RE: [Samba] Samba authentication slow against PDC
The x in 3.0.x is interesting. There has been a serious optimization in 3.0.10, significant more work there is to come in 3.0.11 Volker Actually the PDC and BDC are both running Samba v3.0.10 while the troublesome server is running 3.0.9. Commenting out the username level setting seems to have fixed our issue. I'm going to let the 3.0.9 server run for awhile and see if the authentication problem comes up again. If everything runs smoothly then I'm a little reluctant to upgrade it since I'm a firm believer in if it's not broke don't fix it. I'll also take a look at the release notes for 3.0.10 and 3.0.11 to see if anything specifically addresses the issue we were having. Thanks, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba authentication slow against PDC
Just an update on what the fix for this problem was. It was an entry called username level which in our smb.conf file was set to 8. This caused the samba server to query ldap 256 times per user which caused the CPU on our PDC/LDAP server to peg. After setting this entry to 0 everything is working as it should. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] [Fwd: password quality compliance]
Thanks Andrew. I'll take a look at it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Bartlett Sent: Tuesday, January 18, 2005 2:53 PM To: Chris Snider Cc: samba@lists.samba.org; 'Gerald (Jerry) Carter' Subject: RE: [Samba] [Fwd: password quality compliance] On Tue, 2005-01-18 at 08:31 -0600, Chris Snider wrote: I would also like to see a force strong password feature added. Which is has been. Simo did the dirty work, and packaged my cracklib code into an example app, and setup a 'script' hook to call it. The parameter missed documentation for a while, but should be in the latest snapshot as 'check password script', with the cracklib code in examples/auth/crackcheck. (By using a script, simo allowed the silly exit(1) behaviour of cracklib to continue, without killing smbd). Hmm, we should make this a little easier to find - I was looking under 'password quality script' originally... Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: Why does nobody answere??? WG: [Samba] username map - same problem
Mathias, What exactly is failing? Are you doing a smbclient -L localhost -U stotadmin and it's not showing you the shares or are you attempting to login from a domain member PC and its failing? It looks like your usermap is working just fine as shown by your log entry check_ntlm_password: authentication for user [stotadmin] - [p01user] - [p01user] succeeded More information would be needed to help you. I believe the problem that Bjorn has is he needs to add a root user to the samba password database. smbpasswd -a root should do the trick if he's not using ldap the backend. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Upgrading samba.schema post 3.0.6
When I browse the directory, however, I don't see the that the changes appear to have taken hold. Nor can I edit a user entry directly to add the attribute. Do I need to perform some sort of compilation on the schemas before restarting openldap? I believe you have to set the password history policy using pdbedit first. pdbedit -P password history -C 3 Also the attribute doesn't show up until the user changes their password for the first time. Have a user change their password and it should add the attribute. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] tdbsam (local) to ldap (tdbldap) backend migration causespam restrictions not to work anymore?
What I would need to have is: - remember 5 last passwords - have the ability to force use of letters and numbers in passwords - force minimal length. Read the man pages for pdbedit. You will be able to do 2 of the 3 using pdbedit. The force use of strong passwords isn't implemented yet although I believe(don't quote me) they will be adding that feature in later releases. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] [Fwd: password quality compliance]
I would also like to see a force strong password feature added. Thanks, Chris -Original Message- From: [EMAIL PROTECTED] [mailto:samba- [EMAIL PROTECTED] On Behalf Of Gerald (Jerry) Carter Sent: Monday, January 17, 2005 9:01 AM To: [EMAIL PROTECTED] Cc: samba@lists.samba.org Subject: Re: [Samba] [Fwd: password quality compliance] -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 fandino wrote: | | ok, I will do a more direct question. | | How is supposed Samba will prevent users from selecting | weak passwords? There have been several variants opf patches that would allow smbd to use the libcrack library to enforce string passwords. The final agreed upon design was never implemented to my knowlege (at least I don't remember seeing a patch). What we need is just a hook that allows you to call an external script to check the password strength. Would be very easy to do. The main issue would be good error returns from the script to smbd (such as dictionary word, password to short, etc...) and then translating these to an NTSTATUS error code for the client. If you are interested in implementing this, I'd take it up on the samba-technical mailing list. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba authentication slow against PDC
We are currently running three Samba 3.0.x file servers which authenticate against a Samba PDC running LDAP. 2 out of the 3 samba servers authenticate quickly(5 seconds) when using smbclient -L localhost -U username however the third will eventually time out saying Server did not respond in 2 milliseconds. NetBIOS over TCP disabled when there is any sort of load on it ~30% cpu usage. If there is no load on the server then authentication still takes around 15 seconds using the smbclient command. When the server is under a load domain computers are unable to map drives when running their login script although once authenticated they can browse and map drives without issue. The only way to fix the problem is to reboot the server several times until all users get their drives mapped then everything is fine. The box in question is running Fedora core 2 with all patches applied using yum. If you need my configuration or any other information please let me know. Thanks, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba authentication slow against PDC
Paul, Thanks for your reply. How many clients do you have running against your server(s). Just shy of 1000. 952 total clients. ever considered a BDC? We do have a BDC although it doesn't take as much of a load off of our PDC as I would like. The PDC will run around 70% utilization during real busy times, usually in the morning, while the BDC will be running around 30-40%. People are still able to authenticate against the BDC and run their login scripts from the BDC so I know it is working. I was kicking around the idea of having BDCs at each customer location however client authentication doesn't seem to be the issue as much as our third samba server deciding if the user has access to a share. What program is chewing up the most cpu when you're at 30%? SMBD takes up 30% on the file server and SLAPD takes up to 70% on the PDC. How many distinct samba processes do you have going? Didn't look on the file server but I know the PDC had 1200 LDAP connections when it usually only has 200-500. Once I rebooted the problematic Samba server that number dropped to 170 or so. I will check tomorrow and let you know how many smbd processes I have running. Try dropping in with a console and seeing how well a command like getent passwd or getent group, or even an ls -alF responds. When I run getent passwd from the problem file server it responds almost immediately streaming user entries. Same with getent group. I can also do id username and it returns information within 1 second. A little slower than if the PDC and Fileserver had no load on them but it wasn't painfully slow. I did notice that when I ran ls -al in /homes it took a real long time(7 seconds) to display the directories. I'm wondering if the samba problem is because we have 1000 user home directories under /home. I'm not real familiar with the way Samba authenticates a user to access a share but this could definitely be a problem. If it's slow then your LDAP link could be to blame. Possibly, however our other 2 samba servers don't seem to have any issues when the third one does. Make sure that you've got nscd running on your PDC. I didn't enable nscd since I've read nscd can chew up system resources and cause stability issues. Since we are having stability issues anyway I'll enable it and let you know Tuesday if that made a difference. I'll keep working on it and let you know if I find anything. Thanks, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Upgrading from 2.2.7 to 3.0.3
I had sent this message once before but since the samba list is so busy I figured it probably got lost in the shuffle. Here it is again. Is there a how-to out there which could walk me through upgrading a working Samba 2.2.7/Openldap server to Samba 3.0.3/Openldap server? I can get Samba 3.0.3 and Openldap to work with a new install however when I attempt to import my old LDAP database I have to change the user's password and rejoin the workstations to the domain. Do I have to do this or should it be pretty seamless? I converted my ldif file by running ./convertsambaaccount --sid S15. --input old.ldif --output new.ldif and imported into my LDAP database however I can't login unless I change the user's password. I have around 1000 users and 1000+ workstations so changing every password isn't an option. Any help would be appreciated. Thanks, Chris -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Upgrading from 2.2.7 to 3.0.3
Is there a how-to out there which could walk me through upgrading a working Samba 2.2.7/Openldap server to Samba 3.0.3/Openldap server? I can get Samba 3.0.3 and Openldap to work with a new install however when I attempt to import my old LDAP database I have to change the user's password and rejoin the workstations to the domain. Do I have to do this or should it be pretty seamless? I converted my ldif file by running ./convertsambaaccount --sid S. --input old.ldif --output new.ldif and imported into my LDAP database however I can't login unless I change the user's password. I have around 1000 users and 1000+ workstations so changing every password isn't an option. Any help would be appreciated. Thanks, Chris -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Minor Bug Report ?
Yohann, You need to install the ldap developer package rpm before compiling samba. If you compiled ldap from source then you need to copy your ldap includes and libs to /usr/include and /usr/lib respectively. The easiest way is the definitely the rpm install. Chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Yohann Ferreira Sent: Monday, May 03, 2004 3:18 AM To: [EMAIL PROTECTED] Subject: [Samba] Minor Bug Report ? Hi everyone ! I just wanna say that I can't configure Samba 3.0.3 to compile with LDAP Support ( --with-ldap ) Here's the log : checking for LDAP support... yes checking ldap.h usability... no checking ldap.h presence... no checking for ldap.h... no checking lber.h usability... no checking lber.h presence... no checking for lber.h... no configure: error: ldap.h is needed for LDAP support Thanks for reading ! _ Dialoguez en direct et gratuitement avec vos amis sur http://g.msn.fr/FR1001/866 MSN Messenger ! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3 PDC + OpenLDAP + Mandrake 10.0
Did you add your root account using smbpasswd -a root? If so check to make sure you have a root=administrator entry in the /etc/samba/smbusers file. Try these steps first and let me know. Chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wisudanto C Suntoyo Sent: Thursday, April 29, 2004 8:10 AM To: [EMAIL PROTECTED] Subject: [Samba] Samba 3 PDC + OpenLDAP + Mandrake 10.0 Hi all Need Urgent Help :( I' m new to this List... I'm trying to setup a new Samba 3 PDC + OpenLDAP on a Mandrake 10.0 to replace an older server... Cause I need an LDAP Backend for a BDC planned on a remote site, and Samba 3 came along. So I'm following this Doc http://au1.samba.org/samba/docs/man/guide/happy.html 1. I fail once I get to this step 18 of initialization and creation [EMAIL PROTECTED] root]# net rpc join -U Administrator%My_Pa555 The username or password was not correct. I've Tried changing the pass a few times with the smbldap-passwd tool nothing changed 2. I also cant seem to authenticate my Administrator user (uid=0) to add Machine accounts... an unknown username or bad password error comes up Any Ideas Regards Wisu LDAP log --- [EMAIL PROTECTED] root]# tail -f /var/log/ldap/ldap.log Apr 29 04:14:15 qjktsmb slapd[7401]: conn=5 op=4 SRCH base=dc=qdc,dc=co,dc=id scope=2 filter=((uid=gdm)(objectClass=sambaSamAccount)) Apr 29 04:14:15 qjktsmb slapd[7401]: conn=5 op=4 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial Apr 29 04:14:15 qjktsmb slapd[7401]: conn=5 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text= Apr 29 04:14:15 qjktsmb slapd[7401]: conn=5 op=5 SRCH base=ou=Groups,dc=qdc,dc=co,dc=id scope=2 filter=((objectClass=sambaGroupMapping)(|(displayName=gdm)(cn=gdm))) Apr 29 04:14:15 qjktsmb slapd[7401]: conn=5 op=5 SRCH attr=gidNumber sambaSID sambaGroupType description displayName cn objectClass Apr 29 04:14:15 qjktsmb slapd[7401]: conn=5 op=5 SEARCH RESULT tag=101 err=0 nentries=0 text= Apr 29 04:14:15 qjktsmb slapd[7401]: conn=5 op=6 SRCH base=ou=Groups,dc=qdc,dc=co,dc=id scope=2 filter=((objectClass=sambaGroupMapping)(gidNumber=77)) Apr 29 04:14:15 qjktsmb slapd[7401]: conn=5 op=6 SRCH attr=gidNumber sambaSID sambaGroupType description displayName cn objectClass Apr 29 04:14:15 qjktsmb slapd[7401]: conn=5 op=6 SEARCH RESULT tag=101 err=0 nentries=0 text= Apr 29 04:14:18 qjktsmb slapd[7401]: conn=6 fd=10 closed Apr 29 04:17:30 qjktsmb slapd[7401]: conn=7 fd=10 ACCEPT from IP=192.168.1.199:33004 (IP=0.0.0.0:389) Apr 29 04:17:30 qjktsmb slapd[7401]: conn=7 op=0 BIND dn=cn=Manager,dc=qdc,dc=co,dc=id method=128 Apr 29 04:17:30 qjktsmb slapd[7401]: conn=7 op=0 BIND dn=cn=Manager,dc=qdc,dc=co,dc=id mech=simple ssf=0 Apr 29 04:17:30 qjktsmb slapd[7401]: conn=7 op=0 RESULT tag=97 err=0 text= Apr 29 04:17:30 qjktsmb slapd[7401]: conn=7 op=1 SRCH base=dc=qdc,dc=co,dc=id scope=2 filter=((objectClass=sambaDomain)(sambaDomainName=QDC-JKT)) Apr 29 04:17:30 qjktsmb slapd[7401]: conn=7 op=1 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass Apr 29 04:17:30 qjktsmb slapd[7401]: conn=7 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Apr 29 04:17:30 qjktsmb slapd[7401]: conn=8 fd=23 ACCEPT from IP=192.168.1.199:33005 (IP=0.0.0.0:389) Apr 29 04:17:30 qjktsmb slapd[7401]: conn=8 op=0 BIND dn=cn=Manager,dc=qdc,dc=co,dc=id method=128 Apr 29 04:17:30 qjktsmb slapd[7401]: conn=8 op=0 BIND dn=cn=Manager,dc=qdc,dc=co,dc=id mech=simple ssf=0 Apr 29 04:17:30 qjktsmb slapd[7401]: conn=8 op=0 RESULT tag=97 err=0 text= Apr 29 04:17:30 qjktsmb slapd[7401]: conn=8 op=1 SRCH base=dc=qdc,dc=co,dc=id scope=2 filter=((objectClass=sambaDomain)(sambaDomainName=QDC-JKT)) Apr 29 04:17:30 qjktsmb slapd[7401]: conn=8 op=1 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass Apr 29 04:17:30 qjktsmb slapd[7401]: conn=8 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Apr 29 04:17:30 qjktsmb slapd[7401]: conn=8 fd=23 closed Apr 29 04:17:30 qjktsmb slapd[7401]: conn=7 op=2 SRCH base=dc=qdc,dc=co,dc=id scope=2 filter=((uid=root)(objectClass=sambaSamAccount)) Apr 29 04:17:30 qjktsmb slapd[7401]: conn=7 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial Apr 29 04:17:30 qjktsmb slapd[7401]: conn=7
[Samba] Unable to get groupmap to work with LDAP
I believe I have everything setup correctly on my RH9 server running Samba 3.0.3.rc1 and openLDAP 2.1.22. I can join computers to the domain and authenticate to the domain without any problems. What I am having problems with is trying to do a group map so Domain Admins have administrative rights on the workstation when they login. I can get this to work on non LDAP setups by issuing net groupmap modify ntgroup=Domain Admins unixgroup=ntadmins. Then when I login to the workstation as a Domain Admin member I get administrator rights to that workstation. I followed the steps in Chapter 6 of the Samba-3 by example book but it seems to be missing a couple of entries which I can't figure out. I've populated my LDAP database with IDEALX smbldap-populate. However when I login to the workstation as a Domain Admin member I don't have administrative privileges. When I issue a net groupmap list I get this. [EMAIL PROTECTED] /]# net groupmap list Domain Admins (S-1-5-21-3532146760-1190644406-3147972635-512) - Domain Admins Domain Users (S-1-5-21-3532146760-1190644406-3147972635-513) - Domain Users Domain Guests (S-1-5-21-3532146760-1190644406-3147972635-514) - Domain Guests Print Operators (S-1-5-21-3532146760-1190644406-3147972635-550) - Print Operators Backup Operators (S-1-5-21-3532146760-1190644406-3147972635-551) - Backup Operators Replicator (S-1-5-21-3532146760-1190644406-3147972635-552) - Replicator Domain Computers (S-1-5-21-3532146760-1190644406-3147972635-553) - Domain Computers When I attempt to change Domain Admins I get this [EMAIL PROTECTED] /]# net groupmap modify ntgroup=Domain Admins unixgroup=root [2004/04/30 14:49:47, 0] passdb/pdb_ldap.c:ldapsam_update_group_mapping_entry(2141) ldapsam_update_group_mapping_entry: No group to modify! Could not update group database What am I doing wrong? Where are the group mappings stored? Thanks, Chris -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problems with NT passwords using Samba3 and LDAP
Jose, I finally figured out my problem yesterday and it ended up being the value set in the pwdLastSet field in the LDAP database. If this entry was set to 0 then that user would be unable to login. If you are able to get your users to login by rejoining their workstation to the domain then that may not be the issue. Try running smbclient -L localhost -U brokenuser on the server and see if it authenticates them. If it doesn't then check the pwdLastSet field and make sure it's not set to 0. I found this to only be an issue with Samba 3. Another thing to try is open up two ldap records, one that works and one that doesn't, and simply look at what's different between the two. That's how I was able to find my problem. Hope this helps. Thanks, Chris -Original Message- From: Jose Martinez [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 20, 2004 9:17 AM To: [EMAIL PROTECTED] Subject: Re: [Samba] Problems with NT passwords using Samba3 and LDAP Chris Have you been able to find a fix to your problem. I have a similar situation in where I can have one user be able to login fine from multiple workstations but cant from say one or 2 others. However, I know those couple problematic workstations are ok because other users can login with no problem to those problematic machines. My fix has been to remove the workstation from the domain and readd it. This is a horrible fix because of the amount of boxes we have. Also, I am realizing that even though it fixes the problem temporarily, it does not fix it forever because another user might experience the same problem. Very confusing. Please let me know if you have found a fix. Jose [EMAIL PROTECTED] Chris Snider [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... I'm at my wits end here so hopefully someone can help me. Currently I have a Redhat 9.0 box running Samba 2.2.7 with openldap 2.0.27 as a PDC Domain logins work great with this setup. I can add, remove, modify computers and users all day long without a glitch. I do not store usernames in the local smbpasswd or passwd files. User information is stored in ou=Users,dc=mydomain,dc=com Group information is stored in ou=Groups,dc=mydomain,dc=com Computer information is stored in ou=Computers,dc=mydomain,dc=com My problem appeared when I attempted to create the same setup using Samba 3.0.2a. Here is what I did. 1. I created a working PDC using Samba 2.2.7 and openldap 2.0.27 on RH9. I was able to login as user bsmith from a W2k machine called bob-smith. 2. I then compiled Samba 3.0.2a from source making sure I added the --with-ldapsam flag 3. Configure --with-acl-support --with-ldapsam --prefix=/usr --localstatedir=/var --with-configdir=/etc/samba --with-privatedir=/etc/samba/private --with-lockdir=/var/lock --with-piddir=/var/run --with-logfilebase=/var/log --with-smbmount --with-utmp --with-syslog 4. Make 5. Make install No errors were generated during the compile. 6. Made the changes to my smb.conf file to allow for the ldapsam_compat mode.(see smb.conf at the end of this message) 7. Edited the samba.schema file to use the Version 2 schema and copied it to /etc/openldap/schema/ 8. Installed the new version of smbldap tools which came bundled with Samba 3.0.2a 9. Ran the smbpasswd -w password to store my Manager password in the secrets.tdb file 10. Started smbd -D and nmbd -D Everything to this point seems to work fine When I attempt to login as user bsmith from a computer(bob-smith) I get a bad username or password message. I checked the /var/logs/samba/bob-smith.log and this is what I see. [2004/04/16 12:27:01, 2] smbd/sesssetup.c:setup_new_vc_session(591) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/04/16 12:27:01, 2] smbd/sesssetup.c:setup_new_vc_session(591) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/04/16 12:27:01, 2] lib/smbldap.c:smbldap_open_connection(626) smbldap_open_connection: connection opened [2004/04/16 12:27:09, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) init_sam_from_ldap: Entry found for user: nobody [2004/04/16 12:27:10, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1668) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2004/04/16 12:27:10, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1668) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2004/04/16 12:27:10, 2] rpc_parse/parse_prs.c:netsec_decode(1575) netsec_decode: FAILED: packet sequence number: [2004/04/16 12:27:10, 2] lib/util.c:dump_data(1830) [000] 87 F0 07 93 7D 17 F1 80 }... [2004/04/16 12:27:10, 2] rpc_parse/parse_prs.c:netsec_decode(1577) should be: [2004/04/16 12:27:10, 2] lib/util.c:dump_data(1830) [000] 00 00 00 00 80 00 00 00 [2004/04/16 12:27:10, 0] rpc_server
[Samba] Problems with NT passwords using Samba3 and LDAP
Server passdb backend = ldapsam_compat:ldap://127.0.0.1 passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u passwd chat = *new*password* %n\n *new*password* %n\n *successfully* username level = 8 unix password sync = Yes log level = 2 log file = /var/log/samba/%m.log socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 add user script = /usr/local/sbin/smbldap-useradd.pl -m -d /dev/null -g 1000 -s /bin/false domain logons = Yes os level = 255 preferred master = Yes domain master = Yes wins support = Yes ldap server = 127.0.0.1 ldap port = 389 ldap suffix = dc=mydomain,dc=com ldap machine suffix = ou=Computers,dc= mydomain,dc=com ldap user suffix = ou=Users,dc= mydomain,dc=com ldap group suffix = ou=Groups,dc= mydomain,dc=com ldap admin dn = cn=Manager,dc= mydomain,dc=com ldap ssl = no utmp = Yes remote announce = 192.168.0.0 [homes] comment = Home Directories valid users = %U read only = No create mask = 0640 browseable = No [netlogon] comment = Network Logon Service path = /samba/netlogon guest ok = Yes Thanks, Chris Snider -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba