[Samba] samba3 PDC+ldap domain logon problem

David Caplan david at david.ath.cx
Tue Jun 22 17:41:24 GMT 2004


I've got an issue with a samba 3 PDC with an ldap backend. I get a logon
failure (unknown username or bad password) when trying to add a win2k
box to the domain. I'm using Mandrake with Samba 3.0.2a and openldap 2.1.22. 
I am able to set up the workgroup on the w2k box, and access folders for
users registered in the ldap database, however I am not able to join the
domain with the user Administrator. 

Any ideas on where I can look to find errors or test another way? (I cant find anything
in the ldap logs or the samba logs).

Please CC me any response, as I'm not subscribed to the list.

- David

---Some relevant smb.conf


	username map = /etc/samba3/smbusers
	obey pam restrictions = No
	ldap passwd sync = yes
	passdb backend = ldapsam:ldap://
	unix password sync = yes
	pam password change = yes
	passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *LDAP*password*information*changed*for*dcaplan*\n *passwd:*all*authentication*tokens*updated*successfully* 
	ldap admin dn = cn=root,dc=cloudraker,dc=com
    ldap suffix = dc=cloudraker,dc=com
    ldap group suffix = ou=Group
    ldap user suffix = ou=People
    ldap machine suffix = ou=Hosts
    ldap idmap suffix = ou=People
    ldap ssl = off 
    #ldap ssl = start tls
    add user script = /usr/bin/smbldap-useradd3 -m "%u"
    ldap delete dn = Yes
    delete user script = /usr/bin/smbldap-userdel3 "%u"
    add machine script = /usr/bin/smbldap-useradd3 -w "%u"
    add group script = /usr/bin/smbldap-groupadd3 -p "%g" 
    #delete group script = /usr/bin/smbldap-groupdel3 "%g"
    add user to group script = /usr/bin/smbldap-groupmod3 -m "%u" "%g"
    delete user from group script = /usr/bin/smbldap-groupmod3 -x "%u" "%g"
    set primary group script = /usr/bin/smbldap-usermod3 -g "%g" "%u"
	os level = 65
	security = user
	logon path = \\%L\profiles\%U
	logon drive = U:
	update encrypted = Yes
	encrypt passwords = yes
	domain master = yes
	domain logons = yes
	local master = yes
	preferred master = yes
	guest ok = no
	admin users = root Administrator
	#wins support = yes
	#wins proxy = yes

David Caplan <david at david.ath.cx>
Key fingerprint: AADC 53B6 D5FB 31FE E191  4E9A 8D5D 2952 9358  

More information about the samba mailing list