[Samba] Domain authentification problem with LDAP

James Taylor jtaylor at laszlosystems.com
Fri Mar 17 20:27:42 GMT 2006

It could be ACL's but I am wondering how your /etc/ldap.conf file looks.
Also, does the Domain Users group have the sambaGroupMapping objectClass?
Also is it associated with the right samba Domain under the sambaSID?
Otherwise the domain won't refer to that group.


-----Original Message-----
From: Daniel Tousignant [mailto:daniel_tousignant at travelcom.com] 
Sent: Friday, March 17, 2006 12:08 PM
To: James Taylor
Cc: samba at lists.samba.org
Subject: Re: [Samba] Domain authentification problem with LDAP

The objectclass sambaSAMAccount and subsequent fields have been
created. We are using the standard perl script tools that are installed
the mandriva 2006 distro (samba 3.0.13 and openldap 2.3.6).
What I really do not understand is that if I put a user in the standard
group "Domain Admins" (gid=512), the user is able to logon to the domain,
but not 
when it is in the "Domain Users" group (gid=513). What is the big
difference for Samba
between the two's ? Can it be an ACL problems ?

"James Taylor" <jtaylor at laszlosystems.com> a écrit:
>The LDAP users you have created (including the machines) need to have the
>objectclass: sambaSAMAccount and the subsequent fields.  What are your
>add scripts and machine add scripts you are using.  Also, I have found
>the IDEALX tools have an error in the smbldap-useradd script which
>that when you use the add machine switch the sambaSAMAccount information
>not added to the LDAP database.  I do have a copy of this modified file if
>you need it.  Otherwise if you can edit the script yourself.
>-----Original Message-----
>From: samba-bounces+jtaylor=laszlosystems.com at lists.samba.org
>[mailto:samba-bounces+jtaylor=laszlosystems.com at lists.samba.org] On Behalf
>Of Daniel Tousignant
>Sent: Friday, March 17, 2006 9:11 AM
>To: samba at lists.samba.org
>Subject: [Samba] Domain authentification problem with LDAP
>We use samba 3.0.13 and openldap 2.3.6
>Members of the ldap group "Domain Admins" are working fine, but
>members of the group "Domain Users" can not login to the domain,
>and do not have access to the shares. Also, we are unable to join
>a windows xp workstation to the domain.
>Can anyone give me a hint where to start looking ... 
>Thank you
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/listinfo/samba

Daniel Tousignant
Support informatique
Intair Transit
Courriel : daniel_tousignant at travelcom.com
Telephone : (514) 286-8515 poste 3326

More information about the samba mailing list