On Friday, June 13, 2003 1:44 PM, Bruno Gimenes Pereti wrote: > Hi Kevin,
Hi Bruno, and thanks for responding... > > > Below are some files that I think are pertinent. The > > /etc/openldap/ldap.conf, /etc/openldap/slapd.conf > /etc/samba/smb.conf, the > > base.ldif that is from the IDEALX.org HOWTO. > > > > I'm hoping that someone with much more experience than me > will be able to > > help me. > > I´m not so experience but I think you forgot one thing. Do > you have this: > > passwd: files ldap > shadow: files ldap > group: files ldap > > in your /etc/nsswitch.conf and this: > > auth required /lib/security/pam_env.so > auth sufficient /lib/security/pam_unix.so likeauth nullok > auth sufficient use_first_pass > auth required /lib/security/pam_deny.so > account sufficient /lib/security/pam_ldap.so > account required /lib/security/pam_unix.so > password required /lib/security/pam_cracklib.so retry=3 > password sufficient /lib/security/pam_unix.so nullok > use_authtok md5 > shadow > password sufficient /lib/security/pam_ldap.so > password required /lib/security/pam_deny.so > session required /lib/security/pam_limits.so > session sufficient /lib/security/pam_ldap.so > session required /lib/security/pam_unix.so > > in /etc/pam.d/system-auth? > > In redhat you can do this with authconfig. > I did have these set, as I used 'authconfig' to generate the PAM/LDAP integration. What I didn't have (but do now) is some settings in /etc/ldap.conf. Those that look like nns_base_passwd, nss_base_shadow, and nss_base_group or very similar. I have those set now, and the error message that I'm getting is different. On the Windows 2000 machine when I join the domain, I get: "The account used is a computer account. Use your global user account, or local user account to access this server." It almost sounds like the "administrator" account is misconfigured and is appearing to Windows as a computer account instead of a user account. Have you heard of this happening before? I used 'smbldap-useradd.pl -a -m -g 200 administrator' to add the "administrator" account after I had LDAP up and running. Thanks again for your input. -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba