[Samba] Samba + LDAP as a PDC - unable to log in (but able to join a domain)

Tomasz Chmielewski mangoo at interia.pl
Fri Oct 22 18:52:36 GMT 2004

John H Terpstra wrote:

 > a) Your configuration information. From this someone may be able to 
see things that are not as they need to be. That may help you to find a 

In case anyone wondered, here's my smb.conf and slapd.conf.

As I said, without LDAP, I can join a domain, log in as a user, roaming 
profiles work etc,
With OpenLDAP added, I can join the domain, but then I'm unable to log 
in as a user from the Windows workstation (w2k SP4).

Samba logs say that user authentication was successful, but Windows says 
that user/password were wrong.



;basic server settings
    workgroup = MAGISTA
    netbios name = Server
    server string = Samba PDC running %v
    socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 

;PDC and master browser settings
    os level = 65
    preferred master = yes
    local master = yes
    domain master = yes
    domain logons = yes

    wins support = yes
    remote announce =

;security and logging settings
    security = user
    encrypt passwords = yes
    log file = /var/log/samba/log.%m
    log level = 2
    max log size = 50
    hosts allow =

;password sync
    passwd program = /usr/local/sbin/smbldap-passwd -o %u
    passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
    unix password sync = Yes

;LDAP-specific settings
    passdb backend = ldapsam:ldap://
    ldap admin dn = cn=Manager,dc=magista,dc=de
    ldap ssl = no
    ldap suffix = dc=magista,dc=de
     ldap group suffix = ou=Users
     ldap user suffix = ou=Users
     ldap machine suffix = ou=Computers
     ldap idmap suffix = ou=Users

add user script = /usr/local/sbin/smbldap-useradd -d /dev/null -s 
/bin/false -g machine %u

;user profiles and home directory
    logon home = \\%L\%U\
    logon drive = H:
    logon path = \\%L\profiles\%U
    logon script = netlogon.bat

# ==== shares ====

   comment = Home Directories
   browseable = no
   writeable = yes

   path = /home/samba/profiles
   writeable = yes
   browseable = no
   create mask = 0600
   directory mask = 0700

   comment = Network Logon Service
   path = /home/netlogon
   read only = yes
   browseable = no
   write list = tom

   comment = Installation Sources
   path = /home/unattended
   read only = yes
   browseable = no
   valid users = unattended

### EOF smb.conf


include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/yast.schema
include         /etc/openldap/schema/samba3.schema

pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args

modulepath      /usr/lib/openldap/modules

access to dn.base=""
         by * read

access to dn.base="cn=Subschema"
         by * read

access to attr=userPassword,userPKCS12
         by self write
         by * auth

access to attr=shadowLastChange
         by self write
         by * read

access to *
         by self write
         by users read
         by anonymous auth

database        ldbm
cachesize       10000
suffix          "dc=magista,dc=de"
rootdn          "cn=Manager,dc=magista,dc=de"

rootpw          xxxxxx

directory       /var/lib/ldap

index   objectClass             eq
index   cn                      pres,sub,eq
index   sn                      pres,sub,eq
index   uid                     pres,sub,eq
index   displayName             pres,sub,eq
index   uidNumber               eq
index   gidNumber               eq
index   memberUid               eq
index   sambaSID                eq
index   sambaPrimaryGroupSID    eq
index   sambaDomainName         eq
index   member                  eq
index   default                 sub

# Logging
loglevel 256

### EOF slapd.conf


More information about the samba mailing list