[Samba] Re: Need help with IDMAP storage in LDAP using Winbind

paul kölle paul at subsignal.org
Tue Sep 27 17:08:13 GMT 2005

Kristof Bruyninckx wrote:
> Hi, I removed the entry for "cn=manager,dc=thales,dc=be" and checked
> with ldapmodigy if I could change the existing NIS users, which seems to
> still work.
> Now I added a user called Admin , output from slapcat :
no, you have not. You authenticate with a DN and a password so a "user"
object in LDAP is identified with a DistinguishedName, not something
with a cn=whatever attribute.
> Any ideas off what I'm doing wrong?

Your accounts are still messed up. You create an entry with DN
uid=root,ou=Idmap,dc=thales,dc=be but your "admin dn" is
"cn=Admin,dc=thales,dc=be" how is that supposed to work?

given the admin should not be used for other stuff (think of least
privileges model;) it could look like:

dn: uid=samba,ou=services,dc=thales,dc=be
objectClass: top
objectClass: simpleSecurityObject
objectClass: account
uid: samba
userPassword: {CLEARTEXT}whatever
description: DN for samba

then you would do:
1. change the ou to your needs
2. change the password
3. fix your ACLs
3. put exactly that DN in your smb.conf
4. run: smbpasswd -w <DN as in "ldap admin dn"> -> type in password from
step 2.

Of course you can use whatever DN you like, it needs just a userPassword


More information about the samba mailing list