[Samba] samba3 PDC+ldap domain logon problem

Paul Gienger pgienger at ae-solutions.com
Wed Jun 23 12:47:20 GMT 2004 

There is a bug with seperating the machine suffix and the user suffix, 
they both need to be the same container.

Please search the archives more, this topic comes up every week or so.

David Caplan wrote:

>Hi,
>
>I've got an issue with a samba 3 PDC with an ldap backend. I get a logon
>failure (unknown username or bad password) when trying to add a win2k
>box to the domain. I'm using Mandrake with Samba 3.0.2a and openldap 2.1.22. 
>I am able to set up the workgroup on the w2k box, and access folders for
>users registered in the ldap database, however I am not able to join the
>domain with the user Administrator. 
>
>Any ideas on where I can look to find errors or test another way? (I cant find anything
>in the ldap logs or the samba logs).
>
>Please CC me any response, as I'm not subscribed to the list.
>
>Thanks.
>- David
>
>---Some relevant smb.conf
>
>[global]
>
>    ...
>	username map = /etc/samba3/smbusers
>	obey pam restrictions = No
>	ldap passwd sync = yes
>	passdb backend = ldapsam:ldap://127.0.0.1/
>	unix password sync = yes
>	pam password change = yes
>	passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *LDAP*password*information*changed*for*dcaplan*\n *passwd:*all*authentication*tokens*updated*successfully* 
>	ldap admin dn = cn=root,dc=cloudraker,dc=com
>    ldap suffix = dc=cloudraker,dc=com
>    ldap group suffix = ou=Group
>    ldap user suffix = ou=People
>    ldap machine suffix = ou=Hosts
>    ldap idmap suffix = ou=People
>    ldap ssl = off 
>    #ldap ssl = start tls
>    add user script = /usr/bin/smbldap-useradd3 -m "%u"
>    ldap delete dn = Yes
>    delete user script = /usr/bin/smbldap-userdel3 "%u"
>    add machine script = /usr/bin/smbldap-useradd3 -w "%u"
>    add group script = /usr/bin/smbldap-groupadd3 -p "%g" 
>    #delete group script = /usr/bin/smbldap-groupdel3 "%g"
>    add user to group script = /usr/bin/smbldap-groupmod3 -m "%u" "%g"
>    delete user from group script = /usr/bin/smbldap-groupmod3 -x "%u" "%g"
>    set primary group script = /usr/bin/smbldap-usermod3 -g "%g" "%u"
>	os level = 65
>	security = user
>	logon path = \\%L\profiles\%U
>	logon drive = U:
>	update encrypted = Yes
>	encrypt passwords = yes
>	domain master = yes
>	domain logons = yes
>	local master = yes
>	preferred master = yes
>	guest ok = no
>	admin users = root Administrator
>	
>	#wins support = yes
>	#wins proxy = yes
>----
>
>
>--
>David Caplan <david at david.ath.cx>
>Key fingerprint: AADC 53B6 D5FB 31FE E191  4E9A 8D5D 2952 9358  
>
>  
>

-- 
Paul Gienger                     Office:		701-281-1884
Applied Engineering Inc.         Cell:			701-306-6254
Information Systems Consultant   Fax:			701-281-1322
URL: www.ae-solutions.com        mailto:pgienger at ae-solutions.com

More information about the samba mailing list