[Samba] period password change problem
Hi ! I use samba (3.0.7) with ldap backend. I have installed above system some time ago. During our migration from netware to samba i had to disable period password change and do not remeber what i have "clicked" :-/ What parameters should be "on" to enable this functionality ? greetz boka -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] "is it possible" question
Hi ! Is it possible to set up samba like this: when user wants to print something, it gets prompt/dialog box/window with confirmation. greetz boka -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] config question
Hi ! I have to run my openldap server on non standard port - 390. Is this expression correct (from smb.conf - samba 3.0.4): passdb backend = ldapsam:ldap://localhost:390 If not, how to setup samba to bind different port when connecting to ldap server. greetz boka -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Specific user accounts not available to getent command
Hi ! Problem: I have working configuration of samba domain with ldap backend. Users can log into domain, i can add computers to domain, everything works ok except that some accounts are not available to getent command (look into Example). I thought that my PAM conf was wrong but all services uses system-auth conf which looks like: authrequired /lib/security/pam_env.so authsufficient/lib/security/pam_unix.so likeauth nullok authsufficient/lib/security/pam_ldap.so use_first_pass authrequired /lib/security/pam_deny.so account required /lib/security/pam_unix.so account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] /lib/security/pam_ldap.so passwordrequired /lib/security/pam_cracklib.so retry=3 type= passwordsufficient/lib/security/pam_unix.so nullok use_authtok md5 shadow passwordsufficient/lib/security/pam_ldap.so use_authtok passwordrequired /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so session optional /lib/security/pam_ldap.so I made a rebuild of indexes on OpenLDAP also. Example: [EMAIL PROTECTED] /]# smbldap-useradd -a test [EMAIL PROTECTED] /]# id test uid=1369(test) gid=221(Domain Users) grupy=221(Domain Users) [EMAIL PROTECTED] /]# getent passwd|grep test test1$:x:1222:553:test1$:/dev/null:/bin/false test2$:x:1357:553:test2$:/dev/null:/bin/false [EMAIL PROTECTED] sbin]# smbldap-usershow test dn: uid=test,ou=Users,dc=DOM,dc=PL objectClass: top,inetOrgPerson,posixAccount,shadowAccount,sambaSAMAccount cn: test sn: test uid: test uidNumber: 1369 gidNumber: 221 homeDirectory: /home/users/test loginShell: /bin/false gecos: System User description: System User sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 displayName: System User sambaSID: S-1-5-21-133419789-486977345-1400590255-3738 sambaPrimaryGroupSID: S-1-5-21-133419789-486977345-1400590255-1443 sambaHomeDrive: H: sambaLogonScript: test.cmd sambaHomePath: \\IO\homes sambaProfilePath: \\IO\profiles\test sambaPwdMustChange: 1086697544 sambaLMPassword: 01FC5A6BE7BC6929AA73B435B51404EE sambaPwdLastSet: 1081945544 sambaAcctFlags: [U] sambaNTPassword: 0CB6948805F797BF2A92807973B89537 userPassword: {SSHA}C0CRyrR5axrb2UF7Z7cCWdZ+8sF9U4HK [EMAIL PROTECTED] root]# mkdir 1 [EMAIL PROTECTED] root]# chown test 1 [EMAIL PROTECTED] root]# ls -la|grep test drwxr-xr-x2 test root 4096 kwi 14 14:15 1 [EMAIL PROTECTED] sbin]# smbldap-usershow boka2 dn: uid=Boka2, ou=Users,dc=DOM,dc=PL sambaPrimaryGroupSID: S-1-5-21-133419789-486977345-1400590255-1443 displayName: System User sambaLogonScript: Boka2.cmd objectClass: top,inetOrgPerson,posixAccount,shadowAccount,sambaSAMAccount sambaLogonTime: 0 sambaHomeDrive: H: uid: Boka2 uidNumber: 1041 cn: Boka2 sambaLogoffTime: 2147483647 loginShell: /bin/false sambaProfilePath: \\IO\profiles\boka2 gidNumber: 221 sambaPwdCanChange: 0 gecos: System User sambaSID: S-1-5-21-133419789-486977345-1400590255-3082 description: System User homeDirectory: /home/users/boka2 sambaKickoffTime: 2147483647 sn: Boka2 sambaHomePath: \\IO\homes sambaPwdMustChange: 1083253082 sambaLMPassword: 7A2743CD214D40FE7584248B8D2C9F9E sambaPwdLastSet: 1078501082 sambaAcctFlags: [U] sambaNTPassword: 5CEE4047351006503BC30091562E8EFB userPassword: {SSHA}c+VaQ4ezXkwqon43/N0fM5ciZJY7N2s5 [EMAIL PROTECTED] pam.d]# getent passwd|grep boka Boka2:x:1041:221:System User:/home/users/boka2:/bin/false Conf: PDC on rh7.3 with samba-3.0.2a and smbldap-tools DOMAIN servers on slackware 9.1 with pam/nss/ldap patches OpenLDAP openldap-2.0.27 on slackware 9.1 with pam/nss/ldap patches Solution: not found anything :( greetz boka -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] is this bug or what - samba 3.0.2 - workaround
Hi ! I made some workaround to this problem. I have moved all databases from /var/lib/samba to /var/lib/samba_lock folder, add: lock directory = /var/lib/samba_lock to smb.conf and it is working now - i can log into domain, i can browse machine list etc. but in logs i have many errors like that: lut 14 23:46:31 codo smbd[13803]: [2004/02/14 23:46:31, 0, pid=13803, effective(1002, 221), real(1002, 0)] groupdb/mapping.c:get_group_from_gid(655) lut 14 23:46:31 codo smbd[13803]: failed to initialize group mappingget_alias_user_groups: gid of user boka doesn't exist. Check your /etc/passwd and /etc/group files Perms in /var/lib/samba_lock are: [EMAIL PROTECTED] samba_lock]# ls -l razem 248 -rwxr-xr-x1 root root 8192 lut 14 23:20 account_policy.tdb -rwxr-xr-x1 root root 696 lut 14 23:20 brlock.tdb -rw-r--r--1 root root 3490 lut 14 23:53 browse.dat -rwxr-xr-x1 root root24576 lut 14 23:38 connections.tdb -rwxr-xr-x1 root root 8192 lut 14 23:20 gencache.tdb -rwxr-xr-x1 root root 8192 lut 14 23:34 group_mapping.tdb -rwxr-xr-x1 root root 8192 lut 14 23:21 locking.tdb -rwxr-xr-x1 root root 696 lut 14 23:20 messages.tdb -rwxr-xr-x1 root root60794 lut 14 23:10 namelist.debug -rwxr-xr-x1 root root 8192 lut 14 23:10 netsamlogon_cache.tdb -rwxr-xr-x1 root root 8192 lut 14 23:20 ntdrivers.tdb -rwxr-xr-x1 root root 696 lut 14 23:20 ntforms.tdb -rwxr-xr-x1 root root 8192 lut 14 23:20 ntprinters.tdb drwxr-xr-x2 root root 4096 lut 14 23:10 printing -rwxr-xr-x1 root root 8192 lut 14 23:20 registry.tdb -rwxr-xr-x1 root root24576 lut 14 23:30 sessionid.tdb -rwxr-xr-x1 root root 8192 lut 14 23:20 share_info.tdb -rwxr-xr-x1 root root0 lut 14 23:10 sync.4466 -rwxr-xr-x1 root root16384 lut 14 23:20 unexpected.tdb -rw-r--r--1 root root26672 lut 14 23:54 wins.dat greetz boka -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] is this bug or what - samba 3.0.2
Hi ! I had working conf of samba 3.0.0 with ldap backend. After upgrade to 3.0.2 i have found problem with /var/lib/samba folder - wins not working, groupmapping etc. Permissions to this folder and files inside should be 0755, but on my PDC machine this folder and files have 0644 rights. When i manually change permissions it start working. Do You have any patch for this ? greetz boka -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.1 and 3.0.2rc2 - ldap backend problem - still not solved :(
paul k wrote: you need to create a posixAccount user/machine entry in ldap before adding samba user/machine with smbpasswd. You are right: smbldap-useradd -w test2 pdbedit -a -m test2 right now i am able to add machines to the domain :) thx ! greetz boka -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.1 and 3.0.2rc2 - ldap backend problem - still not solved :(
paul k wrote: looks good, does "getent passwd" show up your ldap users? yes, fxp.: [EMAIL PROTECTED] root]# getent passwd|grep boka ... boka:x:1257:1001:Daniel Chojecki:/home/users/boka:/bin/bash ... [EMAIL PROTECTED] root]# getent group|grep boka ... mirror_grp:x:1023:boka ... greetz boka -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.1 and 3.0.2rc2 - ldap backend problem - still not solved :(
paul k wrote: Not sure about the sambaSID problem, but for the user not found...: Did you changed the scope in /etc/ldap.conf (for the nss_ldap stuff)? If you have computers and users under different OU's, your 'base' should be one level higher and the scope 'sub', not 'one'. Testing with getent() is easy. from /etc/ldap.conf: nss_base_passwd dc=ITSTUFF,dc=PL?sub nss_base_shadow dc=ITSTUFF,dc=PL?sub nss_base_group ou=Groups,dc=ITSTUFF,dc=PL?one am i right ? greetz boka -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.1 and 3.0.2rc2 - ldap backend problem - still not solved :(
Hi ! well, i told You that i solved my problem with ldap backend and samba - unfortunately problem still exists :( Right now I can not add new users and machine accounts (adding and modifing of groups works), fxp: [EMAIL PROTECTED] i386]# pdbedit -d 10 -a -m boka2 ... set_server_role: role = ROLE_DOMAIN_PDC Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Trying to load: ldapsam:ldap://localhost Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend ldapsam_compat Successfully added passdb backend 'ldapsam_compat' Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to register passdb backend guest Successfully added passdb backend 'guest' Attempting to find an passdb backend to match ldapsam:ldap://localhost (ldapsam) Found pdb backend ldapsam Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_open_connection: ldap://localhost smbldap_open_connection: connection opened tdb(unnamed): tdb_brlock failed (fd=3) at offset 4 rw_type=1 lck_type=13: Zasoby chwilowo niedoste;pne ldap_connect_system: Binding to ldap server ldap://localhost as "cn=Manager,dc=EUROZET,dc=PL" ldap_connect_system: succesful connection to the LDAP server The LDAP server is succesful connected pdb backend ldapsam:ldap://localhost has a valid init Attempting to find an passdb backend to match guest (guest) Found pdb backend guest pdb backend guest has a valid init Netbios name list:- my_netbios_names[0]="CODO" Trying to load: ldapsam:ldap://localhost Attempting to find an passdb backend to match ldapsam:ldap://localhost (ldapsam) Found pdb backend ldapsam Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_open_connection: ldap://localhost smbldap_open_connection: connection opened ldap_connect_system: Binding to ldap server ldap://localhost as "cn=Manager,dc=EUROZET,dc=PL" ldap_connect_system: succesful connection to the LDAP server The LDAP server is succesful connected pdb backend ldapsam:ldap://localhost has a valid init Attempting to find an passdb backend to match guest (guest) Found pdb backend guest pdb backend guest has a valid init tdb(unnamed): tdb_brlock failed (fd=6) at offset 4 rw_type=1 lck_type=13: Zasoby chwilowo niedoste;pne account_policy_get: maximum password age:-1 account_policy_get: minimum password age:0 pdb_set_username: setting username boka2$, was pdb_set_group_sid: setting group sid S-1-5-21-133419789-486977345-1400590255-515 pdb_set_group_sid_from_rid: setting group sid S-1-5-21-133419789-486977345-1400590255-515 from rid 515 smbldap_search_suffix: searching for:[(&(&(uid=boka2$)(objectclass=sambaSamAccount))(objectclass=sambaSamAccount))] smbldap_search_suffix: searching for:[(&(uid=boka2$)(objectclass=sambaSamAccount))] smbldap_search_suffix: searching for:[(&(sambaSID=S-0-0)(|(objectClass=sambaIdmapEntry)(objectClass=sambaSidEntry)))] ldapsam_add_sam_account: Adding new user init_ldap_from_sam: Setting entry for user: boka2$ ldapsam_modify_entry: Failed to add user dn= uid=boka2$,ou=Computers,dc=EUROZET,dc=PL with: Object class violation object class 'sambaSamAccount' requires attribute 'sambaSID' ldapsam_add_sam_account: failed to modify/add user with uid = boka2$ (dn = uid=boka2$,ou=Computers,dc=EUROZET,dc=PL) Unable to add machine! (does it already exist?) [EMAIL PROTECTED] i386]# pdbedit -d 10 -a -u boka lp_servicenumber: couldn't find homes set_server_role: role = ROLE_DOMAIN_PDC Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-885
Re: [Samba] samba 3.0.1 and ldap backend problem - solved !
Jeff Davis wrote: If you arrive at a solution, please let me know... i did not have free time to analyze why it start working, but i made it :) First of all, i have converted (again) old ldap db: ldapsearch -h > old.ldiff net getlocalsid DOMAIN convert --output new.ldif Then add it to ldap and add new indexes (taken from samba-ldap.howto). ldapadd -h localhost -f new.ldif -D add it to slapd.conf to Your DB definition: index cn,sn,uid,displayName pres,sub,eq index uidNumber,gidNumber eq index sambaSIDeq index sambaPrimaryGroupSIDeq index sambaDomainName eq index objectClass pres,eq index default sub index memberUid eq slapdindex -f /etc/openldap/slapd.conf I have compiled samba only with --with-ldap option (without --with-ldapsam). Add proper filters to groups, users, computers in smb.conf: ldap suffix used to search for user and computer accounts. ldap user suffix used to store user accounts. ldap machine suffix used to store Machine Trust Accounts. ldap group suffix location of posixGroup/sambaGroupMapping entries. ldap idmap suffix location of sambaIdmapEntry objects. Right now i cant compare the new ldap db with old (first converted) but i think there was a problem with samaDomain parametr ... greetz boka -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.1 and ldap backend problem - I can not add new accounts to domain.
Hi ! More details: [EMAIL PROTECTED] smbldap-tools]# pdbedit -v Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_open_connection: connection opened smbldap_search_suffix: searching for:[(&(sambaDomainName=DOMAIN)(objectclass=sambaDomain))] failed to add domain dn= sambaDomainName=DOMAIN,dc=ITSTUFF,dc=PL with: Already exists Adding domain info for DOMAIN failed with NT_STATUS_UNSUCCESSFUL pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain pdb_init_ldapsam: Continuing on regardless, will be unable to allocate new users/groups, and will risk BDCs having inconsistant SIDs Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_open_connection: connection opened smbldap_search_suffix: searching for:[(&(sambaDomainName=DOMAIN)(objectclass=sambaDomain))] failed to add domain dn= sambaDomainName=DOMAIN,dc=ITSTUFF,dc=PL with: Already exists Adding domain info for DOMAIN failed with NT_STATUS_UNSUCCESSFUL pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain pdb_init_ldapsam: Continuing on regardless, will be unable to allocate new users/groups, and will risk BDCs having inconsistant SIDs ... greetz boka -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.1 and ldap backend problem - I can not add new accounts to domain.
Hi ! More details about my problem. As i said before, i'm using smbldap-tools-0.8.3, and: [EMAIL PROTECTED] smbldap-tools]# smbldap-useradd -a boka2 Can't call method "get_value" on an undefined value at /usr/local/sbin/smbldap-useradd line 154, line 283. From smbldap-useradd: $userGroupSID = $group_entry->get_value('sambaSID'); I'm using correct version of samba.schema in my ldap server: ... attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) ... [EMAIL PROTECTED]:~# smbldap-useradd -w loko23 OK, quick view of ldiff: dn: uid=loko23$,ou=Computers,dc=ITSTUFF,dc=PL objectClass: top objectClass: inetOrgPerson objectClass: posixAccount cn: loko23$ sn: loko23$ uid: loko23$ uidNumber: 1088 gidNumber: 553 homeDirectory: /dev/null loginShell: /bin/false description: Computer It looks like scripts, or ldap server do not use new samba.schema. ps. sorry for cross posting again :-/ ps. II for samba-idealx team: http://marc.theaimsgroup.com/?l=samba&m=107584508526994&w=2 greetz boka -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.1 and ldap backend problem - I can not add new accounts to domain.
ot;cn=Manager,dc=ITSTUFF,dc=PL" ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap port = 389 ldap server = 127.0.0.1 ldap ssl = No ldap passwd sync = Yes ldap filter = (&(uid=%u)(objectclass=sambaSamAccount)) idmap backend = ldap:ldap://localhost:389 samba was compiled with the following options to configure script: --localstatedir=/var \ --with-configdir=/etc/samba \ --with-privatedir=/etc/samba \ --with-fhs \ --with-quotas \ --with-smbmount \ --with-pam \ --with-pam_smbpass \ --with-syslog \ --with-utmp \ --with-sambabook=%{prefix}/share/swat/using_samba \ --with-swatdir=%{prefix}/share/swat \ --with-libsmbclient \ --with-expsam=mysql \ --with-ldap \ --with-ldapsam ps. sorry for crossposting ... but i can not find any solution to my problem greetz boka -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] URGENT: ACCESS DENIED (granted: 0x00000201; required: 0x00000010)
Hi ! I have samba-3.0.0 with --with-ldapsam option compiled in, and I can not add a machine into domain - i can log into domain from machine added befor upgrade from 2.2.8a to 3.0.0. From my logs: [2003/10/06 14:46:50, 2, pid=26614, effective(0, 0), real(0, 0)] lib/smbldap.c:smbldap_search_suffix(1066) smbldap_search_suffix: searching for:[(&(&(uid=Administrator)(objectclass=sambaAccount))(objectclass=sambaAccount))] [2003/10/06 14:46:50, 2, pid=26614, effective(0, 0), real(0, 0)] passdb/pdb_ldap.c:init_sam_from_ldap(460) init_sam_from_ldap: Entry found for user: administrator [2003/10/06 14:46:50, 2, pid=26614, effective(0, 0), real(0, 0)] passdb/pdb_ldap.c:ldapsam_search_one_group(1597) ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gidNumber=200))] [2003/10/06 14:46:50, 2, pid=26614, effective(0, 0), real(0, 0)] passdb/pdb_ldap.c:ldapsam_search_one_group(1597) ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gidNumber=1014))] [2003/10/06 14:46:50, 2, pid=26614, effective(0, 0), real(0, 0)] auth/auth.c:check_ntlm_password(297) check_ntlm_password: authentication for user [Administrator] -> [Administrator] -> [administrator] succeeded [2003/10/06 14:46:50, 2, pid=26614, effective(0, 0), real(0, 0)] lib/access.c:check_access(322) Allowed connection from (10.10.12.51) [2003/10/06 14:46:51, 2, pid=26614, effective(1000, 200), real(0, 0)] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2540) Returning domain sid for domain DOMAIN -> S-1-5-21-133419789-486977345-1400590255 [2003/10/06 14:46:51, 2, pid=26614, effective(1000, 200), real(0, 0)] rpc_server/srv_samr_nt.c:access_check_samr_object(92) _samr_open_domain: ACCESS DENIED (requested: 0x0211) [2003/10/06 14:46:51, 2, pid=26614, effective(1000, 200), real(0, 0)] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2540) Returning domain sid for domain DOMAIN -> S-1-5-21-133419789-486977345-1400590255 [2003/10/06 14:46:51, 2, pid=26614, effective(1000, 200), real(0, 0)] rpc_server/srv_samr_nt.c:access_check_samr_function(114) _samr_create_user: ACCESS DENIED (granted: 0x0201; required: 0x0010) [2003/10/06 14:46:51, 2, pid=26614, effective(0, 0), real(0, 0)] lib/smbldap.c:smbldap_search_suffix(1066) smbldap_search_suffix: searching for:[(&(&(uid=Administrator)(objectclass=sambaAccount))(objectclass=sambaAccount))] [2003/10/06 14:46:51, 2, pid=26614, effective(0, 0), real(0, 0)] passdb/pdb_ldap.c:init_sam_from_ldap(460) init_sam_from_ldap: Entry found for user: administrator [2003/10/06 14:46:51, 2, pid=26614, effective(0, 0), real(0, 0)] auth/auth.c:check_ntlm_password(297) check_ntlm_password: authentication for user [Administrator] -> [Administrator] -> [administrator] succeeded [2003/10/06 14:46:51, 2, pid=26614, effective(0, 0), real(0, 0)] lib/access.c:check_access(322) [EMAIL PROTECTED] samba]# smbldap-usershow.pl administrator dn: uid=administrator,ou=Users,dc=EUROZET,dc=PL cn: administrator sn: administrator uid: administrator uidNumber: 1000 gidNumber: 200 homeDirectory: /home/users/administrator loginShell: /bin/bash gecos: System User description: System User objectClass: inetOrgPerson objectClass: posixAccount objectClass: sambaAccount pwdLastSet: 0 logonTime: 0 logoffTime: 2147483647 kickoffTime: 2147483647 pwdCanChange: 0 pwdMustChange: 2147483647 displayName: System User acctFlags: [UX] rid: 3000 primaryGroupID: 1401 homeDrive: H: smbHome: \\IO\homes profilePath: \\IO\profiles\administrator scriptPath: administrator.cmd lmPassword: ntPassword: userPassword:: [EMAIL PROTECTED] /]# getent group|grep 200 Domain Admins:x:200:administrator from smb.conf: add user script = /usr/local/sbin/smbldap-useradd.pl -a %u add machine script = /usr/local/sbin/smbldap-useradd.pl -w %u files are on right place - /usr/local/sbin passdb backend = ldapsam_compat ldap suffix = dc=POLSKA,dc=PL ldap admin dn = "cn=Manager,dc=POLSKA,dc=PL" ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap port = 389 ldap server = 127.0.0.1 ldap ssl = No ldap passwd sync = Yes ldap filter = (&(uid=%u)(objectclass=sambaAccount)) ps. with samba-2.2.8a evertything works ok. -- "Powinnismy wypowiedziec wojne Polnocnemu Wietnamowi. Mozemy wyasfaltowac caly kraj, zamienic go w parking i jeszcze zdazyc do domu przed swietami" Ronald Reagan pozdrawiam boka at sto-procent.art.pl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba