Hi people, Been doing a server installation with Samba as a primary PDC that uses an LDAP backend on CentOS 5. The thing is that I cannot be able to get Samba and LDAP to talk as they should and now Im really stuck. Below are my dumps for /etc/samba/smb.conf, ldap.conf (copied its contents to /etc/openldap/ldap.conf too), and smbldap.conf. Excuse my long post; trying to be as elaborate as possible.
smb.conf ********** [global] workgroup = MYDOMAIN netbios name = MYDOMAIN server string = mydomain_office passdb backend = ldapsam:ldap://server.example.org passwd program = /usr/local/sbin/smbldap-passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated* username map = /etc/samba/smbusers log file = /var/log/samba/%m.log max log size = 100 add user script = /usr/local/sbin/smbldap-useradd "%u" -n -g users delete user script = /usr/local/sbin/smbldap-userdel "%u" add group script = /usr/local/sbin/smbldap-groupadd "%g" delete group script = /usr/local/sbin/smbldap-groupdel "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-userdel "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" add machine script = /usr/local/sbin/smbldap-useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u" logon script = %m.bat logon path = \\server.example.org\%U\profile domain logons = Yes os level = 33 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=config ldap delete dn = Yes ldap group suffix = ou=groups ldap machine suffix = ou=machines ldap passwd sync = Yes ldap suffix = dc=example,dc=org ldap user suffix = ou=people idmap uid = 1000-19999 idmap gid = 1000-19999 [homes] comment = Home Directories valid users = DOMAIN\%S read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = Yes share modes = No smbldap.conf ************ sambaDomain="MYDOMAIN" slaveLDAP="127.0.0.1" slavePort="389" masterLDAP="127.0.0.1" masterPort="389" ldapTLS="0" suffix="dc=example,dc=org" usersdn="ou=people,${suffix}" computersdn="ou=machines,${suffix}" groupsdn="ou=groups,${suffix}" sambaUnixIdPooldn="sambaDomainName=MYDOMAIN,${suffix}" scope="one" hash_encrypt="SSHA" crypt_salt_format="%s" userLoginShell="/bin/bash" userHome="/home/%U" userHomeDirectoryMode="700" userGecos="System User" defaultUserGid="513" defaultComputerGid="515" skeletonDir="/etc/skel" defaultMaxPasswordAge="45" userSmbHome="" userProfile="" userScript="logon.bat" mailDomain="example.org" with_smbpasswd="0" with_slappasswd="0" /etc/ldap.conf ********************** host server.example.org base dc=example,dc=org binddn cn=config bindpw 1w2345FJ rootbinddn cn=zimbra,dc=example,dc=org timelimit 120 bind_timelimit 120 bind_policy soft idle_timelimit 3600 nss_base_passwd ou=people,dc=example,dc=org?one nss_base_shadow ou=people,dc=example,dc=org?one nss_base_group ou=groups,dc=example,dc=org?one nss_base_hosts ou=machines,dc=example,dc=org?one nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman uri ldap://server.example.org ssl no tls_cacertdir /etc/openldap/cacerts pam_password md5 smbldap.conf ************ sambaDomain="MYDOMAIN" slaveLDAP="127.0.0.1" slavePort="389" masterLDAP="127.0.0.1" masterPort="389" ldapTLS="0" suffix="dc=example,dc=org" usersdn="ou=people,${suffix}" computersdn="ou=machines,${suffix}" groupsdn="ou=groups,${suffix}" sambaUnixIdPooldn="sambaDomainName=MYDOMAIN,${suffix}" scope="one" hash_encrypt="SSHA" crypt_salt_format="%s" userLoginShell="/bin/bash" userHome="/home/%U" userHomeDirectoryMode="700" userGecos="System User" defaultUserGid="513" defaultComputerGid="515" skeletonDir="/etc/skel" defaultMaxPasswordAge="45" userSmbHome="" userProfile="" userScript="logon.bat" mailDomain="example.org" with_smbpasswd="0" with_slappasswd="0" smbldap_bind.conf ***************** slaveDN="cn=config,dc=example,dc=org" slavePw="1w2345FJ" masterDN="cn=config,dc=example,dc=org" masterPw="1w2345FJ" The strange thing is that I can join a computer to the Domain, but only using the Samba+samba_root_passwd. I can even see the computer entry in the LDAP database when I run ldapsearch. However, I cannot or log in to the domain with credentials in LDAP. Also I cannot add machines to domain using privileged accounts stored in LDAP. Strangely though, Samba commands getent group and getent passwd work just fine (obtain info in ldap) when Im user zimbra, but not as root (yes user root); running these as root returns only system records in /etc/passwd & /smbpasswd. I think that I have done everything correctly including running the command smbpasswd -w 1w2345FJ for samba to connect to LDAP and putting the same password in smbldap_bind.conf defined for "cn=config" My diagnosis so far is that there is something not working in smbldap-tools Please advice, will appreciate. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba