[Samba] period password change problem

[boka]

Hi !
I use samba (3.0.7) with ldap backend.
I have installed above system some time ago. During our migration from 
netware to samba i had to disable period password change and do not 
remeber what i have "clicked" :-/

What parameters should be "on" to enable this functionality ?
greetz
boka
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] "is it possible" question

[boka]

Hi !
Is it possible to set up samba like this:
when user wants to print something, it gets prompt/dialog box/window 
with confirmation.

greetz
boka
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] config question

[boka]

Hi !
I have to run my openldap server on non standard port - 390. Is this 
expression correct (from smb.conf - samba 3.0.4):

passdb backend = ldapsam:ldap://localhost:390
If not, how to setup samba to bind different port when connecting to 
ldap server.

greetz
boka
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Specific user accounts not available to getent command

[boka]

Hi !

Problem:

I have working configuration of samba domain with ldap backend. Users 
can log into domain, i can add computers to domain, everything works ok 
except that some accounts are not available to getent command (look into 
Example).

I thought that my PAM conf was wrong but all services uses system-auth 
conf which looks like:

authrequired  /lib/security/pam_env.so
authsufficient/lib/security/pam_unix.so likeauth nullok
authsufficient/lib/security/pam_ldap.so use_first_pass
authrequired  /lib/security/pam_deny.so
account required  /lib/security/pam_unix.so
account [default=bad success=ok user_unknown=ignore 
service_err=ignore system_err=ignore] /lib/security/pam_ldap.so
passwordrequired  /lib/security/pam_cracklib.so retry=3 type=
passwordsufficient/lib/security/pam_unix.so nullok use_authtok 
md5 shadow
passwordsufficient/lib/security/pam_ldap.so use_authtok
passwordrequired  /lib/security/pam_deny.so
session required  /lib/security/pam_limits.so
session required  /lib/security/pam_unix.so
session optional  /lib/security/pam_ldap.so

I made a rebuild of indexes on OpenLDAP also.

Example:

[EMAIL PROTECTED] /]# smbldap-useradd -a test

[EMAIL PROTECTED] /]# id test
uid=1369(test) gid=221(Domain Users) grupy=221(Domain Users)
[EMAIL PROTECTED] /]# getent passwd|grep test
test1$:x:1222:553:test1$:/dev/null:/bin/false
test2$:x:1357:553:test2$:/dev/null:/bin/false
[EMAIL PROTECTED] sbin]# smbldap-usershow test
dn: uid=test,ou=Users,dc=DOM,dc=PL
objectClass: top,inetOrgPerson,posixAccount,shadowAccount,sambaSAMAccount
cn: test
sn: test
uid: test
uidNumber: 1369
gidNumber: 221
homeDirectory: /home/users/test
loginShell: /bin/false
gecos: System User
description: System User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: System User
sambaSID: S-1-5-21-133419789-486977345-1400590255-3738
sambaPrimaryGroupSID: S-1-5-21-133419789-486977345-1400590255-1443
sambaHomeDrive: H:
sambaLogonScript: test.cmd
sambaHomePath: \\IO\homes
sambaProfilePath: \\IO\profiles\test
sambaPwdMustChange: 1086697544
sambaLMPassword: 01FC5A6BE7BC6929AA73B435B51404EE
sambaPwdLastSet: 1081945544
sambaAcctFlags: [U]
sambaNTPassword: 0CB6948805F797BF2A92807973B89537
userPassword: {SSHA}C0CRyrR5axrb2UF7Z7cCWdZ+8sF9U4HK
[EMAIL PROTECTED] root]# mkdir 1

[EMAIL PROTECTED] root]# chown test 1

[EMAIL PROTECTED] root]# ls -la|grep test
drwxr-xr-x2 test root 4096 kwi 14 14:15 1
[EMAIL PROTECTED] sbin]# smbldap-usershow boka2
dn: uid=Boka2, ou=Users,dc=DOM,dc=PL
sambaPrimaryGroupSID: S-1-5-21-133419789-486977345-1400590255-1443
displayName: System User
sambaLogonScript: Boka2.cmd
objectClass: top,inetOrgPerson,posixAccount,shadowAccount,sambaSAMAccount
sambaLogonTime: 0
sambaHomeDrive: H:
uid: Boka2
uidNumber: 1041
cn: Boka2
sambaLogoffTime: 2147483647
loginShell: /bin/false
sambaProfilePath: \\IO\profiles\boka2
gidNumber: 221
sambaPwdCanChange: 0
gecos: System User
sambaSID: S-1-5-21-133419789-486977345-1400590255-3082
description: System User
homeDirectory: /home/users/boka2
sambaKickoffTime: 2147483647
sn: Boka2
sambaHomePath: \\IO\homes
sambaPwdMustChange: 1083253082
sambaLMPassword: 7A2743CD214D40FE7584248B8D2C9F9E
sambaPwdLastSet: 1078501082
sambaAcctFlags: [U]
sambaNTPassword: 5CEE4047351006503BC30091562E8EFB
userPassword: {SSHA}c+VaQ4ezXkwqon43/N0fM5ciZJY7N2s5
[EMAIL PROTECTED] pam.d]# getent passwd|grep boka
Boka2:x:1041:221:System User:/home/users/boka2:/bin/false
Conf:

PDC on rh7.3 with samba-3.0.2a and smbldap-tools
DOMAIN servers on slackware 9.1 with pam/nss/ldap patches
OpenLDAP openldap-2.0.27 on slackware 9.1 with pam/nss/ldap patches
Solution:

not found anything :(

greetz
boka
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] is this bug or what - samba 3.0.2 - workaround

[boka]

Hi !

I made some workaround to this problem. I have moved all databases from 
/var/lib/samba to /var/lib/samba_lock folder, add:

lock directory = /var/lib/samba_lock

to smb.conf and it is working now - i can log into domain, i can browse 
machine list etc. but in logs i have many errors like that:

lut 14 23:46:31 codo smbd[13803]: [2004/02/14 23:46:31, 0, pid=13803, 
effective(1002, 221), real(1002, 0)] 
groupdb/mapping.c:get_group_from_gid(655)
lut 14 23:46:31 codo smbd[13803]:   failed to initialize group 
mappingget_alias_user_groups: gid of user boka doesn't exist. Check your 
/etc/passwd and /etc/group files

Perms in /var/lib/samba_lock are:

[EMAIL PROTECTED] samba_lock]# ls -l
razem 248
-rwxr-xr-x1 root root 8192 lut 14 23:20 account_policy.tdb
-rwxr-xr-x1 root root  696 lut 14 23:20 brlock.tdb
-rw-r--r--1 root root 3490 lut 14 23:53 browse.dat
-rwxr-xr-x1 root root24576 lut 14 23:38 connections.tdb
-rwxr-xr-x1 root root 8192 lut 14 23:20 gencache.tdb
-rwxr-xr-x1 root root 8192 lut 14 23:34 group_mapping.tdb
-rwxr-xr-x1 root root 8192 lut 14 23:21 locking.tdb
-rwxr-xr-x1 root root  696 lut 14 23:20 messages.tdb
-rwxr-xr-x1 root root60794 lut 14 23:10 namelist.debug
-rwxr-xr-x1 root root 8192 lut 14 23:10 
netsamlogon_cache.tdb
-rwxr-xr-x1 root root 8192 lut 14 23:20 ntdrivers.tdb
-rwxr-xr-x1 root root  696 lut 14 23:20 ntforms.tdb
-rwxr-xr-x1 root root 8192 lut 14 23:20 ntprinters.tdb
drwxr-xr-x2 root root 4096 lut 14 23:10 printing
-rwxr-xr-x1 root root 8192 lut 14 23:20 registry.tdb
-rwxr-xr-x1 root root24576 lut 14 23:30 sessionid.tdb
-rwxr-xr-x1 root root 8192 lut 14 23:20 share_info.tdb
-rwxr-xr-x1 root root0 lut 14 23:10 sync.4466
-rwxr-xr-x1 root root16384 lut 14 23:20 unexpected.tdb
-rw-r--r--1 root root26672 lut 14 23:54 wins.dat

greetz
boka
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] is this bug or what - samba 3.0.2

[boka]

Hi !

I had working conf of samba 3.0.0 with ldap backend. After upgrade to 
3.0.2 i have found problem with /var/lib/samba folder - wins not 
working, groupmapping etc.

Permissions to this folder and files inside should be 0755, but on my 
PDC machine this folder and files have 0644 rights. When i manually 
change permissions it start working.

Do You have any patch for this ?

greetz
boka
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba 3.0.1 and 3.0.2rc2 - ldap backend problem - still not solved :(

[boka]

paul k wrote:

you need to create a posixAccount user/machine entry in ldap before 
adding samba user/machine with smbpasswd. 
You are right:

smbldap-useradd -w test2
pdbedit -a -m test2
right now i am able to add machines to the domain :)

thx !

greetz
boka
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba 3.0.1 and 3.0.2rc2 - ldap backend problem - still not solved :(

[boka]

paul k wrote:

looks good, does "getent passwd" show up your ldap users?
yes, fxp.:

[EMAIL PROTECTED] root]# getent passwd|grep boka
...
boka:x:1257:1001:Daniel Chojecki:/home/users/boka:/bin/bash
...
[EMAIL PROTECTED] root]# getent group|grep boka
...
mirror_grp:x:1023:boka
...
greetz
boka
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba 3.0.1 and 3.0.2rc2 - ldap backend problem - still not solved :(

[boka]

paul k wrote:

Not sure about the sambaSID problem, but for the user not found...: Did 
you changed the scope in /etc/ldap.conf (for the nss_ldap stuff)? If you 
have computers and users under different OU's, your 'base' should be one 
level higher and the scope 'sub', not 'one'. Testing with getent() is easy.
from /etc/ldap.conf:

nss_base_passwd dc=ITSTUFF,dc=PL?sub
nss_base_shadow dc=ITSTUFF,dc=PL?sub
nss_base_group  ou=Groups,dc=ITSTUFF,dc=PL?one
am i right ?

greetz
boka
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba 3.0.1 and 3.0.2rc2 - ldap backend problem - still not solved :(

[boka]

Hi !

well, i told You that i solved my problem with ldap backend and samba - 
unfortunately problem still exists :(

Right now I can not add new users and machine accounts (adding and 
modifing of groups works), fxp:

[EMAIL PROTECTED] i386]# pdbedit -d 10 -a -m boka2

...
set_server_role: role = ROLE_DOMAIN_PDC
Substituting charset 'ISO-8859-2' for LOCALE
Substituting charset 'ISO-8859-2' for LOCALE
Substituting charset 'ISO-8859-2' for LOCALE
Substituting charset 'ISO-8859-2' for LOCALE
Substituting charset 'ISO-8859-2' for LOCALE
Substituting charset 'ISO-8859-2' for LOCALE
Substituting charset 'ISO-8859-2' for LOCALE
Substituting charset 'ISO-8859-2' for LOCALE
Substituting charset 'ISO-8859-2' for LOCALE
Substituting charset 'ISO-8859-2' for LOCALE
Trying to load: ldapsam:ldap://localhost
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match ldapsam:ldap://localhost 
(ldapsam)
Found pdb backend ldapsam
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_search_suffix: searching 
for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_open_connection: ldap://localhost
smbldap_open_connection: connection opened
tdb(unnamed): tdb_brlock failed (fd=3) at offset 4 rw_type=1 
lck_type=13: Zasoby chwilowo niedoste;pne
ldap_connect_system: Binding to ldap server ldap://localhost as 
"cn=Manager,dc=EUROZET,dc=PL"
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesful connected
pdb backend ldapsam:ldap://localhost has a valid init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
Netbios name list:-
my_netbios_names[0]="CODO"
Trying to load: ldapsam:ldap://localhost
Attempting to find an passdb backend to match ldapsam:ldap://localhost 
(ldapsam)
Found pdb backend ldapsam
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_search_suffix: searching 
for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_open_connection: ldap://localhost
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://localhost as 
"cn=Manager,dc=EUROZET,dc=PL"
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesful connected
pdb backend ldapsam:ldap://localhost has a valid init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
tdb(unnamed): tdb_brlock failed (fd=6) at offset 4 rw_type=1 
lck_type=13: Zasoby chwilowo niedoste;pne
account_policy_get: maximum password age:-1
account_policy_get: minimum password age:0
pdb_set_username: setting username boka2$, was
pdb_set_group_sid: setting group sid 
S-1-5-21-133419789-486977345-1400590255-515
pdb_set_group_sid_from_rid:
setting group sid S-1-5-21-133419789-486977345-1400590255-515 
from rid 515
smbldap_search_suffix: searching 
for:[(&(&(uid=boka2$)(objectclass=sambaSamAccount))(objectclass=sambaSamAccount))]
smbldap_search_suffix: searching 
for:[(&(uid=boka2$)(objectclass=sambaSamAccount))]
smbldap_search_suffix: searching 
for:[(&(sambaSID=S-0-0)(|(objectClass=sambaIdmapEntry)(objectClass=sambaSidEntry)))]
ldapsam_add_sam_account: Adding new user
init_ldap_from_sam: Setting entry for user: boka2$
ldapsam_modify_entry: Failed to add user dn= 
uid=boka2$,ou=Computers,dc=EUROZET,dc=PL with: Object class violation
object class 'sambaSamAccount' requires attribute 'sambaSID'
ldapsam_add_sam_account: failed to modify/add user with uid = boka2$ (dn 
= uid=boka2$,ou=Computers,dc=EUROZET,dc=PL)
Unable to add machine! (does it already exist?)

[EMAIL PROTECTED] i386]# pdbedit -d 10 -a -u boka

lp_servicenumber: couldn't find homes
set_server_role: role = ROLE_DOMAIN_PDC
Substituting charset 'ISO-8859-2' for LOCALE
Substituting charset 'ISO-8859-2' for LOCALE
Substituting charset 'ISO-8859-2' for LOCALE
Substituting charset 'ISO-8859-2' for LOCALE
Substituting charset 'ISO-8859-2' for LOCALE
Substituting charset 'ISO-8859-2' for LOCALE
Substituting charset 'ISO-8859-2' for LOCALE
Substituting charset 'ISO-8859-2' for LOCALE
Substituting charset 'ISO-8859-2' for LOCALE
Substituting charset 'ISO-885

Re: [Samba] samba 3.0.1 and ldap backend problem - solved !

[boka]

Jeff Davis wrote:

If you arrive at a solution, please let me know...
i did not have free time to analyze why it start working, but i made it :)

First of all, i have converted (again) old ldap db:

ldapsearch -h  > old.ldiff

net getlocalsid DOMAIN

convert  --output new.ldif

Then add it to ldap and add new indexes (taken from samba-ldap.howto).

ldapadd -h localhost -f new.ldif -D 

add it to slapd.conf to Your DB definition:

index   cn,sn,uid,displayName   pres,sub,eq
index   uidNumber,gidNumber eq
index   sambaSIDeq
index   sambaPrimaryGroupSIDeq
index   sambaDomainName eq
index   objectClass pres,eq
index   default sub
index memberUid eq
slapdindex -f /etc/openldap/slapd.conf

I have compiled samba only with --with-ldap option (without 
--with-ldapsam). Add proper filters to groups, users, computers in smb.conf:

ldap suffix used to search for user and computer accounts.
ldap user suffix used to store user accounts.
ldap machine suffix used to store Machine Trust Accounts.
ldap group suffix location of posixGroup/sambaGroupMapping entries.
ldap idmap suffix location of sambaIdmapEntry objects.
Right now i cant compare the new ldap db with old (first converted) but 
i think there was a problem with samaDomain parametr ...

greetz
boka
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba 3.0.1 and ldap backend problem - I can not add new accounts to domain.

[boka]

Hi !

More details:

[EMAIL PROTECTED] smbldap-tools]# pdbedit -v
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_search_suffix: searching 
for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_open_connection: connection opened
smbldap_search_suffix: searching 
for:[(&(sambaDomainName=DOMAIN)(objectclass=sambaDomain))]
failed to add domain dn= sambaDomainName=DOMAIN,dc=ITSTUFF,dc=PL with: 
Already exists

Adding domain info for DOMAIN failed with NT_STATUS_UNSUCCESSFUL
pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the 
domain
pdb_init_ldapsam: Continuing on regardless, will be unable to allocate 
new users/groups, and will risk BDCs having inconsistant SIDs
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_search_suffix: searching 
for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_open_connection: connection opened
smbldap_search_suffix: searching 
for:[(&(sambaDomainName=DOMAIN)(objectclass=sambaDomain))]
failed to add domain dn= sambaDomainName=DOMAIN,dc=ITSTUFF,dc=PL with: 
Already exists

Adding domain info for DOMAIN failed with NT_STATUS_UNSUCCESSFUL
pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the 
domain
pdb_init_ldapsam: Continuing on regardless, will be unable to allocate 
new users/groups, and will risk BDCs having inconsistant SIDs
...

greetz
boka
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba 3.0.1 and ldap backend problem - I can not add new accounts to domain.

[boka]

Hi !

More details about my problem. As i said before, i'm using 
smbldap-tools-0.8.3, and:

[EMAIL PROTECTED] smbldap-tools]# smbldap-useradd -a boka2
Can't call method "get_value" on an undefined value at 
/usr/local/sbin/smbldap-useradd line 154,  line 283.

From smbldap-useradd:
$userGroupSID = $group_entry->get_value('sambaSID');
I'm using correct version of samba.schema in my ldap server:
...
attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID'
DESC 'Security ID'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
...
[EMAIL PROTECTED]:~# smbldap-useradd -w loko23

OK, quick view of ldiff:

dn: uid=loko23$,ou=Computers,dc=ITSTUFF,dc=PL
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
cn: loko23$
sn: loko23$
uid: loko23$
uidNumber: 1088
gidNumber: 553
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
It looks like scripts, or ldap server do not use new samba.schema.

ps. sorry for cross posting again :-/

ps. II for samba-idealx team:
http://marc.theaimsgroup.com/?l=samba&m=107584508526994&w=2
greetz
boka
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] samba 3.0.1 and ldap backend problem - I can not add new accounts to domain.

[boka]

ot;cn=Manager,dc=ITSTUFF,dc=PL"
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap port = 389
ldap server = 127.0.0.1
ldap ssl = No
ldap passwd sync = Yes
ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
idmap backend = ldap:ldap://localhost:389
samba was compiled with the following options to configure script:

--localstatedir=/var \
--with-configdir=/etc/samba \
--with-privatedir=/etc/samba \
--with-fhs \
--with-quotas \
--with-smbmount \
--with-pam \
--with-pam_smbpass \
--with-syslog \
--with-utmp \
--with-sambabook=%{prefix}/share/swat/using_samba \
--with-swatdir=%{prefix}/share/swat \
--with-libsmbclient  \
--with-expsam=mysql \
--with-ldap \
--with-ldapsam
ps. sorry for crossposting ... but i can not find any solution to my problem

greetz
boka
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] URGENT: ACCESS DENIED (granted: 0x00000201; required: 0x00000010)

[boka]

Hi !

I have samba-3.0.0 with --with-ldapsam option compiled in, and I can not
add a machine into domain - i can log into domain from machine added
befor upgrade from 2.2.8a to 3.0.0. From my logs:

[2003/10/06 14:46:50, 2, pid=26614, effective(0, 0), real(0, 0)]
lib/smbldap.c:smbldap_search_suffix(1066)
  smbldap_search_suffix: searching
for:[(&(&(uid=Administrator)(objectclass=sambaAccount))(objectclass=sambaAccount))]
[2003/10/06 14:46:50, 2, pid=26614, effective(0, 0), real(0, 0)]
passdb/pdb_ldap.c:init_sam_from_ldap(460)
  init_sam_from_ldap: Entry found for user: administrator
[2003/10/06 14:46:50, 2, pid=26614, effective(0, 0), real(0, 0)]
passdb/pdb_ldap.c:ldapsam_search_one_group(1597)
  ldapsam_search_one_group: searching
for:[(&(objectClass=sambaGroupMapping)(gidNumber=200))]
[2003/10/06 14:46:50, 2, pid=26614, effective(0, 0), real(0, 0)]
passdb/pdb_ldap.c:ldapsam_search_one_group(1597)
  ldapsam_search_one_group: searching
for:[(&(objectClass=sambaGroupMapping)(gidNumber=1014))]
[2003/10/06 14:46:50, 2, pid=26614, effective(0, 0), real(0, 0)]
auth/auth.c:check_ntlm_password(297)
  check_ntlm_password:  authentication for user [Administrator] ->
[Administrator] -> [administrator] succeeded
[2003/10/06 14:46:50, 2, pid=26614, effective(0, 0), real(0, 0)]
lib/access.c:check_access(322)
  Allowed connection from  (10.10.12.51)
[2003/10/06 14:46:51, 2, pid=26614, effective(1000, 200), real(0, 0)]
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2540)
  Returning domain sid for domain DOMAIN ->
S-1-5-21-133419789-486977345-1400590255
[2003/10/06 14:46:51, 2, pid=26614, effective(1000, 200), real(0, 0)]
rpc_server/srv_samr_nt.c:access_check_samr_object(92)
  _samr_open_domain: ACCESS DENIED  (requested: 0x0211)
[2003/10/06 14:46:51, 2, pid=26614, effective(1000, 200), real(0, 0)]
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2540)
  Returning domain sid for domain DOMAIN ->
S-1-5-21-133419789-486977345-1400590255
[2003/10/06 14:46:51, 2, pid=26614, effective(1000, 200), real(0, 0)]
rpc_server/srv_samr_nt.c:access_check_samr_function(114)
  _samr_create_user: ACCESS DENIED (granted: 0x0201;  required:
0x0010)
[2003/10/06 14:46:51, 2, pid=26614, effective(0, 0), real(0, 0)]
lib/smbldap.c:smbldap_search_suffix(1066)
  smbldap_search_suffix: searching
for:[(&(&(uid=Administrator)(objectclass=sambaAccount))(objectclass=sambaAccount))]
[2003/10/06 14:46:51, 2, pid=26614, effective(0, 0), real(0, 0)]
passdb/pdb_ldap.c:init_sam_from_ldap(460)
  init_sam_from_ldap: Entry found for user: administrator
[2003/10/06 14:46:51, 2, pid=26614, effective(0, 0), real(0, 0)]
auth/auth.c:check_ntlm_password(297)
  check_ntlm_password:  authentication for user [Administrator] ->
[Administrator] -> [administrator] succeeded
[2003/10/06 14:46:51, 2, pid=26614, effective(0, 0), real(0, 0)]
lib/access.c:check_access(322)

[EMAIL PROTECTED] samba]# smbldap-usershow.pl administrator
dn: uid=administrator,ou=Users,dc=EUROZET,dc=PL
cn: administrator
sn: administrator
uid: administrator
uidNumber: 1000
gidNumber: 200
homeDirectory: /home/users/administrator
loginShell: /bin/bash
gecos: System User
description: System User
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaAccount
pwdLastSet: 0
logonTime: 0
logoffTime: 2147483647
kickoffTime: 2147483647
pwdCanChange: 0
pwdMustChange: 2147483647
displayName: System User
acctFlags: [UX]
rid: 3000
primaryGroupID: 1401
homeDrive: H:
smbHome: \\IO\homes
profilePath: \\IO\profiles\administrator
scriptPath: administrator.cmd
lmPassword: 
ntPassword: 
userPassword:: 

[EMAIL PROTECTED] /]# getent group|grep 200
Domain Admins:x:200:administrator

from smb.conf:
add user script = /usr/local/sbin/smbldap-useradd.pl -a %u
add machine script = /usr/local/sbin/smbldap-useradd.pl -w %u

files are on right place - /usr/local/sbin 

passdb backend = ldapsam_compat
ldap suffix = dc=POLSKA,dc=PL
ldap admin dn = "cn=Manager,dc=POLSKA,dc=PL"
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap port = 389
ldap server = 127.0.0.1
ldap ssl = No
ldap passwd sync = Yes
ldap filter = (&(uid=%u)(objectclass=sambaAccount))

ps. with samba-2.2.8a evertything works ok.

-- 
"Powinnismy wypowiedziec wojne Polnocnemu Wietnamowi. Mozemy wyasfaltowac
caly kraj, zamienic go w parking i jeszcze zdazyc do domu przed swietami"
Ronald Reagan
pozdrawiam boka at sto-procent.art.pl
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba