Hello,
I' have problems with samba3 + ldap PDC.
in particular can't join more then 2 workstation at domain.
i thinks that problems is on generating the UID part on SID (the final part)
the first Computer then join on domain have SID
S-1-5-21-3642312925-2943760701-1776766777-3000
the second have evere SID
S-1-5-21-3642312925-2943760701-1776766777-2052
after never workstation succeed join on domain, samba adds corectly a posix
account on LDAP directory,but not complete it with sambaSamAttributes
my configuration is
samba 3.0.2
openldap2-2.1.22
smbldap-tools-0.8.3
on SuSE 9.0
my final scenario is
1 master-ldap
10 slave-ldap with samba PDC with different domain
follow configuration files
/etc/ldap.conf
# Your LDAP server. Must be resolvable without using LDAP.
host127.0.0.1
# The distinguished name of the search base.
baseou=People,dc=xxx,dc=it
# The LDAP version to use (defaults to 3
# if supported by client library)
ldap_version3
# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
#binddn cn=Manager,dc=example,dc=it
# The credentials to bind with.
# Optional: default is no credential.
#bindpw secret
# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/ldap.secret (mode 600)
#rootbinddn cn=Manager,dc=example,dc=it
pam_passwordcrypt
# OpenLDAP SSL mechanism
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
ssl no
nss_base_passwd dc=xxx,dc=it
nss_base_shadow dc=xxx,dc=it
nss_base_group dc=xxx,dc=it
#ssl on
smb.conf
# Global parameters
[global]
workgroup = DEPARTMENT1
netbios name = SERVER-DEPARTMENT1
security = user
passdb backend = ldapsam:ldap://localhost
log level = 2
time server = Yes
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
printcap name = CUPS
add user script = /usr/local/sbin/smbldap-useradd -a %u
add machine script = /usr/local/sbin/smbldap-useradd -w %u
logon script = logon.bat
logon path = \\%L\homes\.windows_profile
logon drive = Y:
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
ldap suffix = dc=xxx,dc=it
ldap machine suffix = ou=depart1,ou=Computers
ldap user suffix = ou=depart1,ou=People
ldap group suffix = ou=depart1,ou=Groups
ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
ldap admin dn = "cn=Manager,dc=uaf,dc=it"
ldap ssl = no
printing = cups
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
[netlogon]
path = /home/netlogon
browseable = No
[profiles]
path = /home/samba-ntprof
read only = No
create mask = 0600
directory mask = 0700
browseable = No
[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0640
directory mask = 0750
browseable = No
/etc/openldap/slap.conf
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 23:19:14
kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
# Define global ACLs to disable default read access.
pidfile /var/run/slapd/slapd.pid
argsfile/var/run/slapd/slapd.args
###
# ldbm database definitions
###
databaseldbm
suffix "dc=xxx,dc=it"
rootdn "cn=Manager,dc=uaf,dc=it"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUid eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
/etc/smbtools/smbtools.conf
# $Source: /opt/cvs/samba/smbldap-tools/smbldap.conf,v $
# $Id: smbldap.conf,v 1.2 2004/01/14 22:24:44 jtournier Exp $
#
# smbldap-tools.conf : Q & D configuration file for smbldap-tools
# This code was developpe