The only thing that is configured in the ldap.conf file is the Base(dc=INTAIR, dc=transit) and Host (localhost) (with no SSL support). And yes, the objectclass is there with the right sambaSID. By the way the tools are the IDEALX 0.9.1
"James Taylor" <[EMAIL PROTECTED]> a écrit: >It could be ACL's but I am wondering how your /etc/ldap.conf file looks. >Also, does the Domain Users group have the sambaGroupMapping objectClass? >Also is it associated with the right samba Domain under the sambaSID? >Otherwise the domain won't refer to that group. > >James > >-----Original Message----- >From: Daniel Tousignant [mailto:[EMAIL PROTECTED] >Sent: Friday, March 17, 2006 12:08 PM >To: James Taylor >Cc: [email protected] >Subject: Re: [Samba] Domain authentification problem with LDAP > >The objectclass sambaSAMAccount and subsequent fields have been >created. We are using the standard perl script tools that are installed >with >the mandriva 2006 distro (samba 3.0.13 and openldap 2.3.6). >What I really do not understand is that if I put a user in the standard >ldap >group "Domain Admins" (gid=512), the user is able to logon to the domain, >but not >when it is in the "Domain Users" group (gid=513). What is the big >difference for Samba >between the two's ? Can it be an ACL problems ? > >"James Taylor" <[EMAIL PROTECTED]> a écrit: >>The LDAP users you have created (including the machines) need to have the >>objectclass: sambaSAMAccount and the subsequent fields. What are your >>user >>add scripts and machine add scripts you are using. Also, I have found >>that >>the IDEALX tools have an error in the smbldap-useradd script which >>includes >>that when you use the add machine switch the sambaSAMAccount information >>is >>not added to the LDAP database. I do have a copy of this modified file >if >>you need it. Otherwise if you can edit the script yourself. >> >>James >> >>-----Original Message----- >>From: [EMAIL PROTECTED] >>[mailto:[EMAIL PROTECTED] On >Behalf >>Of Daniel Tousignant >>Sent: Friday, March 17, 2006 9:11 AM >>To: [email protected] >>Subject: [Samba] Domain authentification problem with LDAP >> >>We use samba 3.0.13 and openldap 2.3.6 >>Members of the ldap group "Domain Admins" are working fine, but >>members of the group "Domain Users" can not login to the domain, >>and do not have access to the shares. Also, we are unable to join >>a windows xp workstation to the domain. >>Can anyone give me a hint where to start looking ... >> >>Thank you >> >> >>-- >>To unsubscribe from this list go to the following URL and read the >>instructions: https://lists.samba.org/mailman/listinfo/samba > > >Daniel Tousignant >Support informatique >Intair Transit >Courriel : [EMAIL PROTECTED] >Telephone : (514) 286-8515 poste 3326 Daniel Tousignant Support informatique Intair Transit Courriel : [EMAIL PROTECTED] Telephone : (514) 286-8515 poste 3326 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
