[Samba] Samba / LDAP no account in domain

Neil Marjoram n.marjoram at adastral.ucl.ac.uk
Thu Sep 2 08:31:39 GMT 2004 

Can anyone please help me?

I have swapped from using passwd.tdb to using LDAP, but I just can't get
it to work. User authentication works if I try to access a share from a
locally logged in system, but if I try to login at domain level I get
Domain controller not found and the samba log produces this :

[2004/09/02 09:16:29, 0] rpc_server/srv_netlog_nt.c:get_md4pw(218)
  get_md4pw: Workstation SHAUN$: no account in domain

Unix user login all works fine.

My users and computers are in the same tree (People). The smbtools.conf
has People set for users, and the /etc/ldap.conf also has People set. I
did question the scope setting so I have set both the smbldap.conf and
/etc/ldap.conf files to one.

This is getting rather desperate, it looks like if we can't get this to
go it Windows 2003 server for this site.

Can anyone see what stupid mistake I have made ? (Apart from considering
W 2003!)

Samba versions tried : 3.0.2 / 3.0.4 / 3.0.6
OS tried : Redhat 9 / Fedora Core 2
Openldap : 2.1.29-1
smbldaptools : 0.8.5

smb.conf :

passdb backend = ldapsam:ldap://ldap2.adastral.ucl.ac.uk
idmap backend = ldap:ldap://ldap2.adastral.ucl.ac.uk
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
		*passwd:*all*authentication*tokens*updated*successfully*
ldap delete dn = Yes
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m 		"%u"
"%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
delete user script = /usr/local/sbin/smbldap-userdel "%u"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
ldap admin dn = cn=samba,ou=DSA,dc=adastral,dc=ucl,dc=ac,dc=uk
ldap suffix = dc=adastral,dc=ucl,dc=ac,dc=uk
ldap group suffix = ou=Group
ldap user suffix = ou=People
ldap machine suffix = ou=People
ldap idmap suffix = ou=Idmap
ldap ssl = start tls
ldap passwd sync = yes

/etc/ldap.conf

uri ldaps://ldap2.adastral.ucl.ac.uk:636
base dc=adastral,dc=ucl,dc=ac,dc=uk
rootbinddn cn=nssldap,ou=DSA,dc=adastral,dc=ucl,dc=ac,dc=uk
scope one
pam_filter objectclass=posixaccount
pam_login_attribute uid
pam_member_attribute gid
pam_template_login_attribute uid
pam_password md5
nss_base_passwd         ou=People,dc=adastral,dc=ucl,dc=ac,dc=uk?one
nss_base_shadow         ou=People,dc=adastral,dc=ucl,dc=ac,dc=uk?one
nss_base_group          ou=Group,dc=adastral,dc=ucl,dc=ac,dc=uk?one
nss_base_hosts          ou=Hosts,dc=adastral,dc=ucl,dc=ac,dc=uk?one
ssl start_tls


Thanks,

Neil.


-- 
Neil Marjoram.
Systems Manager
University College London
Adastral Park Campus
Martlesham Heath
Ipswich
Suffolk
IP5 3RL

01473 663711

More information about the samba mailing list