Brad,
Thanks for the suggestions. I got rid of the realm and changed back the LDAP filter to what you suggested to no avail.
I assume that Samba is directly responsible for sending the LDAP search query to slapd. Is this correct? With the slapd debugging turned on I see that LDAP gets the same query twice to retrieve an account when I try to connect as a Samba client (see details below). Is the filter defined in smb.conf the same filter that is supposed to be used in this query because if so it doesn't seem to work. Also, is it correct for Samba to prefix the domain name to the userid before querying the LDAP database? If I query my LDAP database using this filter it obviously returns nothing, but if I remove the "ELUCIDATION\" domain prefix it does return the user record. It's frustrating because I feel like I know what the problem is, but don't know how to fix it.
Any other ideas would be greatly appreciated!
John
Samba Client Connection
==================
smbclient -d 4 -L boo -U root%password -W ELUCIDATION
debug.log:
=======
Jan 27 07:37:14 boo slapd[8038]: connection_get(25)
Jan 27 07:39:40 boo slapd[8038]: connection_get(25)
Jan 27 07:39:40 boo slapd[14586]: send_ldap_result: 0::
Jan 27 07:39:40 boo slapd[8038]: connection_get(25)
Jan 27 07:39:40 boo slapd[14719]: SRCH "ou=Users,dc=ELUCIDATION" 1 0
Jan 27 07:39:40 boo slapd[14719]: 1 0 0
Jan 27 07:39:40 boo slapd[14719]: filter: (&(objectClass=posixAccount)(uid=elucidation\5Croot))
Jan 27 07:39:40 boo slapd[14719]: attrs:
Jan 27 07:39:40 boo slapd[14719]: uid
Jan 27 07:39:40 boo slapd[14719]: userPassword
Jan 27 07:39:40 boo slapd[14719]: uidNumber
Jan 27 07:39:40 boo slapd[14719]: gidNumber
Jan 27 07:39:40 boo slapd[14719]: cn
Jan 27 07:39:40 boo slapd[14719]: homeDirectory
Jan 27 07:39:40 boo slapd[14719]: loginShell
Jan 27 07:39:40 boo slapd[14719]: gecos
Jan 27 07:39:40 boo slapd[14719]: description
Jan 27 07:39:40 boo slapd[14719]: objectClass
Jan 27 07:39:40 boo slapd[14719]:
Jan 27 07:39:40 boo slapd[8038]: connection_get(25)
Jan 27 07:39:40 boo slapd[9285]: SRCH "ou=Users,dc=ELUCIDATION" 1 0
Jan 27 07:39:40 boo slapd[9285]: 1 0 0
Jan 27 07:39:40 boo slapd[9285]: filter: (&(objectClass=posixAccount)(uid=ELUCIDATION\5CROOT))
Jan 27 07:39:40 boo slapd[9285]: attrs:
Jan 27 07:39:40 boo slapd[9285]: uid
Jan 27 07:39:40 boo slapd[9285]: userPassword
Jan 27 07:39:40 boo slapd[9285]: uidNumber
Jan 27 07:39:40 boo slapd[9285]: gidNumber
Jan 27 07:39:40 boo slapd[9285]: cn
Jan 27 07:39:40 boo slapd[9285]: homeDirectory
Jan 27 07:39:40 boo slapd[9285]: loginShell
Jan 27 07:39:40 boo slapd[9285]: gecos
Jan 27 07:39:40 boo slapd[9285]: description
Jan 27 07:39:40 boo slapd[9285]: objectClass
Jan 27 07:39:40 boo slapd[9285]:
Jan 27 07:39:41 boo slapd[8038]: connection_get(25)
~-~-~-~-~-~-~-~-~-~-~-~-~-~
John Peak
Revenue Cycle Solutions
McKesson Corp.
[EMAIL PROTECTED]
404.338.2701
-----Original Message-----
From: Bradley W. Langhorst [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 24, 2003 4:52 PM
To: Peak, John
Cc: [EMAIL PROTECTED]
Subject: RE: [Samba] LDAP Filter Problem
On Fri, 2003-01-24 at 16:32, Peak, John wrote:
> I am sure there are some extraneous parameters in it from all the
> things I've tried, but here it is....
...
> # Global parameters
> [global]
> realm = ELUCIDATION
what's this doing here?
> ldap filter = "(&(uid=%u)(objectclass=ixAccount))"
i think this should be
ldap filter = (&(uid=%u)(objectclass=sambaAccount))
unless you've done something unusual
brad
--
Bradley W. Langhorst <[EMAIL PROTECTED]>
