samba - May 2009 - Users can't login on Samba+Ldap

Hi,

I've migrated from an old samba installation (Samba as PDC) that used TDB
backend for password.

I've setup a box with ubuntu and samba 3 + ldap and I imported the old
users.
Old users works fine.

I have problems with new users and machines.

Old users works but they don't show up with smbldap-usershow command and
I've problem in changing their passwords. If I check the ldap db I can find
them (with both ldapsearch and slapcat).

New users created with smbldap-useradd can be seen with smbldap-usershow
command but can't make a logon on workstation

If I join a workstation (directly by the workstation) it is added to ldap db
but it doesn't see the domain until I manually add an entry for it in
/etc/passwd

Checking the user entry for two users I can find the following differences.
BERENICE is an user imported from the old system and is working fine:
dn: uid=berenice,ou=Users,dc=DOMAIN,dc=IT
uid: berenice
sambaSID: S-1-5-21-1234567890-123456789-123456789-2018
sambaPrimaryGroupSID: S-1-5-21-1234567890-123456789-123456789-513
displayName: berenice
sambaLogonTime: 0
sambaLogoffTime: 4294967295
sambaKickoffTime: 4294967295
sambaPwdCanChange: 1161193814
sambaPwdMustChange: 4294967295
sambaLMPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
sambaNTPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
sambaPasswordHistory:
0000000000000000000000000000000000000000000000000000000000000000
sambaPwdLastSet: 1161193814
sambaLogonHours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
sambaAcctFlags: [U          ]
sambaBadPasswordCount: 0
sambaBadPasswordTime: 0
objectClass: sambaSamAccount
objectClass: account
structuralObjectClass: account
entryUUID: af11fe14-8e7a-102d-9b4e-27169ab1b87f
creatorsName: cn=admin,dc=DOMAIN,dc=IT
createTimestamp: 20090214003220Z
entryCSN: 20090214003220.132569Z#000000#000#000000
modifiersName: cn=admin,dc=DOMAIN,dc=IT
modifyTimestamp: 20090214003220Z

ADAM is a fresly created user and can't logon to workstation:
dn: uid=adam,ou=Users,dc=DOMAIN,dc=IT
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: adam
sn: adam
givenName: adam
uid: adam
uidNumber: 1004
gidNumber: 513
homeDirectory: /home/adam
loginShell: /bin/bash
gecos: System User
structuralObjectClass: inetOrgPerson
entryUUID: f9326600-8e7a-102d-9bb5-27169ab1b87f
creatorsName: cn=admin,dc=DOMAIN,dc=IT
createTimestamp: 20090214003424Z
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: adam
sambaSID: S-1-5-21-1234567890-123456789-123456789-3008
sambaPrimaryGroupSID: S-1-5-21-1234567890-123456789-123456789-513
sambaLogonScript: logon.bat
sambaProfilePath: \serverprofilesadam
sambaHomePath: \serveradam
sambaHomeDrive: C:
sambaLMPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
sambaAcctFlags: [U]
sambaNTPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
sambaPwdLastSet: 1234571674
sambaPwdMustChange: 1238459674
userPassword::
e1NTSEF9SStEUWVhay9tV2ROTGtOZy9QSlRqTDIrdmM1d1V6ZE4shadowLastChange: 14289
shadowMax: 45
entryCSN: 20090214003434.475223Z#000000#000#000000
modifiersName: cn=admin,dc=DOMAIN,dc=IT
modifyTimestamp: 20090214003434Z


Any help would be appreciated.
Thanks,
Riccardo

do you have   ldap machine suffix = ou=Computers
in smb.conf?

dogbert@infinito.it wrote:
>
> If I join a workstation (directly by the workstation) it is added to ldap
db
> but it doesn't see the domain until I manually add an entry for it in
> /etc/passwd
>
>

Yes, this is the [GLOBAL] section of my smb.conf

[global]
        dos charset = 850
        unix charset = ISO8859-1
        workgroup = DOMAIN.IT
        server string = SERVERNAME
        map to guest = Bad User
        passdb backend = ldapsam:ldap://localhost/
        syslog = 0
        log file = /var/log/samba/%m
        max log size = 100000
        smb ports = 3D 139
        time server = Yes
        deadtime = 10
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        printcap name = cups
        add user script = /usr/sbin/smbldap-useradd -m "%u"
        delete user script = /usr/sbin/smbldap-userdel "%u"
        add group script = /usr/sbin/smbldap-groupadd -p "%g"
        add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
        delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u"
"%g"
        set primary group script = /usr/sbin/smbldap-usermod -g '%g'
'%u'
        add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
        logon script = logon.bat
        logon path         logon drive = C:
        logon home         domain logons = Yes
        os level = 15
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        ldap admin dn = cn=admin,dc=DOMAIN,dc=IT
        ldap group suffix = ou=Groups
        ldap machine suffix = ou=Computers
        ldap passwd sync = Yes
        ldap suffix = dc=DOMAIN,dc=IT
        ldap user suffix = ou=Users
        create mask = 0640
        directory mask = 0750
        nt acl support = No
        case sensitive = No
        dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd


> 
> 
> do you have   ldap machine suffix = ou=Computers
> in smb.conf?
> 
> dogbert@infinito.it wrote:
> >
> > If I join a workstation (directly by the workstation) it is added
to
ldap db
> > but it doesn't see the domain until I manually add an entry
for it in
> > /etc/passwd
> >
> >   
> 
>

sorry... forgot to crosspost answer to the list:

I'm checking /etc/ldap.conf and it seems that at the end of this file it was
added a line with the following directive:
nss_initgroups_ignoreusers

that included more or less every single entry contained in my /etc/passwd
file at the time of the ldap configuration.

is that normal behaviour ?

Thanks,
Riccardo
> 
> did you properly configure nssldap ?
> 
> On Mon, 11 May 2009 14:25:05 +0200, dogbert@infinito.it wrote:
> > Hi,
> > 
> > I've migrated from an old samba installation (Samba as PDC)
that used
TDB
> > backend for password.
> > 
> > I've setup a box with ubuntu and samba 3 + ldap and I imported
the
old
> > users.
> > Old users works fine.
> > 
> > I have problems with new users and machines.
> > 
> > Old users works but they don't show up with smbldap-usershow
command
and
> > I've problem in changing their passwords. If I check the ldap
db I
can
> find
> > them (with both ldapsearch and slapcat).
> > 
> > New users created with smbldap-useradd can be seen with
smbldap-usershow
> > command but can't make a logon on workstation
> > 
> > If I join a workstation (directly by the workstation) it is added
to
ldap
> > db
> > but it doesn't see the domain until I manually add an entry
for it in
> > /etc/passwd
> > 
> > Checking the user entry for two users I can find the following
> differences.
> > BERENICE is an user imported from the old system and is working
fine:
> > dn: uid=berenice,ou=Users,dc=DOMAIN,dc=IT
> > uid: berenice
> > sambaSID: S-1-5-21-1234567890-123456789-123456789-2018
> > sambaPrimaryGroupSID: S-1-5-21-1234567890-123456789-123456789-513
> > displayName: berenice
> > sambaLogonTime: 0
> > sambaLogoffTime: 4294967295
> > sambaKickoffTime: 4294967295
> > sambaPwdCanChange: 1161193814
> > sambaPwdMustChange: 4294967295
> > sambaLMPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> > sambaNTPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> > sambaPasswordHistory:
> > 0000000000000000000000000000000000000000000000000000000000000000
> > sambaPwdLastSet: 1161193814
> > sambaLogonHours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> > sambaAcctFlags: [U          ]
> > sambaBadPasswordCount: 0
> > sambaBadPasswordTime: 0
> > objectClass: sambaSamAccount
> > objectClass: account
> > structuralObjectClass: account
> > entryUUID: af11fe14-8e7a-102d-9b4e-27169ab1b87f
> > creatorsName: cn=admin,dc=DOMAIN,dc=IT
> > createTimestamp: 20090214003220Z
> > entryCSN: 20090214003220.132569Z#000000#000#000000
> > modifiersName: cn=admin,dc=DOMAIN,dc=IT
> > modifyTimestamp: 20090214003220Z
> > 
> > ADAM is a fresly created user and can't logon to workstation:
> > dn: uid=adam,ou=Users,dc=DOMAIN,dc=IT
> > objectClass: top
> > objectClass: person
> > objectClass: organizationalPerson
> > objectClass: inetOrgPerson
> > objectClass: posixAccount
> > objectClass: shadowAccount
> > objectClass: sambaSamAccount
> > cn: adam
> > sn: adam
> > givenName: adam
> > uid: adam
> > uidNumber: 1004
> > gidNumber: 513
> > homeDirectory: /home/adam
> > loginShell: /bin/bash
> > gecos: System User
> > structuralObjectClass: inetOrgPerson
> > entryUUID: f9326600-8e7a-102d-9bb5-27169ab1b87f
> > creatorsName: cn=admin,dc=DOMAIN,dc=IT
> > createTimestamp: 20090214003424Z
> > sambaLogonTime: 0
> > sambaLogoffTime: 2147483647
> > sambaKickoffTime: 2147483647
> > sambaPwdCanChange: 0
> > displayName: adam
> > sambaSID: S-1-5-21-1234567890-123456789-123456789-3008
> > sambaPrimaryGroupSID: S-1-5-21-1234567890-123456789-123456789-513
> > sambaLogonScript: logon.bat
> > sambaProfilePath: serverprofilesadam
> > sambaHomePath: serveradam
> > sambaHomeDrive: C:
> > sambaLMPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> > sambaAcctFlags: [U]
> > sambaNTPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> > sambaPwdLastSet: 1234571674
> > sambaPwdMustChange: 1238459674
> > userPassword::
e1NTSEF9SStEUWVhay9tV2ROTGtOZy9QSlRqTDIrdmM1d1V6ZE4> >
shadowLastChange: 14289
> > shadowMax: 45
> > entryCSN: 20090214003434.475223Z#000000#000#000000
> > modifiersName: cn=admin,dc=DOMAIN,dc=IT
> > modifyTimestamp: 20090214003434Z
> > 
> > 
> > Any help would be appreciated.
> > Thanks,
> > Riccardo
>

ADAM and BERENICE are fake username (I had to cover real username and domain
informations before posting)
> 
> is ADAM the username of a user or a machine account?
> 
>

Is this the section that has to be configured in ldap.conf?

#nss_base_passwd        ou=People,dc=padl,dc=com?one
#nss_base_shadow        ou=People,dc=padl,dc=com?one
#nss_base_group         ou=Group,dc=padl,dc=com?one
#nss_base_hosts         ou=Hosts,dc=padl,dc=com?one
#nss_base_services      ou=Services,dc=padl,dc=com?one
#nss_base_networks      ou=Networks,dc=padl,dc=com?one
#nss_base_protocols     ou=Protocols,dc=padl,dc=com?one
#nss_base_rpc           ou=Rpc,dc=padl,dc=com?one
#nss_base_ethers        ou=Ethers,dc=padl,dc=com?one
#nss_base_netmasks      ou=Networks,dc=padl,dc=com?ne
#nss_base_bootparams    ou=Ethers,dc=padl,dc=com?one
#nss_base_aliases       ou=Aliases,dc=padl,dc=com?one
#nss_base_netgroup      ou=Netgroup,dc=padl,dc=com?one

because all the directives are commented excepted the following:
base dc=DOMAIN,dc=IT
binddn cn=anonymous,dc=DOMAIN,dc=IT
bindpw xxxxxxx
ldap_version 3
nss_initgroups_ignoreusers
pam_password md5
rootbinddn cn=admin,dc=dc=DOMAIN,dc=IT
uri ldap://127.0.0.1/


	
	> /etc/ldap.conf has to include a lookup for passwd in the ou=Computers
section or machines have to be duplicated in /etc/passwdjust find the one
for Users and add a similar one for Computers.From:
"dogbert@infinito.it"
<dogbert@infinito.it>To: Adam Williams
<awilliam@mdah.state.ms.us>Cc: samba@lists.samba.orgSent: Monday,
11
May, 2009 7:35:01Subject: Re: [Samba] Users can't login on Samba+LdapYes,
this is the [GLOBAL] section of my smb.conf[global]   
 
  dos charset = 850        unix
charset ISO8859-1        workgroup =
DOMAIN.IT   
    server string = SERVERNAME     
  map to
guest = Bad User        passdb backend
ldapsam:ldap://localhost/        syslog =
0   
    log file = /var/log/samba/%m   
    max
log size = 100000        smb ports = 3D
139   
    time server = Yes     
  deadtime 10        socket options
= TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192        printcap name =
cups 
>        add user script =
/usr/sbin/smbldap-useradd -m
"%u"        delete user script
/usr/sbin/smbldap-userdel "%u"     
  add group script /usr/sbin/smbldap-groupadd -p
"%g"        add user to
group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"     
  delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u""%g"        set
primary group script /usr/sbin/smbldap-usermod -g '%g'
'%u'        add
machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u" 
   
  logon script = logon.bat       
logon path
=        logon drive = C: 
     
logon home =        domain logons =
Yes   
    os level = 15       
preferred
>  master = Yes        domain master =
Yes   
    wins support = Yes     
  ldap admin dn cn=admin,dc=DOMAIN,dc=IT   
    ldap group suffix ou=Groups   
    ldap machine suffix ou=Computers   
    ldap passwd sync = Yes   
    ldap suffix = dc=DOMAIN,dc=IT   
    ldap
user suffix = ou=Users        create mask =
0640 
      directory mask = 0750   
    nt acl
support = No        case sensitive =
No   
    dont descend =
/proc,/dev,/etc,/lib,/lost+found,/initrd>
> > do you have   ldap machine suffix =
ou=Computers> in
smb.conf?> > dogbert@infinito.it wrote:>
>> > If I
join a workstation (directly by the workstation) it is added toldap db>
> but it doesn't see the domain until I manually add an entry for
it
in> > /etc/passwd> >>
>   > > -- To
unsubscribe from this list go to the following URL and read
theinstructions: 
https://lists.samba.org/mailman/options/samba
> 
> 
> 
>

I've found somewhere (I'm looking again for the document) that from a
certain
version it doesn't need anymore the file libnss_ldap.conf/secret because
it's
all configured from ldap.conf/secret (and I don't have libnss_ldap files).

Anyway I checked with the getent command and I obtain only entries from 
/etc/passwd end group files.

I'd like to store all the windows user and workstation informations on LDAP 
limiting only the administrative user to passwd.

Fran?ois Legal wrote:
> To be honest, I don't know very well all the ldap client configuration
> stuff. Anyway, nss is not (AFAIK) configured in /etc/ldap.conf.
> 
> You should have a libnss_ldap.conf/secret files containing the ldap
> configuration (bind DN/pwd suffix for users, suffix for groups...) so that
> NSS can successfully lookup the directory when it has to find user/group
> information.
> 
> You can see if it is configured properly by doing getent group and getent
> passwd
> These commands shall display all the groups and user found on the system.
> That is each user and group present in /etc/passwd /etc/group plus each
> user contained in maybe ou=Users,dc=yourcompany,dc=com and
> ou=Groups,dc=yourcompany,dc=com and (that one is important too)
> ou=Machines,dc=yourcompany,dc=com from your directory.
> 
> Note that if you plan to only use ldap to store user information, you
> should no more have real users/groups in /etc/passwd and /etc/group
> 
> Fran?ois
> 
> On Mon, 11 May 2009 16:51:47 +0200, dogbert@infinito.it wrote:
>> I'm checking /etc/ldap.conf and it seems that at the end of this
file it
>> was
>> added a line with the following directive:
>> nss_initgroups_ignoreusers
>>
>> that included more or less every single entry contained in my
/etc/passwd
>> file at the time of the ldap configuration.
>>
>> is that normal behaviour ?
>>
>> Thanks,
>> Riccardo
>>
>>> did you properly configure nssldap ?
>>>
>>> On Mon, 11 May 2009 14:25:05 +0200, dogbert@infinito.it wrote:
>>>> Hi,
>>>>
>>>> I've migrated from an old samba installation (Samba as PDC)
that
>>> used
>> TDB
>>>> backend for password.
>>>>
>>>> I've setup a box with ubuntu and samba 3 + ldap and I
imported the
>> old
>>>> users.
>>>> Old users works fine.
>>>>
>>>> I have problems with new users and machines.
>>>>
>>>> Old users works but they don't show up with
smbldap-usershow command
>> and
>>>> I've problem in changing their passwords. If I check the
ldap db I
>> can
>>> find
>>>> them (with both ldapsearch and slapcat).
>>>>
>>>> New users created with smbldap-useradd can be seen with
>> smbldap-usershow
>>>> command but can't make a logon on workstation
>>>>
>>>> If I join a workstation (directly by the workstation) it is
added to
>> ldap
>>>> db
>>>> but it doesn't see the domain until I manually add an entry
for it
>>> in
>>>> /etc/passwd
>>>>
>>>> Checking the user entry for two users I can find the following
>>> differences.
>>>> BERENICE is an user imported from the old system and is working
>>> fine:
>>>> dn: uid=berenice,ou=Users,dc=DOMAIN,dc=IT
>>>> uid: berenice
>>>> sambaSID: S-1-5-21-1234567890-123456789-123456789-2018
>>>> sambaPrimaryGroupSID:
S-1-5-21-1234567890-123456789-123456789-513
>>>> displayName: berenice
>>>> sambaLogonTime: 0
>>>> sambaLogoffTime: 4294967295
>>>> sambaKickoffTime: 4294967295
>>>> sambaPwdCanChange: 1161193814
>>>> sambaPwdMustChange: 4294967295
>>>> sambaLMPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>>>> sambaNTPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>>>> sambaPasswordHistory:
>>>>
0000000000000000000000000000000000000000000000000000000000000000
>>>> sambaPwdLastSet: 1161193814
>>>> sambaLogonHours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>>>> sambaAcctFlags: [U          ]
>>>> sambaBadPasswordCount: 0
>>>> sambaBadPasswordTime: 0
>>>> objectClass: sambaSamAccount
>>>> objectClass: account
>>>> structuralObjectClass: account
>>>> entryUUID: af11fe14-8e7a-102d-9b4e-27169ab1b87f
>>>> creatorsName: cn=admin,dc=DOMAIN,dc=IT
>>>> createTimestamp: 20090214003220Z
>>>> entryCSN: 20090214003220.132569Z#000000#000#000000
>>>> modifiersName: cn=admin,dc=DOMAIN,dc=IT
>>>> modifyTimestamp: 20090214003220Z
>>>>
>>>> ADAM is a fresly created user and can't logon to
workstation:
>>>> dn: uid=adam,ou=Users,dc=DOMAIN,dc=IT
>>>> objectClass: top
>>>> objectClass: person
>>>> objectClass: organizationalPerson
>>>> objectClass: inetOrgPerson
>>>> objectClass: posixAccount
>>>> objectClass: shadowAccount
>>>> objectClass: sambaSamAccount
>>>> cn: adam
>>>> sn: adam
>>>> givenName: adam
>>>> uid: adam
>>>> uidNumber: 1004
>>>> gidNumber: 513
>>>> homeDirectory: /home/adam
>>>> loginShell: /bin/bash
>>>> gecos: System User
>>>> structuralObjectClass: inetOrgPerson
>>>> entryUUID: f9326600-8e7a-102d-9bb5-27169ab1b87f
>>>> creatorsName: cn=admin,dc=DOMAIN,dc=IT
>>>> createTimestamp: 20090214003424Z
>>>> sambaLogonTime: 0
>>>> sambaLogoffTime: 2147483647
>>>> sambaKickoffTime: 2147483647
>>>> sambaPwdCanChange: 0
>>>> displayName: adam
>>>> sambaSID: S-1-5-21-1234567890-123456789-123456789-3008
>>>> sambaPrimaryGroupSID:
S-1-5-21-1234567890-123456789-123456789-513
>>>> sambaLogonScript: logon.bat
>>>> sambaProfilePath: serverprofilesadam
>>>> sambaHomePath: serveradam
>>>> sambaHomeDrive: C:
>>>> sambaLMPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>>>> sambaAcctFlags: [U]
>>>> sambaNTPassword: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>>>> sambaPwdLastSet: 1234571674
>>>> sambaPwdMustChange: 1238459674
>>>> userPassword::
e1NTSEF9SStEUWVhay9tV2ROTGtOZy9QSlRqTDIrdmM1d1V6ZE4>>>>
shadowLastChange: 14289
>>>> shadowMax: 45
>>>> entryCSN: 20090214003434.475223Z#000000#000#000000
>>>> modifiersName: cn=admin,dc=DOMAIN,dc=IT
>>>> modifyTimestamp: 20090214003434Z
>>>>
>>>>
>>>> Any help would be appreciated.
>>>> Thanks,
>>>> Riccardo
>

Yes, I followed the guides at Ubuntu site:
https://help.ubuntu.com/8.10/serverguide/C/network-authentication.html

and it included the installation of libnss_ldap

Fran?ois Legal wrote:
> Did you install the libnss_ldap package ?
> 
> On Mon, 11 May 2009 23:32:00 +0200, dogbert <dogbert@infinito.it>
wrote:
>> Adam Williams wrote:
>>> can you post your /etc/nsswitch.conf?
>>>
>>>
>>
>> # /etc/nsswitch.conf
>> #
>> # Example configuration of GNU Name Service Switch functionality.
>> # If you have the `glibc-doc-reference' and `info' packages
installed,
> try:
>> # `info libc "Name Service Switch"' for information about
this file.
>>
>> # pre_auth-client-config # passwd:     files
>> passwd: files ldap
>> # pre_auth-client-config # shadow:     files
>> shadow: files ldap
>> # pre_auth-client-config # group:      files
>> group: files ldap
>>
>>
>> hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
>> networks:       files
>>
>> protocols:      db files
>> services:       db files
>> ethers:         db files
>> rpc:            db files
>>
>> # netgroup:       nis
>> # pre_auth-client-config # netgroup: nis
>> netgroup: nis
>

Miguel Medalha wrote:
> Based on your smb.conf, you must have the following entries in 
> /etc/ldap.conf
> 
> nss_base_passwd        ou=Users,dc=DOMAIN,dc=IT?one
> nss_base_passwd        ou=Computers,dc=DOMAIN,dc=IT?one
> nss_base_shadow        ou=Users,dc=DOMAIN,dc=IT?one
> nss_base_group         ou=Groups,dc=DOMAIN,dc=IT?one
> 
> 
Hi,

I've tried this configuration and I still have some problems.
Trying to connect with a user created only in LDAP (smbldap-useradd) I get
the following error in samba log:

[2009/05/19 10:59:30,  0] passdb/pdb_get_set.c:pdb_get_group_sid(210)
  pdb_get_group_sid: Failed to find Unix account for utentest
[2009/05/19 10:59:30,  0] auth/auth_sam.c:check_sam_security(355)
  check_sam_security: make_server_info_sam() failed with
'NT_STATUS_NO_SUCH_USER'
[2009/05/19 10:59:30,  0] passdb/pdb_get_set.c:pdb_get_group_sid(210)
  pdb_get_group_sid: Failed to find Unix account for utentest

If I try to connect with a user that exist in both the LDAP and etc/passwd
files I cannot get it to authenticate (error user is invalid or bad
password) but I don't get any log in the samba files

I can't understand what's wrong with this installation.