John H Terpstra wrote:
> a) Your configuration information. From this someone may be able to see things that are not as they need to be. That may help you to find a solution.
In case anyone wondered, here's my smb.conf and slapd.conf.
As I said, without LDAP, I can join a domain, log in as a user, roaming profiles work etc,
With OpenLDAP added, I can join the domain, but then I'm unable to log in as a user from the Windows workstation (w2k SP4).
Samba logs say that user authentication was successful, but Windows says that user/password were wrong.
smb.conf:
[global]
;basic server settings
workgroup = MAGISTA
netbios name = Server
server string = Samba PDC running %v
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
;PDC and master browser settings os level = 65 preferred master = yes local master = yes domain master = yes domain logons = yes
wins support = yes remote announce = 192.168.0.255/MAGISTA
;security and logging settings security = user encrypt passwords = yes log file = /var/log/samba/log.%m log level = 2 max log size = 50 hosts allow = 127.0.0.1 192.168.0.0/255.255.255.0
;password sync
passwd program = /usr/local/sbin/smbldap-passwd -o %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*
unix password sync = Yes
;LDAP-specific settings passdb backend = ldapsam:ldap://127.0.0.1/ ldap admin dn = cn=Manager,dc=magista,dc=de ldap ssl = no ldap suffix = dc=magista,dc=de ldap group suffix = ou=Users ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users
add user script = /usr/local/sbin/smbldap-useradd -d /dev/null -s /bin/false -g machine %u
;user profiles and home directory logon home = \\%L\%U\ logon drive = H: logon path = \\%L\profiles\%U logon script = netlogon.bat
# ==== shares ====
[homes] comment = Home Directories browseable = no writeable = yes
[profiles] path = /home/samba/profiles writeable = yes browseable = no create mask = 0600 directory mask = 0700
[netlogon] comment = Network Logon Service path = /home/netlogon read only = yes browseable = no write list = tom
[unattended] comment = Installation Sources path = /home/unattended read only = yes browseable = no valid users = unattended
### EOF smb.conf
slapd.conf:
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/yast.schema include /etc/openldap/schema/samba3.schema
pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args
modulepath /usr/lib/openldap/modules
access to dn.base=""
by * readaccess to dn.base="cn=Subschema"
by * readaccess to attr=userPassword,userPKCS12
by self write
by * authaccess to attr=shadowLastChange
by self write
by * readaccess to *
by self write
by users read
by anonymous authdatabase ldbm cachesize 10000 suffix "dc=magista,dc=de" rootdn "cn=Manager,dc=magista,dc=de"
rootpw xxxxxx
directory /var/lib/ldap
index objectClass eq index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index uidNumber eq index gidNumber eq index memberUid eq index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index member eq index default sub
# Logging loglevel 256
### EOF slapd.conf
Tomek
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
