-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sorry, I found a clue. In these below, I made the SID the same and it worked. In my case, I will have multiple domains all pulling from the same LDAP. How can I make this work without having to have the SID's for each domain be the same. (Which I am pretty sure would be a bad idea, right?)
Ted On Thursday 01 April 2004 09:19 am, Ted Wisniewski wrote: > Thanks for the response, but the odd thing is that both had the same set of > parameters in the LDAP. I took your advice and added some other parameters > to the LDAP for a non working entry... Same result. > > Example LDIF (Working): > > dn: uid=newuser, ou=People, dc=plymouth,dc=edu > sambaPwdLastSet: 1080739453 > sambaAcctFlags: [U ] > displayName: New User > sambaPwdMustChange: 2147483647 > objectClass: sambaSamAccount > objectClass: account > uid: newuser > sambaSID: S-1-5-21-204843054-3526713080-3458795326-37000 > sambaPwdCanChange: 1080739453 > sambaNTPassword: 5A6A0AFE9618570BF8B167BC1B9E4B1D > sambaPrimaryGroupSID: S-1-5-21-204843054-3526713080-3458795326-1063 > sambaLMPassword: 54E8D1FD3821A0A8AAD3B435B51404EE > > Example LDIF (NOT WORKING) > dn: uid=notworking, ou=People, dc=plymouth,dc=edu > sambaPwdLastSet: 1080739453 > sambaAcctFlags: [U ] > displayName: Not Working > sambaPwdMustChange: 2147483647 > objectClass: sambaSamAccount > objectClass: account > uid: notworking > sambaSID: S-1-5-21-204843054-3526713080-3458795326-3472 > sambapwdCanChange: 1080739453 > sambaNTPassword: 8F851644E0A37D3FB3476910A6A93303 > sambaPrimaryGroupSID: S-1-5-21-204843054-3526713080-3458795326-1399 > sambaLMPassword: F12E9CF522B3C3FBAAD3B435B51404EE > > > > Any ideas? I can map to the home share without difficulty... It is only > a problem when doing a domain logon. If I delete the LDAP entry and do > the (smbpasswd -a) from the command line, the entries look identical. The > only difference is one works and the other does not. Is there another > place where info is recorded? In the LDAP? in a TDB file? > > Ted > > >On Wed, 2004-03-31 at 12:47, Ted Wisniewski wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> Here is a description of what I am trying to do (with Samba 3.0.2a & > > openldap > > >> 2.1.27): > >> > >> I have all my users populated into the LDAP with all the applicable > >> attributes; Users can map drives to a server using LDAP as the > >> authentication backend without issue. > >> > >> Where I am running into problems is bringing up a PDC using Samba > >> w/LDAP. > >> > >> * I added the appropriate machine accounts (using smbpasswd -a -m) and > >> was able to join the domain. > >> > >> * Any user in the pre-populated LDAP cannot log in, however, any user I > >> add > > to > > >> the LDAP from the machine with Samba running on it CAN log in properly. > >> > >> If I delete the original entry from the LDAP, add a new on via > >> (smbpasswd > > -a), > > >> then the user can log in. This works, but is ultimately not > >> scalable... > > I > > >> can then place the original LDAP entry back in place and they can log > >> in... Just as long as the password for the account is not changed. > >> > >> I am sure there is something I am missing, but I cannot see it for the > >> life > > of > > >> me. The odd thing is, that in the log.smbd, I get odd errors about > > reading > > > a socket, but only for the users that have not been added by the local > > "smbpasswd" command. They are both in the same LDAP. Any help would be > > greatly appreciated. > > > > Ted > > -- SNIP -- > > > Global section of smb.conf > > ----- > it appears that the 'non-functional' user doesn't have the domain > attribute set (or at least set properly). > > ldapsearch -x -h whateverhost -D 'rootbinddn' -W '(uid=non-functional)' > > and then > > ldapsearch -x -h whateverhost -D 'rootbinddn' -W '(uid=functional)' > > and the functional users will have attributes such as sambaDomainName > properly set that the non-functional's do not. > > Craig - -- | Ted Wisniewski E-Mail: [EMAIL PROTECTED] | | Manager, Systems Group WEB: http://oz.plymouth.edu/~ted/ | | Information Technology Services | | Plymouth State University Phone: (603) 535-2661 | | Plymouth NH, 03264 Fax: (603) 535-2263 | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQFAbCegLoXjVqfQ0u4RAgHyAJ9Vl35VH06crVDvKugwq+mFbF9HKQCeOj4u I1LMqAnUzzzHEyXMwRpbwXM= =hCgI -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba