It could be ACL's but I am wondering how your /etc/ldap.conf file looks. Also, does the Domain Users group have the sambaGroupMapping objectClass? Also is it associated with the right samba Domain under the sambaSID? Otherwise the domain won't refer to that group.
James -----Original Message----- From: Daniel Tousignant [mailto:[EMAIL PROTECTED] Sent: Friday, March 17, 2006 12:08 PM To: James Taylor Cc: samba@lists.samba.org Subject: Re: [Samba] Domain authentification problem with LDAP The objectclass sambaSAMAccount and subsequent fields have been created. We are using the standard perl script tools that are installed with the mandriva 2006 distro (samba 3.0.13 and openldap 2.3.6). What I really do not understand is that if I put a user in the standard ldap group "Domain Admins" (gid=512), the user is able to logon to the domain, but not when it is in the "Domain Users" group (gid=513). What is the big difference for Samba between the two's ? Can it be an ACL problems ? "James Taylor" <[EMAIL PROTECTED]> a écrit: >The LDAP users you have created (including the machines) need to have the >objectclass: sambaSAMAccount and the subsequent fields. What are your >user >add scripts and machine add scripts you are using. Also, I have found >that >the IDEALX tools have an error in the smbldap-useradd script which >includes >that when you use the add machine switch the sambaSAMAccount information >is >not added to the LDAP database. I do have a copy of this modified file if >you need it. Otherwise if you can edit the script yourself. > >James > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf >Of Daniel Tousignant >Sent: Friday, March 17, 2006 9:11 AM >To: samba@lists.samba.org >Subject: [Samba] Domain authentification problem with LDAP > >We use samba 3.0.13 and openldap 2.3.6 >Members of the ldap group "Domain Admins" are working fine, but >members of the group "Domain Users" can not login to the domain, >and do not have access to the shares. Also, we are unable to join >a windows xp workstation to the domain. >Can anyone give me a hint where to start looking ... > >Thank you > > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba Daniel Tousignant Support informatique Intair Transit Courriel : [EMAIL PROTECTED] Telephone : (514) 286-8515 poste 3326 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba