It's me again. I'm running Samba 3.0 and LDAP 2.1.23 on a RedHat 8.0

I am able to browse shares and home directories. I get a:

Logon failure: unknown username or bad password

when I try to connect a W2k machine. For Win/95/98 the system already
works. I believe it is setup OK I need to work on scripts that work with
MMC. I just want a basic connect a w2k machine right now.

Output from /usr/local/samba/bin/net groupmap list

[EMAIL PROTECTED]'s password:
Last login: Mon Nov 10 08:10:41 2003 from
[EMAIL PROTECTED] root]# /usr/local/samba/bin/net groupmap list
domain_users (S-1-5-21-1129281578-1295143107-3311307472-513) -> dusers
domain_guests (S-1-5-21-1129281578-1295143107-3311307472-514) -> nobody
domain_admins (S-1-5-21-1129281578-1295143107-3311307472-512) -> root
administrators (S-1-5-32-544) -> 544
users (S-1-5-21-1129281578-1295143107-3311307472-545) -> users
guests (S-1-5-21-1129281578-1295143107-3311307472-546) -> nobody
power_users (S-1-5-21-1129281578-1295143107-3311307472-547) -> 547
account_operators (S-1-5-32-548) -> 548
server_operators (S-1-5-32-549) -> sys
print_operators (S-1-5-32-550) -> lp
backup_operators (S-1-5-32-551) -> bin
replicator (S-1-5-21-1129281578-1295143107-3311307472-552) -> daemon
computers (S-1-5-21-1129281578-1295143107-3311307472-515) -> dcomputers
Enterprise Admins (S-1-5-21-1129281578-1295143107-3311307472-519) -> 519

output ldap search =>cn=domain_admins

[EMAIL PROTECTED] root]# ldapsearch -xv -b "dc=tow,dc=net" cn=domain_admins
ldap_initialize( <DEFAULT> )
filter: cn=domain_admins
requesting: ALL
# extended LDIF
# LDAPv3
# base <dc=tow,dc=net> with scope sub
# filter: cn=domain_admins
# requesting: ALL
# domain_admins, Groups, tow.net
dn: cn=domain_admins,ou=Groups,dc=tow,dc=net
objectClass: posixGroup
objectClass: sambaGroupMapping
sambaSID: S-1-5-21-1129281578-1295143107-3311307472-512
gidNumber: 0
cn: domain_admins
memberUid: Administrator,kent
description: Netbios Domain Administrators
sambaGroupType: 2
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1


[EMAIL PROTECTED] root]# cat /usr/local/samba/lib/smb.conf
# Samba config file created using SWAT
# from (
# Date: 2003/11/04 16:29:07
# Global parameters
        workgroup = WarehamPS
        netbios name = WHS1
        server string = RedHat 8.0 LDAP Server
        passdb backend = ldapsam
        passwd program = /usr/local/sbin/smbldap-passwd.pl
        log file = /var/log/samba.%m
        max log size = 50
        time server = Yes
        passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUnix\spassword:* %n\n
#       unix password sync = Yes
#       add user script = /usr/local/sbin/smbldap-useradd.pl -w -d
/dev/null -c
'Machine Account' -s /bin/False
#       delete user script = /usr/local/sbin/smbldap-userdel.pl
#       add group script = /usr/local/sbin/smbldap-groupadd.pl
#       delete group script = /usr/local/sbin/smbldap-groupdel.pl
        add machine script = /usr/local/sbin/smbldap-useradd.pl -w -g
"domain_computer" -d /dev/null -c "Machine Account" -s /bin/false %u$
        add user script = /usr/sbin/useradd -m -d /accounts/"%u" -g 500
        delete user script = /usr/sbin/userdel -r %u
        add group script = /usr/sbin/groupadd %g
        delete group script = /usr/sbin/groudadd %g
        add user to group script = /usr/sbin/usermod -G %g %u
#       add machine script = /usr/sbin/useradd -s /bin/false -g 502 -d
/dev/null %u$
        logon script = netlogon.bat
        logon home = \\%L\%U
        domain logons = Yes
        os level = 64
        domain master = Yes
        dns proxy = No
        ldap suffix = dc=tow,dc=net
        ldap machine suffix = ou=Computers
        ldap user suffix = ou=Users
        ldap group suffix = ou=Groups
        ldap admin dn = cn=admin,dc=tow,dc=net
        admin users = @domain_admins
        ldap ssl = no
        read only = No
        create mask = 02770
        directory mask = 02770
        comment = Home Directories
        path = %H
        hide files = /.*/
        browseable = No
        comment = Network Logon Service
        path = /usr/local/samba/netlogon
        read only = Yes
        hide files = /.*/*.bat/*.dll/200*/
        browseable = No
        comment = Domain User Profiles
        path = /accounts/profiles
        read only = No
        browseable = No
        comment = Staff common
        path = /accounts/staff
        comment = Ghost image files
        path = /accounts/images
        comment = All Printers
        path = /var/spool/samba
        read only = Yes
        printable = Yes
        browseable = No

I've also added the appropriate password to secrets.tdb by:
smbpasswd -w xxxx


[EMAIL PROTECTED] root]# cat /usr/local/etc/openldap/slapd.conf
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 2000/08/26
17:06:18 kurt Exp $
include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/nis.schema
include         /usr/local/etc/openldap/schema/samba.schema
database        ldbm
suffix          "dc=tow,dc=net"
rootdn          "cn=admin,dc=tow,dc=net"
rootpw          {SSHA}WhTBLrgNGnKeZYgS0bT6TfIL2jKBbOnr
#password-hash  {crypt}
directory       /usr/local/var/openldap-data/wareham
schemacheck     on
lastmod         on
# Indices to maintain
index   objectClass                             eq
#index  objectClass,uid,uidNumber,gidNumber     eq
#index  cn,mail,surname,givenname               eq,subinitial
index   cn,sn,st                                pres,eq,sub
#access read

I got the latest tools from www.idealx.com and adjusted the
smbldap_conf.pm for my site. 

Any suggestions? I'm so close I can taste it.

Kent L. Nasveschuk <[EMAIL PROTECTED]>

