[Samba] ldap auth no longer works with upgrade from 3.0-3.0.2?

John H. mrmailer at myway.com
Mon Mar 15 22:16:49 GMT 2004

Ok, I had ldap with samba working perfectly a few weeks ago.  however, I had no root account, since i was told not to have a root account on ldap server, so someone recommended i do this in smb.conf...
 passdb backend = smbpasswd

adding root user to samba with smbpasswd -a 

then changing smb.conf to this

 passdb backend = ldapsam:ldap:// smbpasswd

so it could use both, right?

So a while later I let fedora up2date upgrade samba 3.0.0 rpms to 3.0.2.  Everything seemed to work fine afterward.
I looked in smbpasswd today, and I noticed all the ldap accounts, including the machine accounts are in there, as well as the root account.  I thought this odd, so I removed smbpasswd from the aforementioned line, and oddly enough, none of the ldap accounts could use samba anymore, getting nt_login_failure or whatever!  

however, in a command line, i can still id username and it shows their username, through ldap, and i can log in to unix with them(ssh and everything), but samba no longer recognizes them.  can someone tell me what i did wrong, or if this is a bug or something?  below i paste relevant parts of smb.conf

        workgroup = DOMAINNAME
        netbios name = NETBIOSNAME
        netbios aliases = INTRANET
        logon script = logon.cmd
        logon home =
        logon path =
        domain logons = Yes
        os level = 64
        preferred master = Yes
        encrypt passwords = Yes
        domain master = Yes
        wins support = Yes
        encrypt passwords = Yes
        update encrypted = Yes
        auth methods = sam guest
        security = USER

        passdb backend = ldapsam:ldap:// smbpasswd
        ldap suffix = dc=INTRANET
        ldap machine suffix = ou=People
        ldap passwd sync = yes
        ldap user suffix = ou=People
        ldap group suffix = ou=Group
        ldap admin dn = "cn=Manager,dc=INTRANET"
        ldap ssl = no
        idmap backend = ldapsam:ldapsam://
        passwd chat debug = Yes
        passwd program =/usr/local/sbin/smbldap-passwd -o %u
        passwd chat = *new*password* %n\n *new*password:* %n\ *successfully*
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        add machine script = /usr/local/sbin/smbldap-useradd -w %m
        add user script = /usr/local/sbin/smbldap-useradd -a -n -m %u
        delete user script = /usr/local/sbin/smbldap-userdel %u
        add group script = /usr/local/sbin/smbldap-groupadd %g
        delete group script = /usr/local/sbin/smbldap-groupdel %g
        add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g
        delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g
        set primary group script = /usr/local/sbin/smbldap-usermod -G %g %u

No banners. No pop-ups. No kidding.
Introducing My Way - http://www.myway.com

More information about the samba mailing list