[Samba] Users can't login on Samba+Ldap

ray klassen julius_ahenobarbus at yahoo.co.uk
Mon May 11 15:13:34 GMT 2009

nss_base_passwd        ou=Computers,dc=padl,dc=com?one

where Computers is the organizational unit where you've got machine names stored. You'll end up with 2 nss_base_passwd entries, one for users, one for computers...

From: "dogbert at infinito.it" <dogbert at infinito.it>
To: ray klassen <julius_ahenobarbus at yahoo.co.uk>; Adam Williams <awilliam at mdah.state.ms.us>
Cc: samba at lists.samba.org
Sent: Monday, 11 May, 2009 8:08:49
Subject: Re: [Samba] Users can't login on Samba+Ldap

Is this the section that has to be configured in ldap.conf?

#nss_base_passwd        ou=People,dc=padl,dc=com?one
#nss_base_shadow        ou=People,dc=padl,dc=com?one
#nss_base_group         ou=Group,dc=padl,dc=com?one
#nss_base_hosts         ou=Hosts,dc=padl,dc=com?one
#nss_base_services      ou=Services,dc=padl,dc=com?one
#nss_base_networks      ou=Networks,dc=padl,dc=com?one
#nss_base_protocols     ou=Protocols,dc=padl,dc=com?one
#nss_base_rpc           ou=Rpc,dc=padl,dc=com?one
#nss_base_ethers        ou=Ethers,dc=padl,dc=com?one
#nss_base_netmasks      ou=Networks,dc=padl,dc=com?ne
#nss_base_bootparams    ou=Ethers,dc=padl,dc=com?one
#nss_base_aliases       ou=Aliases,dc=padl,dc=com?one
#nss_base_netgroup      ou=Netgroup,dc=padl,dc=com?one

because all the directives are commented excepted the following:
base dc=DOMAIN,dc=IT
binddn cn=anonymous,dc=DOMAIN,dc=IT
bindpw xxxxxxx
ldap_version 3
pam_password md5
rootbinddn cn=admin,dc=dc=DOMAIN,dc=IT
uri ldap://

    > /etc/ldap.conf has to include a lookup for passwd in the ou=Computers
section or machines have to be duplicated in /etc/passwdjust find the one
for Users and add a similar one for Computers.From: "dogbert at infinito.it"
&lt;dogbert at infinito.it&gt;To: Adam Williams
&lt;awilliam at mdah.state.ms.us&gt;Cc: samba at lists.samba.orgSent: Monday, 11
May, 2009 7:35:01Subject: Re: [Samba] Users can't login on Samba+LdapYes,
this is the [GLOBAL] section of my smb.conf[global]&nbsp; &nbsp; &nbsp;
&nbsp; dos charset = 850&nbsp; &nbsp; &nbsp; &nbsp; unix charset =
ISO8859-1&nbsp; &nbsp; &nbsp; &nbsp; workgroup = DOMAIN.IT&nbsp; &nbsp;
&nbsp; &nbsp; server string = SERVERNAME&nbsp; &nbsp; &nbsp; &nbsp; map to
guest = Bad User&nbsp; &nbsp; &nbsp; &nbsp; passdb backend =
ldapsam:ldap://localhost/&nbsp; &nbsp; &nbsp; &nbsp; syslog = 0&nbsp; &nbsp;
&nbsp; &nbsp; log file = /var/log/samba/%m&nbsp; &nbsp; &nbsp; &nbsp; max
log size = 100000&nbsp; &nbsp; &nbsp; &nbsp; smb ports = 3D 139&nbsp; &nbsp;
&nbsp; &nbsp; time server = Yes&nbsp; &nbsp; &nbsp; &nbsp; deadtime =
10&nbsp; &nbsp; &nbsp; &nbsp; socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192&nbsp; &nbsp; &nbsp; &nbsp; printcap name = cups&nbsp;
>  &nbsp; &nbsp; &nbsp; add user script = /usr/sbin/smbldap-useradd -m
"%u"&nbsp; &nbsp; &nbsp; &nbsp; delete user script =
/usr/sbin/smbldap-userdel "%u"&nbsp; &nbsp; &nbsp; &nbsp; add group script =
/usr/sbin/smbldap-groupadd -p "%g"&nbsp; &nbsp; &nbsp; &nbsp; add user to
group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"&nbsp; &nbsp; &nbsp;
&nbsp; delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u""%g"&nbsp; &nbsp; &nbsp; &nbsp; set primary group script =
/usr/sbin/smbldap-usermod -g '%g' '%u'&nbsp; &nbsp; &nbsp; &nbsp; add
machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"&nbsp; &nbsp; &nbsp;
&nbsp; logon script = logon.bat&nbsp; &nbsp; &nbsp; &nbsp; logon path
=&nbsp; &nbsp; &nbsp; &nbsp; logon drive = C:&nbsp; &nbsp; &nbsp; &nbsp;
logon home =&nbsp; &nbsp; &nbsp; &nbsp; domain logons = Yes&nbsp; &nbsp;
&nbsp; &nbsp; os level = 15&nbsp; &nbsp; &nbsp; &nbsp; preferred
>  master = Yes&nbsp; &nbsp; &nbsp; &nbsp; domain master = Yes&nbsp; &nbsp;
&nbsp; &nbsp; wins support = Yes&nbsp; &nbsp; &nbsp; &nbsp; ldap admin dn =
cn=admin,dc=DOMAIN,dc=IT&nbsp; &nbsp; &nbsp; &nbsp; ldap group suffix =
ou=Groups&nbsp; &nbsp; &nbsp; &nbsp; ldap machine suffix =
ou=Computers&nbsp; &nbsp; &nbsp; &nbsp; ldap passwd sync = Yes&nbsp; &nbsp;
&nbsp; &nbsp; ldap suffix = dc=DOMAIN,dc=IT&nbsp; &nbsp; &nbsp; &nbsp; ldap
user suffix = ou=Users&nbsp; &nbsp; &nbsp; &nbsp; create mask = 0640&nbsp;
&nbsp; &nbsp; &nbsp; directory mask = 0750&nbsp; &nbsp; &nbsp; &nbsp; nt acl
support = No&nbsp; &nbsp; &nbsp; &nbsp; case sensitive = No&nbsp; &nbsp;
&nbsp; &nbsp; dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd&gt;
&gt; &gt; do you have&nbsp;  ldap machine suffix = ou=Computers&gt; in
smb.conf?&gt; &gt; dogbert at infinito.it wrote:&gt; &amp;gt;&gt; &amp;gt; If I
join a workstation (directly by the workstation) it is added toldap db&gt;
&amp;gt; but it doesn't see the domain until I manually add an entry for it
in&gt; &amp;gt; /etc/passwd&gt; &amp;gt;&gt; &amp;gt;&nbsp;  &gt; &gt; -- To
unsubscribe from this list go to the following URL and read
theinstructions:&nbsp; https://lists.samba.org/mailman/options/samba


More information about the samba mailing list