[Samba] Samba + LDAP as a PDC - unable to log in (but able to
join a domain)
Tomasz Chmielewski
mangoo at interia.pl
Fri Oct 22 18:52:36 GMT 2004
John H Terpstra wrote:
> a) Your configuration information. From this someone may be able to
see things that are not as they need to be. That may help you to find a
solution.
In case anyone wondered, here's my smb.conf and slapd.conf.
As I said, without LDAP, I can join a domain, log in as a user, roaming
profiles work etc,
With OpenLDAP added, I can join the domain, but then I'm unable to log
in as a user from the Windows workstation (w2k SP4).
Samba logs say that user authentication was successful, but Windows says
that user/password were wrong.
smb.conf:
[global]
;basic server settings
workgroup = MAGISTA
netbios name = Server
server string = Samba PDC running %v
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
SO_RCVBUF=8192
;PDC and master browser settings
os level = 65
preferred master = yes
local master = yes
domain master = yes
domain logons = yes
wins support = yes
remote announce = 192.168.0.255/MAGISTA
;security and logging settings
security = user
encrypt passwords = yes
log file = /var/log/samba/log.%m
log level = 2
max log size = 50
hosts allow = 127.0.0.1 192.168.0.0/255.255.255.0
;password sync
passwd program = /usr/local/sbin/smbldap-passwd -o %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*
unix password sync = Yes
;LDAP-specific settings
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=Manager,dc=magista,dc=de
ldap ssl = no
ldap suffix = dc=magista,dc=de
ldap group suffix = ou=Users
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
add user script = /usr/local/sbin/smbldap-useradd -d /dev/null -s
/bin/false -g machine %u
;user profiles and home directory
logon home = \\%L\%U\
logon drive = H:
logon path = \\%L\profiles\%U
logon script = netlogon.bat
# ==== shares ====
[homes]
comment = Home Directories
browseable = no
writeable = yes
[profiles]
path = /home/samba/profiles
writeable = yes
browseable = no
create mask = 0600
directory mask = 0700
[netlogon]
comment = Network Logon Service
path = /home/netlogon
read only = yes
browseable = no
write list = tom
[unattended]
comment = Installation Sources
path = /home/unattended
read only = yes
browseable = no
valid users = unattended
### EOF smb.conf
slapd.conf:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/yast.schema
include /etc/openldap/schema/samba3.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
modulepath /usr/lib/openldap/modules
access to dn.base=""
by * read
access to dn.base="cn=Subschema"
by * read
access to attr=userPassword,userPKCS12
by self write
by * auth
access to attr=shadowLastChange
by self write
by * read
access to *
by self write
by users read
by anonymous auth
database ldbm
cachesize 10000
suffix "dc=magista,dc=de"
rootdn "cn=Manager,dc=magista,dc=de"
rootpw xxxxxx
directory /var/lib/ldap
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUid eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index member eq
index default sub
# Logging
loglevel 256
### EOF slapd.conf
Tomek
More information about the samba
mailing list