[Samba] Samba and LDAP backend - howto docs problems?

Wed Mar 10 00:01:14 GMT 2004

I also noticed this problem.  I do not know why it happens, but did
noticed the following which may help:

I already have a few machines in an old samba-2.2.8 production
environment.  Those machines are already in dns, nis netgoups, etc.

My new samba 3.0.2a does not restrict to any hosts yet.  So if I run the
command:
/opt/local/samba/bin/smbpasswd -a -m mathpc22$  Then it succeds:
oak:/etc/openldap/ldif # /opt/local/samba/bin/smbpasswd -a -m mathpc22$
Added user mathpc22$.

while if I use a new hostname not listed in my dns/netgroups tables then
it fails
oak:/tmp/samba-3.0.2/source # /opt/local/samba/bin/smbpasswd -a -m diego
Failed to initialise SAM_ACCOUNT for user diego$.
Failed to modify password entry for user diego$

I am leaving the office right (oh man is 7pm, another 12 hour work day)
now so I will try to find out if it wants the machine in dns or netgroups
and will post again to the list to let you know what I find out.

Diego

On Tue, 9 Mar 2004, John H Terpstra wrote:

> On Wed, 10 Mar 2004, Graham Leggett wrote:
>
> > Hi all,
> >
> > I have followed the instructions at
> > http://samba.mirror.ac.uk/samba/docs/man/passdb.html in an attempt to
>
> Ok. I am one of the authors of that. It should work. Email me you
> smb.conf file and I will try to help.
>
> > set up a Samba v3.0.2 (supplied by Redhat as part of RHEL v3.0) PDC.
> >
> > I have got as far as trying to get a windows 2k box to join this new
> > domain that I have created, however this fails with the error "Logon
> > failure: unknown user name or password".
> >
> > Samba itself logs nothing of this failure.
> >
> > Looking at the LDAP logs, I see that Samba is trying to do the following
> > LDAP search:
> > (&(&(uid=admin)(objectClass=sambaSamAccount))(objectClass=sambaSamAccount))
> >
> > This search fails, because the ldif displayed in the howto does not
> > include the sambaSamAccount objectclass in the admin object:
> >
> > dn: cn=admin,ou=People,dc=quenya,dc=org
> > cn: admin
> > objectclass: top
> > objectclass: organizationalRole
> > objectclass: simpleSecurityObject
> > userPassword: {SSHA}c3ZM9tBaBo9autm1dL3waDS21+JSfQVz
> >
> > Does anyone have any step by step instructions for getting a Win2k box
> > to join a Samba domain that is known to work?
>
> Fully documented step-by-step instructions that work with SuSE and Red Hat
> are in the new book "Samba-3 by Example" - can be ordered from Amazon.Com
> now. Will ship starting March 26th.
>
> Have you also checked chapter 2 of TOSHARG (The Official Samba-3 HOWTO and
> Reference Guide)? While not as comprehensive as the new book, this chapter
> was the seed that started the avalance of the "Give us more ..." litany
> that resulted in "Samba-3 by Example".
>
> Have you set up your scripts?
> 	- add user script
> 	- delete user script
> 	- add machine script
> 	- add group script
> 	- delete group script
> 	- add user to group script
> 	- etc.
>
> Have you test driven each manually to prove that it works?
>
> Have you configured nss_ldap and proven that it works?
> 	ie: getent passwd
> 	    getent group
>
> Does:
> 	pdbedit -Lw
>
> list the users in the old smbpasswd format?
>
> Many, many more questions ... what have you done to demonstrate that each
> element of your configuration works?
>
>
> Cheers,
> John T.
> --
> John H Terpstra
> Email: jht at samba.org
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>