[Samba] NT_STATUS_LOGON_FAILURE with ldap backend

Luca Ferrari fluca1978 at infinito.it
Mon Feb 25 08:55:04 GMT 2008

Hi all,
I've configured my samba server to work with my ldap backend, the 
configuration of ldap is correct and in fact my users can interactively 
login. The problem is with samba, that is always returning a 
NT_STATUS_LOGON_FAILURE when a user tries to access a share. I'm in doubt if 
I have to add ldap accounts through the ldap-tools of samba or not, at the 
moment I did not add any account to samba (thinking it should read them from 
the ldap server directly). In the logs I'm not able to find anything useful, 
does anyone have any clue?

The following is an excerpt of my configuration file:

netbios name      = SEDELDAP
workgroup = LDAP
security = user
passdb backend = ldapsam:ldap://localhost/
obey pam restrictions = no
ldap admin dn = cn=admin,dc=myDomain,dc=com
ldap suffix = dc=myDomain, dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
ldap passwd sync = Yes
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
domain logons = yes

        browsable = no
        available = no
        guest ok  = no
        valid users = luca
        writable = yes
        printable = no

Any idea about that?


More information about the samba mailing list