---------- Forwarded message ----------
From: John Drescher <drescherjm@gmail.com>
Date: May 14, 2007 10:33 AM
Subject: Re: [Samba] Samba-PDC+LDAP Domain logon problem
To: Aki Vuorinen <akiv@edu.lahti.fi>
On 5/14/07, Aki Vuorinen <akiv@edu.lahti.fi>
wrote:> Hello!
>
> I have Samba with LDAP password backend.
> -Logging to shell works with ldap accounts
> -Logging to smb-share works with ldap accounts
> -Adding computers to domain with (shown in conf. file) and without
(manually)
> works
>
> But here's my problem:
> -Logging to domain with username & passwd doesn't work
>
> When using smbpasswd -file as backend it works
>
> After 3 days of googling I'm quite bored to find help anywhere else.
Can anyone
> help me with this problem..?
>
>
> Thanks,
> Aki
>
>
>
> OS details and conf files:
>
> I'm running:
> Debian lenny with 2.6.18-4
> Samba 3.0.24
> OpenLDAP 2.3.30
>
> -----------------------smb.conf:------------------
>
> [global]
> workgroup = XXXX
> passdb backend = ldapsam:ldap://127.0.0.1
> log level = 1
> max xmit = 65535
> time server = Yes
> deadtime = 15
> socket options = TCP_NODELAY IPTOS_LOWDELAY
> add machine script = /usr/local/smbldaptools/smbldap-useradd.pl -w
"%m"
> logon script = logon.bat
> logon path = \\%N\profiles\%u
> logon drive = H:
> domain logons = Yes
> os level = 65
> preferred master = Yes
> domain master = Yes
> wins proxy = Yes
> wins support = Yes
> ldap admin dn = cn=admin,dc=XXXX
> ldap group suffix = ou=groups
> ldap machine suffix = ou=machines
> ldap suffix = dc=XXXX
> ldap user suffix = ou=users
> dos filetime resolution = Yes
>
> [homes]
> read only = No
>
> [netlogon]
> path = /home/netlogon
> browseable = No
>
> [profiles]
> path = /home/profiles
> read only = No
> create mask = 0600
> directory mask = 0700
> browseable = No
>
>
You seem to be missing IDEALX entries:
add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"
add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u"
add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"
add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x
"%u" "%g"
set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g"
"%u"
passwd program = /opt/IDEALX/sbin/smbldap-passwd -p %n %u
John
--
John M. Drescher