[Samba] Domain authentification problem with LDAP

Daniel Tousignant daniel_tousignant at travelcom.com
Fri Mar 17 21:09:33 GMT 2006


The only thing that is configured in the ldap.conf file is the 
Base(dc=INTAIR, dc=transit) and Host (localhost) (with no SSL support).
And yes, the objectclass is there with the right sambaSID.
By the way the tools are the IDEALX 0.9.1

"James Taylor" <jtaylor at laszlosystems.com> a écrit:
>It could be ACL's but I am wondering how your /etc/ldap.conf file looks.
>Also, does the Domain Users group have the sambaGroupMapping objectClass?
>Also is it associated with the right samba Domain under the sambaSID?
>Otherwise the domain won't refer to that group.
>
>James
>
>-----Original Message-----
>From: Daniel Tousignant [mailto:daniel_tousignant at travelcom.com] 
>Sent: Friday, March 17, 2006 12:08 PM
>To: James Taylor
>Cc: samba at lists.samba.org
>Subject: Re: [Samba] Domain authentification problem with LDAP
>
>The objectclass sambaSAMAccount and subsequent fields have been
>created. We are using the standard perl script tools that are installed
>with
>the mandriva 2006 distro (samba 3.0.13 and openldap 2.3.6).
>What I really do not understand is that if I put a user in the standard
>ldap
>group "Domain Admins" (gid=512), the user is able to logon to the domain,
>but not 
>when it is in the "Domain Users" group (gid=513). What is the big
>difference for Samba
>between the two's ? Can it be an ACL problems ?
>
>"James Taylor" <jtaylor at laszlosystems.com> a écrit:
>>The LDAP users you have created (including the machines) need to have the
>>objectclass: sambaSAMAccount and the subsequent fields.  What are your
>>user
>>add scripts and machine add scripts you are using.  Also, I have found
>>that
>>the IDEALX tools have an error in the smbldap-useradd script which
>>includes
>>that when you use the add machine switch the sambaSAMAccount information
>>is
>>not added to the LDAP database.  I do have a copy of this modified file
>if
>>you need it.  Otherwise if you can edit the script yourself.
>>
>>James
>>
>>-----Original Message-----
>>From: samba-bounces+jtaylor=laszlosystems.com at lists.samba.org
>>[mailto:samba-bounces+jtaylor=laszlosystems.com at lists.samba.org] On
>Behalf
>>Of Daniel Tousignant
>>Sent: Friday, March 17, 2006 9:11 AM
>>To: samba at lists.samba.org
>>Subject: [Samba] Domain authentification problem with LDAP
>>
>>We use samba 3.0.13 and openldap 2.3.6
>>Members of the ldap group "Domain Admins" are working fine, but
>>members of the group "Domain Users" can not login to the domain,
>>and do not have access to the shares. Also, we are unable to join
>>a windows xp workstation to the domain.
>>Can anyone give me a hint where to start looking ... 
>>
>>Thank you
>>
>>
>>-- 
>>To unsubscribe from this list go to the following URL and read the
>>instructions:  https://lists.samba.org/mailman/listinfo/samba
>
>
>Daniel Tousignant
>Support informatique
>Intair Transit
>Courriel : daniel_tousignant at travelcom.com
>Telephone : (514) 286-8515 poste 3326



Daniel Tousignant
Support informatique
Intair Transit
Courriel : daniel_tousignant at travelcom.com
Telephone : (514) 286-8515 poste 3326



More information about the samba mailing list