[Samba] Re: Need help configuring Samba3/LDAP PDC

rwallace at thewallacepack.net rwallace at thewallacepack.net
Fri Jun 11 20:16:25 GMT 2004

Aaron Ogden wrote:

> > Have you checked the logging on OpenLDAP?  I'd set the loglevel
> > to 488 and look at the queries samba is doing.  If you have
> > "root =  administrator admin" in your smbusers file then samba
> > will look for an ldap entry with uid=root.  grep the ldap log
> > file for that and comment out that line in smbusers if that
> > seems to be the case.
> >
> > Rich
> Hello Rich (and others), thanks for responding.  I turned up the 
> loglevel, fixed some configuration errors in smb.conf, and commented 
> the root= entry in smbusers. You were right, Administrator was being 
> mapped to 'root'.  Now I can authenticate LDAP users in Samba, e.g. 
> 'smbclient -L localhost -U Administrator' works properly.  
> Unfortunately I still cannot join the PDC machine to the domain and I 
> think I know why.
> When I run 'net rpc join -U Administrator' the machine account gets 
> created but it is a posixAccount instead of a sambaSamAccount.  In 
> other words it is a normal unix user account that is missing all of 
> the samba-related fields.  Samba is calling the IDEALX 
> smbldap-useradd.pl script to create the account but obviously I've got 
> an error somewhere... the user accounts it creates are not 
> samba-capable.  Does anyone know how to fix this?  Did I miss 
> something in smbldap_conf.pm?

What version of samba did you say your using?  It sounds like one with 
an older version of the Idealx scripts since you still have the .pl 
extension and they still use the .pm configuration files.  Try going to 
http://www.idealx.org/prj/samba/index.en.html and download the latest 
version of the scripts.  I had some problems with the Idealx scripts 
bundled with 3.0.2a but using the latest versions from the site fixed 
everything.  Oh, and don't forget that for the "add machine script" 
setting you need to pass the -w option to smbldap-useradd.

> On a related note, I've imported lots of NIS data into this LDAP 
> directory, so I have lots of valid Unix accounts.  These are working 
> properly on LDAP-enabled linux machines, but how do I 'convert' them 
> for use with Samba?  Ideally I would like to have one record for each 
> user that contains all of the samba data as well as the unix data.  Is 
> there an easy way to add the appropriate samba fields to 'normal' 
> posixAccounts?  Is there a FAQ that covers the procedure?  Any help 
> would be welcome.

That's a good question and I hope someone has an answer.  I tried to do 
the same a while back and didn't have any luck either.  You can't use 
the smbldap-useradd scripts or smbpasswd -a 'cause those will only tell 
you that the entry already exists.  Oooo... but it looks like you can 
use "smbldap-usermod -a" to add the necessary objectclass and whatnot.  
Play around with that and see what happens.


More information about the samba mailing list