[Samba] Samba PDC With LDAP Backend, Failed to initialise SAM_ACCOUNT for user

zdennis zdennis at mktec.com
Tue Jul 11 17:35:28 GMT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have seen this problem posted several times and the common answer doesn't seem to be doing it for me.

Here's the error:

Trying to load: ldapsam_compat:ldap://127.0.0.1/
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend NDS_ldapsam
Successfully added passdb backend 'NDS_ldapsam'
Attempting to register passdb backend NDS_ldapsam_compat
Successfully added passdb backend 'NDS_ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match ldapsam_compat:ldap://127.0.0.1/ (ldapsam_compat)
Found pdb backend ldapsam_compat
pdb backend ldapsam_compat:ldap://127.0.0.1/ has a valid init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
smbldap_search_ext: base => [dc=mktec,dc=com], filter => [(&(uid=Aries$)(objectclass=sambaAccount))], scope => [2]
The connection to the LDAP server was closed
smb_ldap_setup_connection: ldap://127.0.0.1/
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://127.0.0.1/ as "cn=admin,dc=mktec,dc=com"
ldap_connect_system: succesful connection to the LDAP server
Failed to initialise SAM_ACCOUNT for user Aries$. Does this user exist in the UNIX password database ?
Failed to modify password entry for user Aries$
ldap_connect_system: LDAP server does support paged results
The LDAP server is succesfully connected
ldapsam_getsampwnam: Unable to locate user [Aries$] count=0
Finding user Aries$
Trying _Get_Pwnam(), username as lowercase is aries$
Trying _Get_Pwnam(), username as given is Aries$
Trying _Get_Pwnam(), username as uppercase is ARIES$
Checking combinations of 0 uppercase letters in aries$
Get_Pwnam_internals didn't find user [Aries$]!


Here is the configuration:

- -----------START CONFIGURATION-------------------
[global]
workgroup = mktec.com
netbios name = MKTEC
server string = %h server (Samba %v)
wins support = yes
dns proxy = yes
name resolve order = wins lmhosts host bcast
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true

passdb backend = ldapsam_compat:ldap://127.0.0.1/
obey pam restrictions = no
invalid users = root

ldap admin dn = cn=admin,dc=mktec,dc=com
ldap suffix = dc=mktec,dc=com
ldap group suffix= ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Users
ldap idmap suffix = ou=Users
ldap ssl = no

passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated*

add user script = /usr/sbin/smbldap-useradd -m "%u"

ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
enable privileges = yes

domain logons = yes
domain master = yes
preferred master = yes
local master = yes

load printers = no
socket options = TCP_NODELAY

[netlogon]
   comment = Network Logon Service
   path = /var/lib/samba/netlogon
   guest ok = yes
   read only = yes
   write list
   writable = no
   share modes = no

[profiles]
   comment = Users profiles
   path = /var/lib/samba/profiles
   read only = no
   guest ok = no
   browseable = no
   create mask = 0600
   directory mask = 0700
- -----------END CONFIGURATION-------------------

I mapped the ldap machine suffix to ou=Users rather then ou=Computers because of previous message on the mailing list which
suggested there was a bug in Samba3. It doesn't seem to work either way, as it results in the exact same error message. My LDAP
directory layed out with the basic Users, Computers, Groups organizational units in existance.

I am running on a Ubuntu Dapper server:
  samba 3.0.22-1
  openldap (slapd) 2.2.26-5

Any input or help is greatly appreciated. Thanks,

Zach




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFEs+FgMyx0fW1d8G0RAmfwAJ0YSw/9CW+hJ0fvwbO/GozZsRN5ZQCfVCM/
MkuJjeCo+bjRZFXZM7TSUY0=
=Eyju
-----END PGP SIGNATURE-----

More information about the samba mailing list