[Samba] Problems with Samba 3.4 under Opensolaris snv_111b

Ralf Hornik Mailings ralf at best.homeunix.org
Mon Sep 7 15:41:00 MDT 2009 

Hi List,

I compiled Samba 3.4 for Opensolaris because the samba SUNWsmba  
shipped my SFW did not work properly.

Now I had to realize, that the Problems are still there so I beleve  
that it is a common Problem with Solaris (?)

I have samba running as PDC with a Sun Directory Server as backend.  
All Authentication to Unix Clients work well with DSEE but Samba seems  
so have some trouble:

First, Password modify extended operation does not work so no  
smbpasswd <username> is possible when "ldap passwd sync" is set to  
yes. But exop basically works when I change the password using  
ldappasswd as user Manager.

The corresponding Error from smbpasswd is:

"ldapsam_modify_entry: LDAP Password could not be changed for user  
admin: Invalid syntax"
"Encountered an unexpected requestValue sequence element tag."

The workaround is to set the passwd and smbpasswd in one skript. But  
that is not a good idea, since users have to change their passwords  
for unix and windows seperately.

Second, joining a Windows XP host to the domein is sometimes possible,  
sometimes not. When I add a machine account using "smbpasswd -a -m  
host$" sometimes it fails with:

"pdb_default_create_user: failed to create a new user structure:  
NT_STATUS_NO_SUCH_USER"

The user exists then as created by the corresponding ldapadd script,  
but the samba related attributes are missing. I use the ldapscripts  
from sf.net. My ldap stuff in smb.conf is shown below.

Has anybody some expierience how to make samba/ldap/M$ ready for production?
Any hints would be greatly appreciated

Best regards

Ralf

   ########
   # LDAP #
   ########
   passdb backend = ldapsam:ldap://127.0.0.1/
   ldap ssl = Off
   invalid users = root
   ldap admin dn = cn=Directory Manager
   ldap suffix = dc=daheim,dc=int
   ldap group suffix = ou=group
   ldap user suffix = ou=people
   ldap machine suffix = ou=machines
   ldap passwd sync = no

   # scripts ldap
   # by default we add users to group
   add machine script = /usr/local/sbin/ldapaddmachine '%u' 1003
   add user script = /usr/local/sbin/ldapadduser '%u' 1001
   add group script = /usr/local/sbin/ldapaddgroup '%g'
   add user to group script = /usr/local/sbin/ldapaddusertogroup '%u' '%g'
   delete user script = /usr/local/sbin/ldapdeleteuser '%u'
   delete group script = /usr/local/sbin/ldapdeletegroup '%g'
   delete user from group script =  
/usr/local/sbin/ldapdeleteuserfromgroup '%u' '%g'
   set primary group script = /usr/local/sbin/ldapsetprimarygroup '%u' '%g'
###########################

More information about the samba mailing list