lists

I have problem regarding configuring samba as domain controller with 
ldap authentication 
I use Samba-3.0.3-5 with Openldap-2.1.29 (running on Fedora Core 2).
I  follow guide from  www.idealx.org/prj/samba/smbldap-howto.en.html, 
with recent smbldap-tools for RedHat RPM,
Installation those packet was successfull,  so did  user management with 
smbldap-tools, i can login from another unix machine (ssh) with ldap 
But when i try to join my windows machine to new domain controller with 
samba Administrator account and password , workstation always complain 
something about Logon Failure  "Unknown user name or Bad Password"
Log form my domain controller machine is (syslog 4) :
# tail -f log.smbd
[2004/06/09 11:54:12, 2] lib/smbldap.c:smbldap_search_domain_info(1344)
  Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SMB3))]
[2004/06/09 11:54:12, 2] lib/smbldap.c:smbldap_open_connection(639)
  smbldap_open_connection: connection opened
[2004/06/09 11:54:12, 3] lib/smbldap.c:smbldap_connect_system(806)
  ldap_connect_system: succesful connection to the LDAP server
[2004/06/09 11:54:12, 4] lib/smbldap.c:smbldap_open(857)
  The LDAP server is succesful connected
#tail -f log.(windows machine)[2004/06/09 11:54:12, 3] 
  open_oplock ipc: pid = 2740, global_oplock_port = 1025
[2004/06/09 11:54:12, 4] lib/time.c:get_serverzone(122)
  Serverzone is -25200
[2004/06/09 11:54:12, 3] smbd/process.c:process_smb(890)
  Transaction 0 of length 72
[2004/06/09 11:54:12, 2] smbd/reply.c:reply_special(208)
  netbios connect: name1=PDC-SMB3        name2=BACKUP        
[2004/06/09 11:54:12, 2] smbd/reply.c:reply_special(215)
  netbios connect: local=pdc-smb3 remote=backup, name type = 0

#cat /etc/samba/smb.conf
# Global parameters
        workgroup = SMB3
        netbios name = PDC-SMB3
        interfaces =
        username map = /etc/samba/smbusers
        admin users= Administrator @"Domain Admins"
        server string = Samba Server %v
        security = user
        encrypt passwords = Yes
        min passwd length = 3
        obey pam restrictions = No
        passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
        passwd program = /usr/local/sbin/smbldap-passwd %u
        ldap passwd sync = Yes
        log level = 4
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 100000
        time server = Yes
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        mangling method = hash2
        Dos charset = 850
        Unix charset = ISO8859-1

        logon script = logon.bat
        logon drive = H:
        logon home =
        logon path =

        domain logons = Yes
        os level = 65
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        passdb backend = ldapsam:ldap://
        # passdb backend = ldapsam:"ldap:// 
        ldap admin dn = cn=Manager,dc=mragroup,dc=net
        ldap suffix = dc=mragroup,dc=net
        ldap group suffix = ou=Groups
        ldap user suffix = ou=Users
        ldap machine suffix = ou=Computers
        ldap idmap suffix = ou=Users
        #ldap ssl = start tls
        add user script = /usr/local/sbin/smbldap-useradd -m "%u"
        ldap delete dn = Yes
        #delete user script = /usr/local/sbin/smbldap-userdel "%u"
        add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
        add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
        #delete group script = /usr/local/sbin/smbldap-groupdel "%g" add 
user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
        delete user from group script = /usr/local/sbin/smbldap-groupmod 
-x "%u" "%g"
        set primary group script = /usr/local/sbin/smbldap-usermod -g 
"%g" "%u"
        add user to group script = /usr/local/sbin/smbldap-groupmod -m 
"%u" "%g"

Is there something i missed ? i assumed that samba now can connect to 
ldap service, and  i have an Adminstrator account at ldap DIT  and at 
secret.tdb with right password why still i can join my windows machine ? 
i even add mahine name to DIT.

Please help me, any suggest is very appriciate, and sorry for my poor 


More information about the samba mailing list