[Samba] LDAP auth not working

Mark J. Reed markjreed at mail.com
Fri May 4 05:24:42 GMT 2007

I'm on OS X running samba 3.0.10.   That's what ships with Tiger and
so far I haven't had much luck getting it to compile from source...

I have an LDAP tree set up and working for general UNIX
authentication.  Now I'm trying to get SAMBA working as a PDC.

Once I loaded the Samba schema extension, I thought smbpasswd -a would
do the SAMBAfication of a user, but it complained that the user was
not already in objectClass sambaSAMaccount.

So I used ldapmodify to add that objectclass and the required sambaSID
attribute to my user object.  I don't know if the value of the latter
is correct - I saw somewhere that it should be the SID of the domain
as returned by net getlocalsid, plus -$UID on the end, so that's what
I used.

Then smbpasswd -a seemed to succeed, but didn't actually create an
sambaNTpassword or sambaLMpassword attribute (though it did create
several other samba* attributes); it just modified userPassword
(presumably because I have ldap password sync enabled).   So I
manually added sambaLMpassword and sambaNTpassword. But smbpasswd -a
still didn't touch them.  And I can't authenticate with smbclient
running locally.

I tried manually setting the password attributes to {MD4} plus the MD4
hash of my password; that didn't work either.

Any help getting this to work would be appreciated.

Mark J. Reed <markjreed at mail.com>

More information about the samba mailing list