[Samba] Unable to set/authenticate to correct domain...

Matt Anderson sokkerstud_11 at hotmail.com
Mon Jun 4 20:08:35 GMT 2007 

Dear Help,I am currently running Samba 3.0.25 on AIX 5.3 (installed from the downloaded binaries from samba.org).  I have configured Samba to authenticate to an LDAP backend on different servers (Two other samba configurations, one set up as PDC the other as BDC) in the usual way: workgroup = mydomain...passdb = ldapsam:"ldaps://...security = domaindomain master = nonetbios name = p505...I have a share set up like the following:[shared]    comment = shared files    path = /tmp/shares/testshare    valid users = test     read only = no    write list = test    browseable = Yes(It will be good to note that user 'test' belongs to a group called 'testers'.  Both 'test' and 'testers' are in the LDAP directory)The main problem is that if I try to connect to the "shared" share, it fails with an access is denied message.  However, if I change the configuration to look like the following:[shared]
    comment = shared files
    path = /tmp/shares/testshare
    valid users = +testers 
    read only = no
    write list = +testers
    browseable = YesI can log in as 'test' and everything works fine.Based on the log files (running smbd with the -i option), I've come up with the following issues:1) It correctly gets the user's SID and group SID but goes on to say that it authenticates successfully, but that the SIDs have no privileges:"get_privileges: No privileges assigned to SID [insert-test-SID-here]"..."get_privileges: No privileges assigned to SID [insert-testers-SID-here]"..."User test with invalid SID [insert-test-SID-here] in passdb"..."user 'test (from session setup) not permitted to access this share (shared)"2) smbd doesn't seem to be searching for the correct domain object in the LDAP directory when it starts up.  Note the following from when I ran smbd -i -d 3:...smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=p505))]...My guess is this is where the problem is.  Instead of searching for the domain "mydomain" (which is the value set for workgroup in smb.conf and the machine is joined to the mydomain domain) it is searching for sambaDomainName p505 -- which is the hostname of the machine (as specified in the value set for netbios name in smb.conf).Is there a way to change what domain smbldap_search_domain_info is looking for?  If so, when and where does that need to take place?  Also, if I delete the p505 domain object from the LDAP directory, the smbd process just creates it again every time it is started since it can't find it.Any help, insight, wisdom or guidance would be most appreciated.  If there's any other information I can provide, just let me know.  Thanks!-Matt
_________________________________________________________________
Make every IM count. Download Windows Live Messenger and join the i’m Initiative now. It’s free.  
http://im.live.com/messenger/im/home/?source=TAGWL_June07

More information about the samba mailing list