samba - Jan 2003 - Second Post: Unable to add user with Samba 2.2.7 - LDAP - PDC

Hello,

	I did not have any response of my first mail. Perhaps I did not be enough
clear:

		Since I have installed the latest version of samba (2.2.7), I can't see
user of my domain with the Win2K User management console. I have try to
change several attribute in my user ( in particular acctFlags ) but I cannot
manage with making my system works.

Do you have any idea ?

Thanks in advance

Matthieu Turpault

Appendice:
	- a sample of a user in my LDAP directory
	- my first post

-----------------------------------------------------------

====================================================A sample of a user in my
LDAP directory:
====================================================
dn: uid=mat,ou=users,o=comelis
loginShell: /bin/bash
objectClass: cmlsPerson
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: sambaAccount
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: qmailUser
sn: Turpault
gecos: Matthieu Turpault
mail: matthieu.turpault@comelis.fr
qmailGID: 100
givenName: Matthieu
uidNumber: 1002
homeDirectory: /homes/matthieu
pwdLastSet: 1042190742
logonTime: 0
logoffTime: 2147483647
kickoffTime: 2147483647
pwdCanChange: 0
pwdMustChange: 2147483647
displayName: Matthieu Turpault
cn: Matthieu Turpault
rid: 998
primaryGroupID: 999
acctFlags:: IFtVWCAgICAgICAgIF0=       ( ie [UX      ] )
gidNumber: 100
uid: mat


==========================    My first post
==========================


Hi list,

	I have used samba-2.2.3a/LDAP acting as a PDC. If I want to add a user in
the administrative group of a workstations, I could see all  users of the
domain.

	Everything worked well until I migrate to samba-2.2.7a/LDAP. Now, I can
only see the group but no user. My smb.conf was not changed.

	A google search does not help me.
	Do you have any idea ?

	Thanks in advance.

My configuration:
	Mandrake 8.2
	Samba 2.2.7

Matthieu

-------------- my smb.conf --------------------
[global]
    workgroup = MDKGROUP
    server string = Samba Server %v
    log file = /var/log/samba/log.%m
    max log size = 5000
    security = user
    encrypt passwords = yes
    ldap admin dn = "cn=manager,id=1"
    ldap server = ldap.comelis.fr
    ldap ssl = off
    ldap port = 389
    ldap suffix = "id=1"
    ldap filter = "(&(uid=%u)(objectclass=sambaAccount))"
    unix password sync = Yes
    passwd program = /usr/share/samba/scripts/smbldap-passwd.pl %u
    passwd chat = *New*password*:* %n\r *Retype*new*password*:* %n\r
*all*authentication*tokens*updated*successfully*
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    logon path = ""
    logon drive = w
    logon script = STARTUP.BAT
    dns proxy = no
    netbios name = Lea
    map to guest = bad user
    password level = 0
    null passwords = no
    os level = 33
    preferred master = yes
    domain master = yes
    wins support = no
    dead time = 0
    domain logons = yes
    interfaces = eth0
    name resolve order = host bcast
    load printers = yes
    client code page = 850
    character set = ISO8859-15
    password server = 10.0.1.12

[homes]
    comment = Home Directories
    browseable = yes
    writable = yes
    available = yes
    public = no
    only user = no
    preexec close = no
    root preexec close = no

[Profiles]
    path = /var/lib/samba/profiles
    browseable = no
    guest ok = yes
    writable = yes

[netlogon]
    available = yes
    path = /var/lib/samba/netlogon
    guest ok = yes
    preexec close = no
    root preexec close = no
    browseable = no
    comment = Network Logon Service

-----------end of my smb.conf -----------------

> Message: 5
> From: "Matthieu Turpault" <matthieu.turpault@comelis.fr>
> To: "Samba" <samba@lists.samba.org>
> Date: Thu, 16 Jan 2003 11:27:30 +0100
> Subject: [Samba] Second Post: Unable to add user with Samba 2.2.7 - LDAP -
PDC
> 
> Hello,
> 
> 	I did not have any response of my first mail. Perhaps I did not be enough
> clear:
> 
> 		Since I have installed the latest version of samba (2.2.7), I can't
see
> user of my domain with the Win2K User management console. I have try to
> change several attribute in my user ( in particular acctFlags ) but I
cannot
> manage with making my system works.
> 
(BTW, are you using RPMs or not? If so, which ones please?).
> Do you have any idea ?
> 
See below ...
> Thanks in advance
> 
> Matthieu Turpault
> 
> Appendice:
> 	- a sample of a user in my LDAP directory
> 	- my first post
> 
> -----------------------------------------------------------
> 
> ====================================================> A sample of a user
in my LDAP directory:
> ====================================================> 
> dn: uid=mat,ou=users,o=comelis
> loginShell: /bin/bash
> objectClass: cmlsPerson
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: sambaAccount
> objectClass: account
> objectClass: posixAccount
> objectClass: top
> objectClass: qmailUser
> sn: Turpault
> gecos: Matthieu Turpault
> mail: matthieu.turpault@comelis.fr
> qmailGID: 100
> givenName: Matthieu
> uidNumber: 1002
> homeDirectory: /homes/matthieu
> pwdLastSet: 1042190742
> logonTime: 0
> logoffTime: 2147483647
> kickoffTime: 2147483647
> pwdCanChange: 0
> pwdMustChange: 2147483647
> displayName: Matthieu Turpault
> cn: Matthieu Turpault
> rid: 998
> primaryGroupID: 999
> acctFlags:: IFtVWCAgICAgICAgIF0=       ( ie [UX      ] )
> gidNumber: 100
> uid: mat
> 
[...]

> 
> -------------- my smb.conf --------------------
> [global]
>     workgroup = MDKGROUP
>     server string = Samba Server %v
>     log file = /var/log/samba/log.%m
>     max log size = 5000
>     security = user
>     encrypt passwords = yes
>     ldap admin dn = "cn=manager,id=1"
Should this not be something like 'ldap admin dn
"cn=manager,o=comelis"? Or does :

$ ldapsearch -x -h ldap.comelis.fr -D "cn=manager,id=1" -W
"(uid=mat)"

work for you (with the password you have added to samba with 'smbpasswd
-w <password> when prompted)?
>     ldap server = ldap.comelis.fr
>     ldap ssl = off
>     ldap port = 389
>     ldap suffix = "id=1"
As above, I think this needs to be "o=comelis", unless the following
works for you:
$ ldapsearch -x -h ldap.comelis.fr -b "id=1"
"(uid=mat)"
>     ldap filter = "(&(uid=%u)(objectclass=sambaAccount))"
>     unix password sync = Yes
>     passwd program = /usr/share/samba/scripts/smbldap-passwd.pl %u
>     passwd chat = *New*password*:* %n\r *Retype*new*password*:* %n\r
> *all*authentication*tokens*updated*successfully*
We use 'pam password change = yes" and have pam_ldap in the passwd
section on /etc/pam.d/samba instead.

Buchan

-- 
|--------------Another happy Mandrake Club member--------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7