[Samba] Domain logons w/ LDAP backend
Adam Tauno Williams
adamtaunowilliams at gmail.com
Fri Apr 4 12:22:44 GMT 2008
On Thu, 2008-04-03 at 17:28 -0700, Tom Smith wrote:
> I have multiple Samba servers working very well using the tdbsam
> backend. The number of servers is becoming harder to manage now so I
> began testing an LDAP-based Samba server. Everything works great
> except when a workstation tries to login to the domain...
> All users are able to login just fine when accessing network shares.
> Workstation are able to join the domain. But upon reboot, they're not
> able to login to the domain.
> Here's what I'm using:
> CentOS 4
> Samba 3.0.10
> OpenLDAP 2.2.13
> Windows XP Pro
Yikes. All of this is *very* old. OpenLDAP has been in the 2.3.x
family for years, and Samba 3.0.10 is years old. And RedHat's OpenLDAP
packages are total crap (search the archives of *any* LDAP related
list). You can get sensible OpenLDAP 2.3.x packages from
RHEL5/CentOS5 built by someone who knows what they are doing. Don't
deploy a production LDAP server using RedHat's antique and lousy
packages; if you do, and then need assistance, any post on any OpenLDAP
list is going to be met with an immediate "upgrade your software"
> The error message I get on the client is: "Windows cannot connect to
> the domain either because the domain controller is down or otherwise
> unavailable or because your computer account was not found." This
> happens on every computer.
> My server logs are filled with these messages: "[2008/04/01 13:48:22,
> 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was
> Transport endpoint is not connected"
This error is spurious and probably completely unrelated to your
problem. Try increasing your debug level to 10 so you can see what the
real failure is
Adam Tauno Williams, Network & Systems Administrator
Consultant - http://www.whitemiceconsulting.com
Developer - http://www.opengroupware.org
More information about the samba