[Samba] Samba & LDAP, with XP and Linux clients

Dave Beach drbeach at rogers.com
Fri Jun 19 10:36:35 GMT 2009

Hello list! I believe I may not have a Samba problem, but rather an LDAP
directory problem. I'm hoping to be redirected towards a more appropriate
mailing list to which I can post.

I have a Slackware server running Samba and OpenLDAP, and my WinXP clients
authenticate just fine. I migrated from an smbpasswd backend to OpenLDAP
with a BD backend some time ago, using the migration tools provided with
smbldap-tools. Everything has been working fine.

I now want to bring a Ubuntu workstation online, and authenticate to the
same LDAP database. I've understood that my previous approach was wrong
(trying to somehow get the Ubuntu box to join the domain), and that I
instead need to use nss and pam to point directly to the LDAP database on
the Slackware server. So far, so good. Ubuntu packages sourced and

Executing "getent group" on the Ubuntu client produces the expected results.
Executing "getent passwd" does not; it only shows me a subset of the user
accounts (notably, not my own account which was created prior to migration).
Fiddling about with a couple of Windows-based ldap query clients, I can see
that there seem to be some differences between accounts that were created
pre-migration and those created post-migration. As an example, accounts
created post-migration seem to have different "objectClass" attributes and
values associated with them than do accounts created pre-migration - and the
post-migration accounts are all visible with "getent passwd" on the Ubuntu
client. Also, the pre-migration accounts have the "account" objectClass
associated with them, while the post-migration accounts have the "person"
objectClass associated with them. The post-migration accounts also seem to
have the "posixAccount" object class associated with them. There are other
differences, but these strike me (in my ignorance) as possibly being the
source of the problem.

In case it isn't obvious, I have zero LDAP experience other than this
futzing around I'm doing. It seems fairly obvious that I need to somehow
alter the pre-migration accounts in some way to make them more like the
post-migration accounts, such that I can then log onto the Ubuntu client
with the same user ID with which I log onto the WinXp clients. I'm reluctant
to do much so far, in fear that I'll manage to irreparably damage the
pre-migration accounts (somehow lose the SID, etc) such that they'll need to
be re-created, with all the pain that entails on the WinXP clients (I use
local profiles only on the WinXP boxes).

So, as I said, probably not a Samba problem per se. Would someone be so kind
as to suggest the proper list in which I can post this problem?

Thanks very much in advance.

More information about the samba mailing list