[Samba] Problem with PDC OpenLDAP logon at Win2K/XP ( Solved )
nicos at spb.cityline.ru
Wed May 25 08:52:23 GMT 2005
>> I've installed Fedora Core 3 (Test 3, kernel 2.6.8x), with Samba 3.0.8
>> OpenLDAP 2.2.13 . I've smb.conf, slapd.conf, ldap.conf,
>> /etc/pam.d/system-auth, nsswith.conf almost same as described on Idealx
>> site. I've very strange thing. If I add user ( for this operation I use
>> smbldap-tools), I can log on by this user at my unix host (for example by
>> ssh), I can logon by this user to Samba Domain at Win9x workstation, I
>> see this user using 'getent passwd' command, I can see this user in Samba
>> database using "pdbedit -Lv" command, but I can't logon by same user at
>> every Win2k/XP workstations ( before I added those workstations to Samba
>> domain successfully). By investigating I understand if I manually add
>> user in /etc/passwd ( I do it using vipw ) without setting password for
>> user, then I can log on this user at WIn2k/XP.
>> But why ?
> It is likely that your NSS_LDAP configuration is not working.
> Have you installed nss_ldap?
>- John T.
>> If I get positive reaction on ssh login ( this user can do it), and I see
>> user by 'getent passwd', so Unix user account operate. (if I understand
>> pam_ldap works right).
>> If I see Samba user account 'pdbedit -Lv' command, and I can logon by
>> at Win9x ( I can see share NETLOGON on PDC from Win9x), so Samba account
>> Thank you for advance for any reaction.
>> Nikolay Segreyev
> John H Terpstra
> Samba-Team Member
> Phone: +1 (650) 580-8668
> The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
> Samba-3 by Example, ISBN: 0131472216
> Hardening Linux, ISBN: 0072254971
> Other books in production.
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
I solve my problem, permissions on some attributes in LDAP Directory wasn't
right, in particuler on name, in consiquence if I add name of user in
/etc/passwd, getpwnam() can take name from passwd, then user can logon at
Win2k/XP, but I don't understand why user could logon at Win9x without name,
strange...(didn't samba make getpwnam call ? strange...)
More information about the samba