[Samba] Users can't login on Samba+Ldap

dogbert at infinito.it dogbert at infinito.it
Mon May 11 15:08:49 GMT 2009

Is this the section that has to be configured in ldap.conf?

#nss_base_passwd        ou=People,dc=padl,dc=com?one
#nss_base_shadow        ou=People,dc=padl,dc=com?one
#nss_base_group         ou=Group,dc=padl,dc=com?one
#nss_base_hosts         ou=Hosts,dc=padl,dc=com?one
#nss_base_services      ou=Services,dc=padl,dc=com?one
#nss_base_networks      ou=Networks,dc=padl,dc=com?one
#nss_base_protocols     ou=Protocols,dc=padl,dc=com?one
#nss_base_rpc           ou=Rpc,dc=padl,dc=com?one
#nss_base_ethers        ou=Ethers,dc=padl,dc=com?one
#nss_base_netmasks      ou=Networks,dc=padl,dc=com?ne
#nss_base_bootparams    ou=Ethers,dc=padl,dc=com?one
#nss_base_aliases       ou=Aliases,dc=padl,dc=com?one
#nss_base_netgroup      ou=Netgroup,dc=padl,dc=com?one

because all the directives are commented excepted the following:
base dc=DOMAIN,dc=IT
binddn cn=anonymous,dc=DOMAIN,dc=IT
bindpw xxxxxxx
ldap_version 3
pam_password md5
rootbinddn cn=admin,dc=dc=DOMAIN,dc=IT
uri ldap://

	> /etc/ldap.conf has to include a lookup for passwd in the ou=Computers
section or machines have to be duplicated in /etc/passwdjust find the one
for Users and add a similar one for Computers.From: "dogbert at infinito.it"
<dogbert at infinito.it>To: Adam Williams
<awilliam at mdah.state.ms.us>Cc: samba at lists.samba.orgSent: Monday, 11
May, 2009 7:35:01Subject: Re: [Samba] Users can't login on Samba+LdapYes,
this is the [GLOBAL] section of my smb.conf[global]     
  dos charset = 850        unix charset =
ISO8859-1        workgroup = DOMAIN.IT   
    server string = SERVERNAME        map to
guest = Bad User        passdb backend =
ldapsam:ldap://localhost/        syslog = 0   
    log file = /var/log/samba/%m        max
log size = 100000        smb ports = 3D 139   
    time server = Yes        deadtime =
10        socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192        printcap name = cups 
>        add user script = /usr/sbin/smbldap-useradd -m
"%u"        delete user script =
/usr/sbin/smbldap-userdel "%u"        add group script =
/usr/sbin/smbldap-groupadd -p "%g"        add user to
group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"     
  delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u""%g"        set primary group script =
/usr/sbin/smbldap-usermod -g '%g' '%u'        add
machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"     
  logon script = logon.bat        logon path
=        logon drive = C:       
logon home =        domain logons = Yes   
    os level = 15        preferred
>  master = Yes        domain master = Yes   
    wins support = Yes        ldap admin dn =
cn=admin,dc=DOMAIN,dc=IT        ldap group suffix =
ou=Groups        ldap machine suffix =
ou=Computers        ldap passwd sync = Yes   
    ldap suffix = dc=DOMAIN,dc=IT        ldap
user suffix = ou=Users        create mask = 0640 
      directory mask = 0750        nt acl
support = No        case sensitive = No   
    dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd>
> > do you have   ldap machine suffix = ou=Computers> in
smb.conf?> > dogbert at infinito.it wrote:> >> > If I
join a workstation (directly by the workstation) it is added toldap db>
> but it doesn't see the domain until I manually add an entry for it
in> > /etc/passwd> >> >   > > -- To
unsubscribe from this list go to the following URL and read
theinstructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list