Thanks for the response. Doesn't the machine account have to have a $ at the end?? In which case the user and machine account are not the same right?
Jason On Fri, 9 Jan 2004, Sundaram Ramasamy wrote: > Can you put user and computer account in the same tree. > > change in smb.conf > > ldap machine suffix = ou=User > > also change you smbldap_conf.pm file also. > > > ----- Original Message ----- > From: "Jason P Holland" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, January 09, 2004 3:08 PM > Subject: [Samba] Samba 3.0 PDC+LDAP Help in Fedora Core 1 > > > > > > Hello, > > > > I am hoping someone will offer some help. I'm currently trying to setup a > > samba 3 PDC with LDAP authentication backend in Fedora core 1. I've read > > loads of documentation, including > > > > http://www.hilinski.net/samba/ldap_PDC_samba.doc > > http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html > > http://samba.idealx.org/samba-ldap-howto.pdf > > > > As well as tons of posts in the mailing list archives, but I still cannot > > get this combination to work. > > > > As for the setup, I've installed Openldap 2.1.22, Samba 3.0.0, > > smbldap-tools-0.8.2. I've run smbpasswd -w to add my slapd.conf password > > to the secrets.tdb file. I've setup smbldap_conf.pl with my correct SID > > and ldap dn. I've populated my ldap database using smbldap-populate.pl, > > everything shows up correctly. I've gone in to the ldap db and fixed > > roots uid and gid as well as its sambaSID so that it can act as > > administrator. As far as I can tell, its setup correctly. > > > > However, when I go to join a W2k Workstation client, I get "The user name > > could not be found.". Thats using root-testing combination from my config > > files. Samba does automatically create the machine account, that looks > > fine. But it refuses to join the machine. Yes, I'm aware of the registry > > hack for XP,W2K machines, and that has also been changed. > > > > > > The weird thing is from that client, who I cannot join, I can view shares > > on the PDC using root-testing user pass combination, so I know the > > authentication is working correctly through ldap. So what does that > > user name not found error really mean? > > > > Does anyone see anything obviously wrong in my config files that would > > cause this? I've cut them into the post below. I would appreciate any > > help as I'm just tired of reading and just can't seem to get past adding > > a machine. Thanks for any help... > > > > Jason > > > > > > --- begin ldap.conf ---- > > > > HOST 127.0.0.1 > > BASE dc=test,dc=edu > > > > ---- end ldap.conf ---- > > > > > > --- begin slapd.conf ---- > > > > include /etc/openldap/schema/core.schema > > include /etc/openldap/schema/cosine.schema > > include /etc/openldap/schema/nis.schema > > include /etc/openldap/schema/inetorgperson.schema > > include /etc/openldap/schema/samba.schema > > > > pidfile /var/run/slapd.pid > > argsfile /var/run/slapd.args > > database bdb > > suffix "dc=test,dc=edu" > > rootdn "cn=root,dc=test,dc=edu" > > rootpw testing > > > > directory /var/lib/ldap > > index objectClass eq > > index cn pres,sub,eq > > index sn pres,sub,eq > > index uid pres,sub,eq > > index displayName pres,sub,eq > > index uidNumber eq > > index gidNumber eq > > index memberUid eq > > index sambaSID eq > > index sambaPrimaryGroupSID eq > > index sambaDomainName eq > > index default sub > > > > ---- end slapd.conf ---- > > > > > > ---- begin smb.conf ---- > > [global] > > passdb backend = ldapsam > > ldap suffix = "dc=test,dc=edu" > > ldap machine suffix = ou=Computers > > ldap user suffix = ou=Users > > ldap group suffix = ou=Groups > > ldap admin dn = "cn=root,dc=test,dc=edu" > > ldap ssl = no > > idmap backend = ldap:ldap://127.0.0.1 > > passwd chat debug = Yes > > passwd program =/usr/local/sbin/smbldap-passwd.pl -o %u > > passwd chat = *new*password* %n\n *new*password:* %n\ *successfully* > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > add machine script = /usr/local/sbin/smbldap-useradd.pl -w %m > > add user script = /usr/local/sbin/smbldap-useradd.pl -a %u > > delete user script = /usr/local/sbin/smbldap-userdel.pl %u > > add group script = /usr/local/sbin/smbldap-groupadd.pl %g > > delete group script = /usr/local/sbin/smbldap-groupdel.pl %g > > add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m %u %g > > delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x %u > %g > > set primary group script = /usr/local/sbin/smbldap-usermod.pl -G %g %u > > workgroup = TEST > > netbios name = donald > > comment = test samba pdc > > security = user > > null passwords = yes > > encrypt passwords = yes > > logon script=logon.bat > > logon drive = > > logon path = > > domain master = yes > > domain logons = yes > > preferred master = yes > > os level = 33 > > wins support = yes > > wins proxy = no > > log file = /var/log/samba/%m.log > > public = No > > browseable = yes > > writable = No > > > > ; necessary share for domain controller > > [netlogon] > > path = /netlogon > > locking = no > > read only = yes > > write list = ntadmin > > > > ;test share > > [tmp] > > writeable = yes > > public = yes > > path = /tmp > > > > [profiles] > > path = /profiles > > read only = no > > writeable = yes > > create mask = 0600 > > directory mask = 0700 > > > > ---- end smb.conf --- > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba