[Samba] Unable to set/authenticate to correct domain...

Matt Anderson sokkerstud_11 at hotmail.com
Mon Jun 4 21:16:43 GMT 2007

Dear Help,I am running Samba 3.0.25 on AIX 5.3 (installed from the binaries available on samba.org including the base install -- openldap, etc.) and have set it up to authenticate to LDAP directories on two different servers (one of them set up as a samba PDC and the other as a samba BDC) in the usual way:[global]workgroup = mydomaindomain master = no...passdb backend = ldapsam:"ldaps://...security = domainnetbios name = p505...And I have a share set up like the following:[shared]    comment = shared files    path = /tmp/shares/testshare    valid users = test     read only = no    write list = test    browseable = Yes(It will be good to note that user 'test' belongs to group 'testers'.  Both 'test' and 'testers' are in the LDAP directory)The problem I am having is that I get an "Access is denied" error when I try to connect as user test.  However, if I change the share to the following:[shared]
    comment = shared files
    path = /tmp/shares/testshare
    valid users = +testers 
    read only = no
    write list = +testers
    browseable = YesI can log in as user 'test' just fine.  So, naturally, I went digging into the log file and found the following issues:1) It is successfully authenticating user 'test' and getting the correct SID values for the user and group 'testers', but they don't have any privileges:...get_privileges: No privileges assigned to SID [insert-test-SID-here]...get_privileges: No privileges assigned to SID [insert-testers-SID-here]...User test with invalid SID [insert-test-SID-here] in passdb...user 'test' (from session setup_ not permitted to access this share (shared)...NT_STATUS_ACCESS_DENIEDSo, I then went on to run the smbd process in interactive mode (with the -i option) to see what was going on there and discovered the following:...smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=P505))]...I think that this is where the problem is.  For some reason it is searching for sambaDomainName P505 (which is the host name of the machine, and specified as netbios name in smb.conf) instead of sambaDomainName mydomain (which is the domain that the machine belongs to, and is specified as the workgroup name in smb.conf).Is there a way to set what domain it is searching for?  If so, where and when does that happen?On a side note, when I start smbd, it is currently creating a P505 domain object in the LDAP directory if it doesn't already exist.  So, if I delete it, it just keeps recreating it.  My guess is that if I can get this samba installation to look at the mydomain object instead, things will start working.Any thoughts, help, wisdom or insight would be greatly appreciated.  Thanks!-Matt
Hotmail to go? Get your Hotmail, news, sports and much more! Check out the New MSN Mobile! 

More information about the samba mailing list