Fwd: [Samba] Samba-PDC+LDAP Domain logon problem

John Drescher drescherjm at gmail.com
Mon May 14 14:33:43 GMT 2007 

---------- Forwarded message ----------
From: John Drescher <drescherjm at gmail.com>
Date: May 14, 2007 10:33 AM
Subject: Re: [Samba] Samba-PDC+LDAP Domain logon problem
To: Aki Vuorinen <akiv at edu.lahti.fi>


On 5/14/07, Aki Vuorinen <akiv at edu.lahti.fi> wrote:
> Hello!
>
> I have Samba with LDAP password backend.
> -Logging to shell works with ldap accounts
> -Logging to smb-share works with ldap accounts
> -Adding computers to domain with (shown in conf. file) and without (manually)
> works
>
> But here's my problem:
> -Logging to domain with username & passwd doesn't work
>
> When using smbpasswd -file as backend it works
>
> After 3 days of googling I'm quite bored to find help anywhere else. Can anyone
> help me with this problem..?
>
>
> Thanks,
> Aki
>
>
>
> OS details and conf files:
>
> I'm running:
> Debian lenny with 2.6.18-4
> Samba 3.0.24
> OpenLDAP 2.3.30
>
> -----------------------smb.conf:------------------
>
> [global]
>         workgroup = XXXX
>         passdb backend = ldapsam:ldap://127.0.0.1
>         log level = 1
>         max xmit = 65535
>         time server = Yes
>         deadtime = 15
>         socket options = TCP_NODELAY IPTOS_LOWDELAY
>         add machine script = /usr/local/smbldaptools/smbldap-useradd.pl -w "%m"
>         logon script = logon.bat
>         logon path = \\%N\profiles\%u
>         logon drive = H:
>         domain logons = Yes
>         os level = 65
>         preferred master = Yes
>         domain master = Yes
>         wins proxy = Yes
>         wins support = Yes
>         ldap admin dn = cn=admin,dc=XXXX
>         ldap group suffix = ou=groups
>         ldap machine suffix = ou=machines
>         ldap suffix = dc=XXXX
>         ldap user suffix = ou=users
>         dos filetime resolution = Yes
>
> [homes]
>         read only = No
>
> [netlogon]
>         path = /home/netlogon
>         browseable = No
>
> [profiles]
>         path = /home/profiles
>         read only = No
>         create mask = 0600
>         directory mask = 0700
>         browseable = No
>
>
You seem to be missing IDEALX entries:

add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"
add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u"
add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"
add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u"


  passwd program = /opt/IDEALX/sbin/smbldap-passwd -p %n  %u


John


-- 
John M. Drescher

More information about the samba mailing list