[Samba] Users can't login on Samba+Ldap

dogbert at infinito.it dogbert at infinito.it
Mon May 11 12:25:05 GMT 2009


I've migrated from an old samba installation (Samba as PDC) that used TDB
backend for password.

I've setup a box with ubuntu and samba 3 + ldap and I imported the old
Old users works fine.

I have problems with new users and machines.

Old users works but they don't show up with smbldap-usershow command and
I've problem in changing their passwords. If I check the ldap db I can find
them (with both ldapsearch and slapcat).

New users created with smbldap-useradd can be seen with smbldap-usershow
command but can't make a logon on workstation

If I join a workstation (directly by the workstation) it is added to ldap db
but it doesn't see the domain until I manually add an entry for it in

Checking the user entry for two users I can find the following differences.
BERENICE is an user imported from the old system and is working fine:
dn: uid=berenice,ou=Users,dc=DOMAIN,dc=IT
uid: berenice
sambaSID: S-1-5-21-1234567890-123456789-123456789-2018
sambaPrimaryGroupSID: S-1-5-21-1234567890-123456789-123456789-513
displayName: berenice
sambaLogonTime: 0
sambaLogoffTime: 4294967295
sambaKickoffTime: 4294967295
sambaPwdCanChange: 1161193814
sambaPwdMustChange: 4294967295
sambaLMPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
sambaNTPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
sambaPwdLastSet: 1161193814
sambaAcctFlags: [U          ]
sambaBadPasswordCount: 0
sambaBadPasswordTime: 0
objectClass: sambaSamAccount
objectClass: account
structuralObjectClass: account
entryUUID: af11fe14-8e7a-102d-9b4e-27169ab1b87f
creatorsName: cn=admin,dc=DOMAIN,dc=IT
createTimestamp: 20090214003220Z
entryCSN: 20090214003220.132569Z#000000#000#000000
modifiersName: cn=admin,dc=DOMAIN,dc=IT
modifyTimestamp: 20090214003220Z

ADAM is a fresly created user and can't logon to workstation:
dn: uid=adam,ou=Users,dc=DOMAIN,dc=IT
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: adam
sn: adam
givenName: adam
uid: adam
uidNumber: 1004
gidNumber: 513
homeDirectory: /home/adam
loginShell: /bin/bash
gecos: System User
structuralObjectClass: inetOrgPerson
entryUUID: f9326600-8e7a-102d-9bb5-27169ab1b87f
creatorsName: cn=admin,dc=DOMAIN,dc=IT
createTimestamp: 20090214003424Z
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: adam
sambaSID: S-1-5-21-1234567890-123456789-123456789-3008
sambaPrimaryGroupSID: S-1-5-21-1234567890-123456789-123456789-513
sambaLogonScript: logon.bat
sambaProfilePath: \serverprofilesadam
sambaHomePath: \serveradam
sambaHomeDrive: C:
sambaLMPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
sambaAcctFlags: [U]
sambaNTPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
sambaPwdLastSet: 1234571674
sambaPwdMustChange: 1238459674
userPassword:: e1NTSEF9SStEUWVhay9tV2ROTGtOZy9QSlRqTDIrdmM1d1V6ZE4=
shadowLastChange: 14289
shadowMax: 45
entryCSN: 20090214003434.475223Z#000000#000#000000
modifiersName: cn=admin,dc=DOMAIN,dc=IT
modifyTimestamp: 20090214003434Z

Any help would be appreciated.

More information about the samba mailing list