On Wed, 2005-08-10 at 22:48 -0500, David Krider wrote: > As someone replied to me, the latest version of Samba no longer needs > the "ldap filter" configuration setting. I think this is too bad, > because it looks like the relevant line in the IDEALX Howto -- which is > commented out in the docs -- does *EXACTLY* what I think needs to be > done. Like I'm implying here, I think this is a bug in the Samba code. I > guess this means I ought to enter a bug in Samba's bugzilla?
Holy crap! On a lark, I added "ldap filter = (&(objectClass=sambaSamAccount)(uid=%u))" to my smb.conf file -- like the IDEALX script _used_ to say (but was commented out), and which the LDAP logs suggested I needed -- and, lo and behold, IT WORKED!!! I got a machine added to the domain. Notes: * I changed the gid of the "root" LDAP user to 512. It seemed to choke on the fact that there was no group with an id of 0. * I had to re-add all the "%u"'s to the various script lines in my smb.conf file. Apparently, SWAT wiped them off. * There's still some problem with the "ldap filter" parameter in logging into the domain. Samba still wants to only search on 'objectClass=sambaSamAccount'. The filter parameter causes this to be redundant (which doesn't hurt anything), but it's the (uid=%u) that's saving the day. Now that I think about it, the filter ought to have just been (uid=%u) -- or maybe (&(uid=&u)), depending -- I'll have to test this further on the next machine join. * The IDEALX smbldap-useradd script example in their smb.conf file is a little misleading. You'll need a `-a' to get it to add a sambaSamAccount object-classed account. * phpldapadmin is fantastic. I highly recommend it. It looks to me like the Samba people need to revoke the ldap-filter-isn't-needed-any-more line, and the IDEALX people need to address the fact that you don't need a uid 0 account to add machines to the domain any more. (Or is this also not NOT true now?) The bottom line here, Horst, is that I think you need this in your smb.conf file: ldap filter = (uid=%u) Please let us know how you get on. Regards, dk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba