Thank Collen for response, I was change my pdc to a better is OPldap my log is :
Whe i try to connect typing this i can't connect to the pdc server
PLease can you help me to solve this, i'm working in a University and this
is the solution that I proposed as a solution
root@multiterminal:/home/usuario2# net join -U prueba
[2009/06/16 10:21:03, 2] lib/smbldap.c:smbldap_open_connection(786)
smbldap_open_connection: connection opened
[2009/06/16 10:21:03, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545)
init_sam_from_ldap: Entry found for user: prueba
[2009/06/16 10:21:03, 2] passdb/pdb_ldap.c:init_group_from_ldap(2167)
init_group_from_ldap: Entry found for group: 1001
[2009/06/16 10:21:03, 2] passdb/pdb_ldap.c:init_group_from_ldap(2167)
init_group_from_ldap: Entry found for group: 1001
[2009/06/16 10:21:03, 1] auth/auth_sam.c:sam_account_ok(173)
sam_account_ok: Account for user 'prueba' password must change!.
[2009/06/16 10:21:03, 2] auth/auth.c:check_ntlm_password(319)
check_ntlm_password: Authentication for user [prueba] -> [prueba] FAILED
with error NT_STATUS_PASSWORD_MUST_CHANGE
My OPen ldap is : OpenLDAP: slapd 2.4.9
My samba is Samba 3.0.28a
In a ubuntu hardy heron 8.04
My smb.conf is:
[global]
### Configuracion basica del servidor ###
workgroup = home
netbios name = servidor
server string = Samba PDC Version %v
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
### Configuracion para que la maquina sea el PDC master ###
os level = 65
preferred master = yes
local master = yes
domain master = yes
domain logons = yes
### Configuracion de seguridad y conexion ###
security = user
guest ok = no
encrypt passwords = yes
null passwords = no
hosts allow = 127.0.0.1 10.154.50.2/255.255.255.0
wins support = yes
name resolve order = wins lmhosts host bcast
dns proxy = no
time server = yes
### Otras configuraciones varias para SAMBA ###
log file = /var/log/samba/log.%m
log level = 2
max log size = 50
hide unreadable = yes
hide dot files = yes
panic action = /usr/share/samba/panic-action %d
unix charset = ISO8859-1
### Parametros para el soporte de LDAP ###
passdb backend = ldapsam:ldap://127.0.0.1
ldap suffix = dc=home
ldap machine suffix = ou=machines
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap admin dn = cn=admin,dc=home
ldap delete dn = no
enable privileges = yes
; Para permitir a los usuarios cambiar su clave desde Windows
ldap password sync = yes
### Perfiles moviles de usuario, carpeta home y script de inicio ###
logon home = \\%L\%U\.profile
logon drive = H:
logon path = \\%L\profiles\%U
logon script = %U.bat OR netlogon.bat
### Script para automatizar la adicion de cuentas de maquinas ###
### al arbol LDAP cuando estas se unan por primera vez al dominio ###
add machine script = /usr/sbin/smbldap-useradd -w "%u"
### Impresion ###
load printers = yes
printcap name = /etc/printcap
printing = cups
printcap name = cups
; Si quiero que el grupo sambaadmins pueda administrar las impresoras
; printer admin = @sambaadmins
### Recursos SAMBA ###
# Ruta en donde se alojaran el(los) script(s) de inicio
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = no
writable = no
browseable = no
share modes = no
# Carpeta en donde se guardan los perfiles moviles de los usuarios
[profiles]
comment = Perfiles de Usuarios
path = /home/samba/profiles
writeable = yes
browseable = no
guest ok = no
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
create mask = 0600
directory mask = 0700
csc policy = disable
# Impresoras
[printers]
comment = Impresoras
browseable = no
path = /var/spool/samba
printable = yes
public = no
writable = no
create mode = 0700
# Los clientes Windows buscan este recurso como fuente de drivers
[print$]
comment = Drivers de Impresoras
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
# carpetas home de los usuarios
[homes]
path = /home/users/%U
comment = Carpetas HOME
browseable = no
writeable = yes
valid users = %S
read only = no
guest ok = no
inherit permissions = yes
# Este es un recurso que solo debe ser accesible
# para un grupo POSIX especial llamado sysfox
[sysfox]
comment = Directorio de Sistemas en Fox
path = /home/posix/sysfox
writeable = yes
delete readonly = yes
valid users = @sysfox
write list = @sysfox
force group = sysfox
browseable = yes
create mask = 0770
directory mask = 0770
# Este recurso es por si quiero compartir la unidad de CD
;[cdrom]
; comment = Samba server CD
; writable = no
; locking = no
; path = /media/cdrom0
; public = yes
; Lo siguiente es para auto-montar el CD cada vez que es accesado y desmontarlo
; cuando se termina la conexi?n al servidor.
; Para que esto trabaje, el archivo /etc/fstab debe contener una
; entrada as?: /dev/hdc0 /media/cdrom iso9660 defaults,noauto,ro,user 0 0
;
; preexec = /bin/mount /cdrom
; postexec = /bin/umount /cdrom
My slapd.conf is
# Allow LDAPv2 binds
allow bind_v2
# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
#######################################################################
# Global Directives:
# Features to permit
#allow bind_v2
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd/slapd.args
# Read slapd.conf(5) for possible values
loglevel none
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_bdb
# The maximum number of entries that is returned for a search operation
sizelimit 500
# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1
#######################################################################
# Specific Backend Directives for bdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend bdb
#######################################################################
# Specific Backend Directives for 'other':
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend <other>
#######################################################################
# Specific Directives for database #1, of type bdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database bdb
# The base of your directory in database #1
suffix "dc=home"
# rootdn directive for specifying a superuser on the database. This is needed
# for syncrepl.
# rootdn "cn=admin,dc=home"
# Where the database file are physically stored for database #1
directory "/var/lib/ldap"
# The dbconfig settings are used to generate a DB_CONFIG file the first
# time slapd starts. They do NOT override existing an existing DB_CONFIG
# file. You should therefore change these settings in DB_CONFIG directly
# or remove DB_CONFIG and restart slapd for changes to take effect.
# For the Debian package we use 2MB as default but be sure to update this
# value if you have plenty of RAM
dbconfig set_cachesize 0 2097152 0
# Sven Hartge reported that he had to set this value incredibly high
# to get slapd running at all. See http://bugs.debian.org/303057 for more
# information.
# Number of objects that can be locked at the same time.
dbconfig set_lk_max_objects 1500
# Number of locks (both requested and granted)
dbconfig set_lk_max_locks 1500
# Number of lockers
dbconfig set_lk_max_lockers 1500
# Indexing options for database #1
index objectClass eq
# Save the time that the entry gets modified, for database #1
lastmod on
# Checkpoint the BerkeleyDB database periodically in case of system
# failure and to speed slapd shutdown.
checkpoint 512 30
# Where to store the replica logs for database #1
# replogfile /var/lib/ldap/replog
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
access to attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword
by dn="cn=admin,dc=home" write
by anonymous auth
by self write
by * none
# Ensure read access to the base for things like
# supportedSASLMechanisms. Without this you may
# have problems with SASL not knowing what
# mechanisms are available and the like.
# Note that this is covered by the 'access to *'
# ACL below too but if you change that as people
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work
# happily.
access to dn.base="" by * read
# The admin dn has full write access, everyone else
# can read everything.
access to *
by dn="cn=admin,dc=home" write
by * read
# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
# by dn="cn=admin,dc=home" write
# by dnattr=owner write
#######################################################################
# Specific Directives for database #2, of type 'other' (can be bdb too):
# Database specific directives apply to this databasse until another
# 'database' directive occurs
#database <other>
# The base of your directory for database #2
#suffix "dc=debian,dc=org"
_________________________________________________________________
News, entertainment and everything you care about at Live.com. Get it now!
http://www.live.com/getstarted.aspx
