[Samba] Domain authentification problem with LDAP

Craig White craigwhite at azapple.com
Fri Mar 17 18:57:35 GMT 2006

#1 - click on the 'English flag' button - et voila, English

#2 - you should at least state which smbldap-tools you are speaking of
that you have fixed so others have a chance to compare and where you got
it from, idealx.com or from your distribution, and report the issue to
the place where it came from.

#3 - people are likely to ask you for if they are struggling and they
don't know why and you authoritatively suggest that your solution will
fix things for them. I think we had a very recent issue where that
wasn't the problem but the problem lied in his pam/ldap.conf.

#4 - suggesting that people do a complete replace the file that came
packaged with their system by one that you have modified doesn't seem
like the best solution at all...you could offer a 'patch' which should
throw up an alert if the file looks different or just the suggestions
about where you have modified the code and why...in fact, we have a wiki
for that kind of stuff now... http://wiki.samba.org


On Fri, 2006-03-17 at 10:22 -0800, James Taylor wrote:
> I know that the last 2 versions of the script I am working with are missing
> this function when using the -w switch (as documented) it will NOT add the
> sambaSAMAccount information.  I have had several users also request a copy
> of this script from me solving their problems with a similar issue.  It
> seems very odd that there are so many similar issues lately on the posts
> concerning the (I can't connect to the Domain).  Had it not been for the
> fact I decided to look at the script itself I would not have found this
> problem.  Going to the IDEALX site I would love to send them comments but as
> my French is very minimal not too sure where to go.
> Thanks
> James
> -----Original Message-----
> From: Craig White [mailto:craigwhite at azapple.com] 
> Sent: Friday, March 17, 2006 10:09 AM
> To: James Taylor
> Cc: 'Daniel Tousignant'; samba at lists.samba.org
> Subject: RE: [Samba] Domain authentification problem with LDAP
> James - this is the second time you have made that reference to the
> smbldap-useradd script.
> There have been a lot and lot of versions of the smbldap-tools and
> perhaps the version that you are looking at is missing something like
> that but I assure you that most versions aren't.
> Craig
> On Fri, 2006-03-17 at 10:03 -0800, James Taylor wrote:
> > The LDAP users you have created (including the machines) need to have the
> > objectclass: sambaSAMAccount and the subsequent fields.  What are your
> user
> > add scripts and machine add scripts you are using.  Also, I have found
> that
> > the IDEALX tools have an error in the smbldap-useradd script which
> includes
> > that when you use the add machine switch the sambaSAMAccount information
> is
> > not added to the LDAP database.  I do have a copy of this modified file if
> > you need it.  Otherwise if you can edit the script yourself.
> > 
> > James
> > 
> > -----Original Message-----
> > From: samba-bounces+jtaylor=laszlosystems.com at lists.samba.org
> > [mailto:samba-bounces+jtaylor=laszlosystems.com at lists.samba.org] On Behalf
> > Of Daniel Tousignant
> > Sent: Friday, March 17, 2006 9:11 AM
> > To: samba at lists.samba.org
> > Subject: [Samba] Domain authentification problem with LDAP
> > 
> > We use samba 3.0.13 and openldap 2.3.6
> > Members of the ldap group "Domain Admins" are working fine, but
> > members of the group "Domain Users" can not login to the domain,
> > and do not have access to the shares. Also, we are unable to join
> > a windows xp workstation to the domain.
> > Can anyone give me a hint where to start looking ... 
> > 
> > Thank you
> > 
> > 
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> > 

More information about the samba mailing list