[Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles

TAKAHASHI Motonobu monyo at monyo.com
Wed Aug 3 10:43:32 MDT 2011

From: "J. Echter" <j.echter at elektro-mayer-echter.de>
Date: Tue, 02 Aug 2011 14:12:05 +0200

> I thought im done setting domain to WORKGROUP, as its set in smbldap.conf.
> I don't get why smbldap tools thinks im on a domain called BDC.
> Would it help if i post some output from pdbedit or stuff like that? I 
> really don't get where this error comes from.

Have you set the SID same as PDC on BDC? For example

bdc# net rpc getsid 
Storing SID S-1-5-21-2535719703-1779805756-2758924810 for Domain DomanName in secrets.tdb

Remembet that before running the command, you have to set smb.conf
correctly as BDC.

> here's the conf of my testing smb machine:
> [global]
> domain master = no
> domain logons = no
> passdb backend = ldapsam:ldap://mule
> idmap backend = ldap:ldap://mule
> idmap uid = 10000-15000
> idmap gid = 10000-15000

You have to set "domain logons = yes" to make this machine act as BDC.

And are you running Winbind? If not, idmap backend/uid/gid does not mean

> there's something wrong with my config... the successful logins are only
> able because the users are already there as local unix accounts.
> i created a new user 'test' and this one can't even login.

Have you correctly set nss-ldap on BDC? For example /etc/nss_ldap.conf 

"getent passwd <a-user-created-on-PDC>" on BDC shows his entry?

TAKAHASHI Motonobu <monyo at samba.gr.jp>

More information about the samba mailing list