On Thu, 2004-04-01 at 07:30, Ted Wisniewski wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Sorry, > I found a clue. In these below, I made the SID the same and it worked. In > my case, I will have multiple domains all pulling from the same LDAP. How > can I make this work without having to have the SID's for each domain be the > same. (Which I am pretty sure would be a bad idea, right?) > > Ted > > > On Thursday 01 April 2004 09:19 am, Ted Wisniewski wrote: > > Thanks for the response, but the odd thing is that both had the same set of > > parameters in the LDAP. I took your advice and added some other parameters > > to the LDAP for a non working entry... Same result. > > > > Example LDIF (Working): > > > > dn: uid=newuser, ou=People, dc=plymouth,dc=edu > > sambaPwdLastSet: 1080739453 > > sambaAcctFlags: [U ] > > displayName: New User > > sambaPwdMustChange: 2147483647 > > objectClass: sambaSamAccount > > objectClass: account > > uid: newuser > > sambaSID: S-1-5-21-204843054-3526713080-3458795326-37000 > > sambaPwdCanChange: 1080739453 > > sambaNTPassword: 5A6A0AFE9618570BF8B167BC1B9E4B1D > > sambaPrimaryGroupSID: S-1-5-21-204843054-3526713080-3458795326-1063 > > sambaLMPassword: 54E8D1FD3821A0A8AAD3B435B51404EE > > > > Example LDIF (NOT WORKING) > > dn: uid=notworking, ou=People, dc=plymouth,dc=edu > > sambaPwdLastSet: 1080739453 > > sambaAcctFlags: [U ] > > displayName: Not Working > > sambaPwdMustChange: 2147483647 > > objectClass: sambaSamAccount > > objectClass: account > > uid: notworking > > sambaSID: S-1-5-21-204843054-3526713080-3458795326-3472 > > sambapwdCanChange: 1080739453 > > sambaNTPassword: 8F851644E0A37D3FB3476910A6A93303 > > sambaPrimaryGroupSID: S-1-5-21-204843054-3526713080-3458795326-1399 > > sambaLMPassword: F12E9CF522B3C3FBAAD3B435B51404EE > > > > > > > > Any ideas? I can map to the home share without difficulty... It is only > > a problem when doing a domain logon. If I delete the LDAP entry and do > > the (smbpasswd -a) from the command line, the entries look identical. The > > only difference is one works and the other does not. Is there another > > place where info is recorded? In the LDAP? in a TDB file? ---- It appeared that you edited the info to the point of making it difficult to trust what is actually being reported from the ldapsearch command.
It seems as though your smbuser in one case matches up to a unix user and in the other case (where it doesn't work) doesn't match up but if it works when you delete and then create the samba user, then both parts are certainly done. I have both posix and sambaSamAccount objectclass for all my users... a typical user looks like: # testuser, People, Domain US dn: uid=testuser, ou=People,o=Domain,c=US sambaPwdCanChange: 1075657455 sambaPwdMustChange: 2147483647 sambaPwdLastSet: 1075657455 shadowLastChange: 12449 sambaProfilePath: \\linserv1\profiles\testuser sambaLogonScript: users-pr.bat cn: testuser uidNumber: 1054 sambaAcctFlags: [U ] gecos: testuser mail: [EMAIL PROTECTED] sambaLMPassword: **removed** uid: testuser sambaHomePath: \\linserv2\homes\testuser homeDirectory: /home/users/testuser objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgperson objectClass: sambaSamAccount sambaDomainName: DOMAIN gidNumber: 1000 sambaSID: S-1-5-21-1292501092-333717336-619646970-3108 sambaNTPassword: **removed** sn: User givenName: Test loginShell: /bin/sh userPassword:: **removed** sambaPrimaryGroupSID: S-1-5-21-1292501092-333717336-619646970-513 NOTE: sambaPrimaryGroupSID: ends in -513 ("Domain Users") posix attributes not necessary with samba: loginShell, givenName, sn, cn, gecos, homeDirectory, and objectclasses posixAccount-inetOrgPerson-shadowAccount LDAP for samba should have 1 and only 1 domain (windows variety) and 1 SID (obtainable with net getlocalSID command). Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba