Hello, I am hoping someone will offer some help. I'm currently trying to setup a samba 3 PDC with LDAP authentication backend in Fedora core 1. I've read loads of documentation, including
http://www.hilinski.net/samba/ldap_PDC_samba.doc http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html http://samba.idealx.org/samba-ldap-howto.pdf As well as tons of posts in the mailing list archives, but I still cannot get this combination to work. As for the setup, I've installed Openldap 2.1.22, Samba 3.0.0, smbldap-tools-0.8.2. I've run smbpasswd -w to add my slapd.conf password to the secrets.tdb file. I've setup smbldap_conf.pl with my correct SID and ldap dn. I've populated my ldap database using smbldap-populate.pl, everything shows up correctly. I've gone in to the ldap db and fixed roots uid and gid as well as its sambaSID so that it can act as administrator. As far as I can tell, its setup correctly. However, when I go to join a W2k Workstation client, I get "The user name could not be found.". Thats using root-testing combination from my config files. Samba does automatically create the machine account, that looks fine. But it refuses to join the machine. Yes, I'm aware of the registry hack for XP,W2K machines, and that has also been changed. The weird thing is from that client, who I cannot join, I can view shares on the PDC using root-testing user pass combination, so I know the authentication is working correctly through ldap. So what does that user name not found error really mean? Does anyone see anything obviously wrong in my config files that would cause this? I've cut them into the post below. I would appreciate any help as I'm just tired of reading and just can't seem to get past adding a machine. Thanks for any help... Jason --- begin ldap.conf ---- HOST 127.0.0.1 BASE dc=test,dc=edu ---- end ldap.conf ---- --- begin slapd.conf ---- include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/samba.schema pidfile /var/run/slapd.pid argsfile /var/run/slapd.args database bdb suffix "dc=test,dc=edu" rootdn "cn=root,dc=test,dc=edu" rootpw testing directory /var/lib/ldap index objectClass eq index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index uidNumber eq index gidNumber eq index memberUid eq index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index default sub ---- end slapd.conf ---- ---- begin smb.conf ---- [global] passdb backend = ldapsam ldap suffix = "dc=test,dc=edu" ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap admin dn = "cn=root,dc=test,dc=edu" ldap ssl = no idmap backend = ldap:ldap://127.0.0.1 passwd chat debug = Yes passwd program =/usr/local/sbin/smbldap-passwd.pl -o %u passwd chat = *new*password* %n\n *new*password:* %n\ *successfully* socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add machine script = /usr/local/sbin/smbldap-useradd.pl -w %m add user script = /usr/local/sbin/smbldap-useradd.pl -a %u delete user script = /usr/local/sbin/smbldap-userdel.pl %u add group script = /usr/local/sbin/smbldap-groupadd.pl %g delete group script = /usr/local/sbin/smbldap-groupdel.pl %g add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m %u %g delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x %u %g set primary group script = /usr/local/sbin/smbldap-usermod.pl -G %g %u workgroup = TEST netbios name = donald comment = test samba pdc security = user null passwords = yes encrypt passwords = yes logon script=logon.bat logon drive = logon path = domain master = yes domain logons = yes preferred master = yes os level = 33 wins support = yes wins proxy = no log file = /var/log/samba/%m.log public = No browseable = yes writable = No ; necessary share for domain controller [netlogon] path = /netlogon locking = no read only = yes write list = ntadmin ;test share [tmp] writeable = yes public = yes path = /tmp [profiles] path = /profiles read only = no writeable = yes create mask = 0600 directory mask = 0700 ---- end smb.conf --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
