[Samba] Users can't login on Samba+Ldap

ray klassen julius_ahenobarbus at yahoo.co.uk
Mon May 11 14:45:56 GMT 2009

/etc/ldap.conf has to include a lookup for passwd in the ou=Computers section or machines have to be duplicated in /etc/passwd

just find the one for Users and add a similar one for Computers.

From: "dogbert at infinito.it" <dogbert at infinito.it>
To: Adam Williams <awilliam at mdah.state.ms.us>
Cc: samba at lists.samba.org
Sent: Monday, 11 May, 2009 7:35:01
Subject: Re: [Samba] Users can't login on Samba+Ldap

Yes, this is the [GLOBAL] section of my smb.conf

        dos charset = 850
        unix charset = ISO8859-1
        workgroup = DOMAIN.IT
        server string = SERVERNAME
        map to guest = Bad User
        passdb backend = ldapsam:ldap://localhost/
        syslog = 0
        log file = /var/log/samba/%m
        max log size = 100000
        smb ports = 3D 139
        time server = Yes
        deadtime = 10
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        printcap name = cups
        add user script = /usr/sbin/smbldap-useradd -m "%u"
        delete user script = /usr/sbin/smbldap-userdel "%u"
        add group script = /usr/sbin/smbldap-groupadd -p "%g"
        add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
        delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
        set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
        add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
        logon script = logon.bat
        logon path =
        logon drive = C:
        logon home =
        domain logons = Yes
        os level = 15
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        ldap admin dn = cn=admin,dc=DOMAIN,dc=IT
        ldap group suffix = ou=Groups
        ldap machine suffix = ou=Computers
        ldap passwd sync = Yes
        ldap suffix = dc=DOMAIN,dc=IT
        ldap user suffix = ou=Users
        create mask = 0640
        directory mask = 0750
        nt acl support = No
        case sensitive = No
        dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd

> do you have   ldap machine suffix = ou=Computers
> in smb.conf?
> dogbert at infinito.it wrote:
> &gt;
> &gt; If I join a workstation (directly by the workstation) it is added to
ldap db
> &gt; but it doesn't see the domain until I manually add an entry for it in
> &gt; /etc/passwd
> &gt;
> &gt;  

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


More information about the samba mailing list