[Samba] samba ldap with smbldap-tools cant join domain.
Muhammad Reza
reza at mra.co.id
Wed Jun 9 05:48:14 GMT 2004
Dear Lists
I have problem regarding configuring samba as domain controller with
ldap authentication
I use Samba-3.0.3-5 with Openldap-2.1.29 (running on Fedora Core 2).
I follow guide from www.idealx.org/prj/samba/smbldap-howto.en.html,
with recent smbldap-tools for RedHat RPM,
Installation those packet was successfull, so did user management with
smbldap-tools, i can login from another unix machine (ssh) with ldap
account.
But when i try to join my windows machine to new domain controller with
samba Administrator account and password , workstation always complain
something about Logon Failure "Unknown user name or Bad Password"
Log form my domain controller machine is (syslog 4) :
# tail -f log.smbd
[2004/06/09 11:54:12, 2] lib/smbldap.c:smbldap_search_domain_info(1344)
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SMB3))]
[2004/06/09 11:54:12, 2] lib/smbldap.c:smbldap_open_connection(639)
smbldap_open_connection: connection opened
[2004/06/09 11:54:12, 3] lib/smbldap.c:smbldap_connect_system(806)
ldap_connect_system: succesful connection to the LDAP server
[2004/06/09 11:54:12, 4] lib/smbldap.c:smbldap_open(857)
The LDAP server is succesful connected
#tail -f log.(windows machine)[2004/06/09 11:54:12, 3]
smbd/oplock.c:init_oplocks(1257)
open_oplock ipc: pid = 2740, global_oplock_port = 1025
[2004/06/09 11:54:12, 4] lib/time.c:get_serverzone(122)
Serverzone is -25200
[2004/06/09 11:54:12, 3] smbd/process.c:process_smb(890)
Transaction 0 of length 72
[2004/06/09 11:54:12, 2] smbd/reply.c:reply_special(208)
netbios connect: name1=PDC-SMB3 name2=BACKUP
[2004/06/09 11:54:12, 2] smbd/reply.c:reply_special(215)
netbios connect: local=pdc-smb3 remote=backup, name type = 0
#cat /etc/samba/smb.conf
# Global parameters
[global]
workgroup = SMB3
netbios name = PDC-SMB3
interfaces = 172.16.0.232
username map = /etc/samba/smbusers
admin users= Administrator @"Domain Admins"
server string = Samba Server %v
security = user
encrypt passwords = Yes
min passwd length = 3
obey pam restrictions = No
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated*
passwd program = /usr/local/sbin/smbldap-passwd %u
ldap passwd sync = Yes
log level = 4
syslog = 0
log file = /var/log/samba/log.%m
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
logon script = logon.bat
logon drive = H:
logon home =
logon path =
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
passdb backend = ldapsam:ldap://127.0.0.1/
# passdb backend = ldapsam:"ldap://127.0.0.1/
ldap://slave.idealx.com"
ldap admin dn = cn=Manager,dc=mragroup,dc=net
ldap suffix = dc=mragroup,dc=net
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
#ldap ssl = start tls
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
#delete user script = /usr/local/sbin/smbldap-userdel "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
#delete group script = /usr/local/sbin/smbldap-groupdel "%g" add
user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod
-x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g
"%g" "%u"
add user to group script = /usr/local/sbin/smbldap-groupmod -m
"%u" "%g"
--snip---
Is there something i missed ? i assumed that samba now can connect to
ldap service, and i have an Adminstrator account at ldap DIT and at
secret.tdb with right password why still i can join my windows machine ?
i even add mahine name to DIT.
Please help me, any suggest is very appriciate, and sorry for my poor
english
regards
reza
More information about the samba
mailing list