[Samba] Re: samba Digest, Vol 59, Issue 28

jayendren anand maduray jayendren at hivsa.com
Wed Nov 28 13:14:37 GMT 2007

Hi All,
Thanks for the prompt response, please see me notes:

jayendren anand maduray escreveu:
> Hi All.
> I have a SAMBA PDC that uses LDAP as its back end.
> The OS, is UBUNTU 6.10 Server.
> SAMBA Version is 3.022
> The problem is, when a client logs onto the Domain, he presses 
> Control+Alt+Del, and chooses Change Password.
> He types in the old password, then the new one, and confirms this.
> When he clicks on OK, it thinks for a bit (about 30 seconds) and then 
> says:
> "The system cannot change your password now because the domain 
> RIVONINGO.HIVSA is not available"
> This used to work before, and works fine on another server, with the 
> identical settings.
> The log file for the computer says:
> [2007/11/27 16:00:11, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2171)
> ldapsam_search_one_group: Problem during the LDAP search: LDAP error: 
> (No such object)

This says that something wasn't found in LDAP, but doesn't say what or 
where it was looked for.


> ldap suffix = dc=rivoningo,dc=hivsa
> ldap group suffix = 
> ou=smbGroups,ou=soul-calibur,ou=smbServers,dc=rivoningo,dc=hivsa
> ldap user suffix = 
> ou=smbUsers,ou=soul-calibur,ou=smbServers,dc=rivoningo,dc=hivsa
> ldap machine suffix = 
> ou=smbComputers,ou=soul-calibur,ou=smbServers,dc=rivoningo,dc=hivsa
> ldap idmap suffix = 
> ou=smbUsers,ou=soul-calibur,ou=smbServers,dc=rivoningo,dc=hivsa

I didn't understood why did you crated your DIT that way, but ...

*>I have many servers.*

 From smb.conf man page:

ldap suffix (G)
Specifies the base for all ldap suffixes and for storing the sambaDomain 

The ldap suffix will be appended to the values specified for the ldap 
user suffix, ldap group suffix, ldap
machine suffix, and the ldap idmap suffix. Each of these should be given 
only a DN relative to the ldap suf-

Default: ldap suffix =

Example: ldap suffix = dc=samba,dc=org

ldap user suffix (G)
This parameter specifies where users are added to the tree. If this 
parameter is unset, the value of ldap suf-
fix will be used instead. The suffix string is pre-pended to the ldap 
suffix string SO USE A PARTIAL DN.

Default: ldap user suffix =

Example: ldap user suffix = ou=people


So take a look at the "SO USE A PARTIAL" part, it worth for all 
organizational units suffixes.
*>I have set to use partial, restarted samba and slapd, and I still receive:
**>"The system cannot change your password now because the domain 
RIVONINGO.HIVSA is not available"
 > or "The system cannot change your password at this time"
 >When I try to change the password
 >The log entry is:
 >[2007/11/28 14:44:04, 0] lib/debug.c:reopen_logs(597)
 >  Unable to open new log file /var/log/samba/log.computername: 
Permission denied

**>Is there something else I can try?***

God bless.


Jayendren Anand Maduray
Microsoft Certified Professional
Network Plus
Senior IT Administrator

Perinatal HIV Research Unit
Wits Health Consortium
University of the Witwatersrand

Alternate email address: jayendren at mweb.co.za
Fax Number: 0866857317

...There are 10 types of people, 
those who understand binary 
and those who do not...

More information about the samba mailing list