[Samba] Samba 3 LDAP backend cannot authenticate

Brad Askew Brad.Askew at Tsch.biz
Wed Dec 6 21:53:47 GMT 2006 

John Drescher wrote:
> On 12/6/06, Brad Askew <Brad.Askew at tsch.biz> wrote:
>> I am trying to setup a samba3 pdc using samba 3.0.21b with openldap
>> backend, running freebsd 6.1 release, and openldap server is version
>> 2.2.30. The short of it is: I cannot get any of my windows boxes to join
>> the domain. Also no ldap cn entries can login to the server, but if I
>> attempt to login to say #su user1, where user1 is an entry in the LDAP
>> directory, but does not have a unix account I can see that LDAP gets the
>> search query, but I am still not able to log in. I basically do not know
>> where to trouble shoot? Please any suggestions would be greatly
>> appreciated. Thanks.
>>
> Can you give a brief description on your setup and what you have done
> as from the description you have given I can only guess. Are you using
> the smbldap_tools from IDEALX? How did you configure your ldap server?
> Have you set up users for the machines? ...
>
> John
>
Sure thing.

I am using the idealx smbldap_tools. I used smbldap-populate to populate 
the directory. I have the following lines in slapd.conf
<snip>
include  /usr/local/etc/openldap/schema/core.schema
include  /usr/local/etc/openldap/schema/cosine.schema
include  /usr/local/etc/openldap/schema/inetorgperson.schema
include  /usr/local/etc/openldap/schema/nis.schema
include  /usr/local/etc/openldap/schema/samba.schema
<snip>

Aside from using smbldap-populate, the directory is pretty flat, I used 
smbldap-useradd to add one user to the directory. I have set up the 
indices as follows.

<snip>
index   objectClass        eq
 
index cn                pres,sub,eq
index sn                pres,sub,eq
## required to support pdb_getsampwnam
index uid              pres,sub,eq
## required to support pdb_getsambapwrid
index displayName       pres,sub,eq
## uncomment these if you are storing posixAccount
## and posixGroup in the directory as well
index uidNumber  eq
index gidNumber  eq
index memberUID  eq
 
index sambaSID      eq
index sambaPrimaryGroupSID      eq
index sambaDomainName      eq
index default         sub
<snip>

If you need more info on ldap, let me know. I added a machine account 
for the machines using the smbldaptools using the netbios name of the 
client machine followed by a $.

-- 
Brad

More information about the samba mailing list