Re: [Samba] Samba 3 LDAP backend cannot authenticate

Wed, 06 Dec 2006 13:55:46 -0800 

John Drescher wrote:

On 12/6/06, Brad Askew <[EMAIL PROTECTED]> wrote:

I am trying to setup a samba3 pdc using samba 3.0.21b with openldap
backend, running freebsd 6.1 release, and openldap server is version
2.2.30. The short of it is: I cannot get any of my windows boxes to join
the domain. Also no ldap cn entries can login to the server, but if I
attempt to login to say #su user1, where user1 is an entry in the LDAP
directory, but does not have a unix account I can see that LDAP gets the
search query, but I am still not able to log in. I basically do not know
where to trouble shoot? Please any suggestions would be greatly
appreciated. Thanks.


Can you give a brief description on your setup and what you have done
as from the description you have given I can only guess. Are you using
the smbldap_tools from IDEALX? How did you configure your ldap server?
Have you set up users for the machines? ...

John


Sure thing.
I am using the idealx smbldap_tools. I used smbldap-populate to populate the directory. I have the following lines in slapd.conf 
<snip>
include  /usr/local/etc/openldap/schema/core.schema
include  /usr/local/etc/openldap/schema/cosine.schema
include  /usr/local/etc/openldap/schema/inetorgperson.schema
include  /usr/local/etc/openldap/schema/nis.schema
include  /usr/local/etc/openldap/schema/samba.schema
<snip>
Aside from using smbldap-populate, the directory is pretty flat, I used smbldap-useradd to add one user to the directory. I have set up the indices as follows. 

<snip>
index   objectClass        eq

index cn                pres,sub,eq
index sn                pres,sub,eq
## required to support pdb_getsampwnam
index uid              pres,sub,eq
## required to support pdb_getsambapwrid
index displayName       pres,sub,eq
## uncomment these if you are storing posixAccount
## and posixGroup in the directory as well
index uidNumber  eq
index gidNumber  eq
index memberUID  eq

index sambaSID      eq
index sambaPrimaryGroupSID      eq
index sambaDomainName      eq
index default         sub
<snip>
If you need more info on ldap, let me know. I added a machine account for the machines using the smbldaptools using the netbios name of the client machine followed by a $. 

--
Brad

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to