[Samba] problem with samba, ldap and windows

Samuele Giovanni Tonon samu at sferacarta.com
Wed Oct 13 10:00:18 GMT 2004

i have read that someone has similar problem to mines, however i didn't 
find how it solved them .

The problem is this: samba as a PDC for a window domain.
The authentication is managed with openldap.

if i try to change the password of any ldap account with smbpassword i 
have no error.
if i try to access to the shared folder of samba, with windows, it asks
me for authentication and it all work.
The only thing i'm not able to do is to manage the windows 
authentication through domain: when i try to join the domain using 
Administrator it says to me "Can't find user" but in samba log i have:

[2004/10/13 11:27:45, 2] smbd/sesssetup.c:setup_new_vc_session(608) 
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.
[2004/10/13 11:27:45, 2] smbd/sesssetup.c:setup_new_vc_session(608)
   setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.
[2004/10/13 11:27:45, 2] passdb/pdb_ldap.c:init_sam_from_ldap(485)
   init_sam_from_ldap: Entry found for user: Administrator
[2004/10/13 11:27:45, 2] auth/auth.c:check_ntlm_password(305)
   check_ntlm_password:  authentication for user [Administrator] -> 
[Administrator] -> [Administrator] succeeded
[2004/10/13 11:27:46, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2477)
   Returning domain sid for domain KOSAVUTU -> 
[2004/10/13 11:27:46, 2] smbd/server.c:exit_server(571)
   Closing connections

so Administrator is known, the authentication works, but in some way 
either samba or windows doesn't communicate well.
Any hints ?

i'm attaching my smb.conf, hoping it can help.

-------------- next part --------------
# Sample configuration file for the Samba suite for Debian GNU/Linux.
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options most of which 
# are not shown in this example
# Any line which starts with a ; (semi-colon) or a # (hash) 
# is a comment and is ignored. In this example we will use a #
# for commentary and a ; for parts of the config file that you
# may wish to enable
# NOTE: Whenever you modify this file you should run the command
# "testparm" to check that you have not many any basic syntactic 
# errors. 

#======================= Global Settings =======================


## Browsing/Identification ###
	workgroup = KOSAVUTU
	;netbios name = PDC
	server string = %h server (Samba %v)
	syslog = 30
	security = user
	null passwords = true
	encrypt passwords = true

	add user script = /usr/sbin/smbldap-useradd -m -a "%u"
	delete user script = /usr/sbin/smbldap-userdel "%u"
	add group script = /usr/sbin/smbldap-groupadd -p "%g"
	delete group script = /usr/sbin/smbldap-groupdel "%g"
	add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
	delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
	set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
	add machine script = /usr/sbin/smbldap-useradd -w "%u"

	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	logon script = logon.bat
	logon path = \\PDC\profiles\%g

	client NTLMv2 auth = Yes
        client lanman auth = No
        client plaintext auth = No
        min protocol = LANMAN2
        time server = Yes
        server signing = auto

	local master = Yes
	os level = 40
	domain logons = Yes
	preferred master = Yes
	domain master = Yes
	wins support = No
	wins server =

	log file = /var/log/samba/samba.log.%m
	log level = 2 passdb:2 auth:2 winbind:2
	admin users = root,Administrator

	passdb backend = ldapsam:ldap://
	passwd program = /usr/sbin/smbldap-passwd -o %u
	passwd chat = *new*password* %n\n *new*password:* %n\ *succesfully*
	passwd chat debug = Yes
	ldap suffix = dc=sferacarta,dc=com
	ldap machine suffix = ou=machines
	ldap user suffix = ou=people
	ldap group suffix = ou=groups
	ldap idmap suffix = ou=users
	ldap admin dn = "cn=Manager,dc=sferacarta,dc=com"
	ldap ssl = no
	ldap passwd sync = Yes
	ldap delete dn = Yes

	path = /etc/samba/netlogon
	locking = no
	browsable = no
	read only = yes

	path = /etc/samba/profiles
	read only = no
	writeable = yes
	create mask = 0600
	directory mask = 0700
	browseable = No
	guest ok = Yes
	profile acls = yes
	csc policy = disable
	force user = %U 
	valid users = %U "Domain Admins"

	comment = Home Directories
	browseable = no
	writable = no
	create mask = 0700
	directory mask = 0700

	comment = kosovo
	browseable = yes
	writable = no
	path = /kosovo

More information about the samba mailing list