I added this line with no change in error message (after rebstarting smbd &
nmbd obviously) :

idmap backend = ldap:ldap://ud1981wfx01



-----Original Message-----
From: rvt@dds.nl [mailto:rvt@dds.nl]
Sent: July 29, 2004 5:11 PM
To: Bousquet Francois
Subject: Re: Samba 3 PDC with LDAP backend problem


I think you need a idmap backend....

Citeren Bousquet Francois :

> I am installing an Samba 3 PDC with an OpenLDAP backend.
>
> I am currently having a problem when I try to add a Windows workstation to
> the domain with the Administrator user or trying to connect to a share.
>
> I get the following error :
>
> [2004/07/29 13:35:22, 1] auth/auth_util.c:make_server_info_sam(822)
> User Administrator in passdb, but getpwnam() fails!
> [2004/07/29 13:35:22, 0] auth/auth_sam.c:check_sam_security(260)
> check_sam_security: make_server_info_sam() failed with
> 'NT_STATUS_NO_SUCH_USER'
>
> But the user exists in my ldap, because if I do this command :
>
> # getent passwd | grep Administrator
> Administrator:x:0:512:Netbios Domain Administrator:/home/:/bin/false
>
> nss_ldap is installed and configured proprely :
> # grep "ldap" /etc/nsswitch.conf
> passwd: files ldap
> group: files ldap
> #
>
>
> Here is my smb.conf
>
> [global]
> workgroup = DEV_BLC
> netbios name = ud1981wfx01
> passdb backend = ldapsam:ldap://ud1981wfx01
> #username map = /etc/samba/smbusers
> add user script = /usr/local/sbin/smbldap-useradd -m '%u'
> delete user script = /usr/local/sbin/smbldap-userdel %u
> add group script = /usr/local/sbin/smbldap-groupadd -p '%g'
> delete group script = /usr/local/sbin/smbldap-groupdel '%g'
> add user to group script = /usr/local/sbin/ \
> smbldap-groupmod -m '%g' '%u'
> delete user from group script = /usr/local/sbin/ \
> smbldap-groupmod -x '%g' '%u'
> set primary group script = /usr/local/sbin/ \
> smbldap-usermod -g '%g' '%u'
> add machine script = /usr/local/sbin/smbldap-useradd -w '%u'
> #logon script = scripts\logon.bat
> #logon path = \\%L\Profiles\%U
> #logon drive = H:
> #logon home = \\%L\%U
> domain logons = Yes
> os level = 35
> preferred master = Yes
> domain master = Yes
> ldap suffix = dc=blc,dc=com
> ldap machine suffix = ou=People
> ldap user suffix = ou=People
> ldap group suffix = ou=People
> ldap idmap suffix = ou=People
> ldap admin dn = cn=Manager,dc=blc,dc=com
> ldap passwd sync = Yes
> idmap uid = 15000-20000
> idmap gid = 15000-20000
> winbind separator = +
>
> [share1]
> path = /tmp
>
> [share2]
> path = /
> browseable = Yes
> comment = Some random files
>
>
> Any idea ?
>
> - Francois
>