[Samba] master.password instead of LDAP database.

Fri Dec 23 10:21:17 GMT 2005

Good day.

Help me please to solve my problem to login a user to samba domain.
Samba accepts user authorisation only if a user account exists both in 
master.password and LDAP database.
Note that uid and gid are taken from master.password instead of LDAP 
database.
Why?

my smb.cf

[global]
	dos charset = CP866
	unix charset = KOI8-R
	workgroup = FISH
	server string = Samba Server
	passdb backend = ldapsam:ldap://localhost
	passwd program = /usr/local/smbLDAPtools/sbin/smbldap-passwd
	log file = /var/log/samba/log.%m
	max log size = 50
	load printers = No
	add user script = /usr/local/smbLDAPtools/sbin/smbldap-useradd -a -m %u
	delete user script = /usr/local/smbLDAPtools/sbin/smbldap-userdel %u
	add group script = /usr/local/smbLDAPtools/sbin/smbldap-groupadd -p %g
	delete group script = /usr/local/smbLDAPtools/sbin/smbldap-groupdel %g
	add user to group script = /usr/local/smbLDAPtools/sbin/smbldap-groupmod -m %u %g
	delete user from group script = /usr/local/smbLDAPtools/sbin/smbldap-groupmod -x %u %g
	set primary group script = /usr/local/smbLDAPtools/sbin/smbldap-usermod -g %g %u
	add machine script = /usr/local/smbLDAPtools/sbin/smbldap-useradd -w -i %u
	domain logons = Yes
	os level = 60
	preferred master = Yes
	domain master = Yes
	dns proxy = No
	wins support = Yes
	ldap admin dn = cn=root,dc=offs,dc=tp
	ldap group suffix = ou=Groups
	ldap idmap suffix = ou=Idmap
	ldap machine suffix = ou=Computers
	ldap suffix = dc=offs,dc=tp
	ldap ssl = no
	ldap user suffix = ou=Users

Error message:

User serg in passdb, but getpwnam() fails!

nsswitch.conf

group: files ldap
group_compat: nis
hosts: files
networks: files
passwd: files ldap
passwd_compat: nis
shells: files

serg.ldif
#-------------------------------------------------------------------------------
# This file has been generated on 12.23.2005 at 12:16 from 192.168.1.254:389
# by Softerra LDAP Browser 2.6 (http://www.ldapbrowser.com)
#-------------------------------------------------------------------------------
version: 1
dn: uid=serg,ou=Users,dc=offs,dc=tp
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: serg
sn: serg
uid: serg
uidNumber: 1002
gidNumber: 513
homeDirectory: /home/serg
loginShell: /sbin/nologin
gecos: System User
description: System User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: System User
sambaSID: S-1-5-21-2252347010-2415896038-3271642905-3004
sambaPrimaryGroupSID: S-1-5-21-2252347010-2415896038-3271642905-513
sambaLogonScript: serg.bat
sambaProfilePath: \\offs\profiles\serg
sambaHomePath: \\offs\serg
sambaHomeDrive: Z:
sambaLMPassword: C2265B23734E0DACAAD3B435B51404EE
sambaAcctFlags: [U]
sambaNTPassword: 69943C5E63B4D2C104DBBCC15138B72B
sambaPwdLastSet: 1135351413
sambaPwdMustChange: 1139239413
userPassword: {SSHA}ZUR6trRjWg9PigrZbQAKXQ01gHx2OTBX

Software:
FreeBSD 6.0
samba-3.0.14a_1
nss_ldap-1.239
openldap-client-2.2.27
openldap-server-2.2.27
p5-perl-ldap-0.33
pam_ldap-1.8.0
smbldap-tools-0.9.1_1