Thanks so much.  Now I'm a little closer to understanding.  Basically, Samba likes to have a Unix logon so it has some file control that it wouldn't usually have.  I now know that openLDAP is set up correctly, I just have to figure out how Samba is supposed to be working.

Thanks again!

On Mon, 2009-05-25 at 16:01 +0200, Buchan Milne wrote:
On Friday 22 May 2009 22:21:05 Matt Burkhardt wrote:
> Hope this is the right list -
> Anyway, I've got openLDAP 2.4.9 on Ubuntu 8.04 along with Samba 3.028
> I've got it all installed and used the slapd.d (cn=config) capabilities.
> I get no errors on start up or stop, can create, modify and delete users
> and groups.
> However, I cannot create a user in openLDAP that is usable with Samba.
> If I go back in and create a Unix user, it will work.

This is more of a samba question ...

Samba requires a unix user to exist for a samba user (except in one case). 
Where that Unix user is defined (in local files, or in LDAP) is irrelevant. 
Typically, you set the environment up so that creating a "user" creates an 
entry in LDAP with at least the posixAccount and sambaSamAccount 
objectclasses, and configure the LDAP clients (samba, nss_ldap) appropriately.

> I've installed
> libnss-lapd and configured it - but is this the way it's supposed to
> work?

Yes. 'getent passwd sambauser' (where 'sambauser' is the username of a Samba 
user) should work, for samba to allow access for the user 'sambauser'. So, you 
should fix your nss_ldap configuration.

If you *really* don't want to have Unix users for Samba users, the 
ldapsam:trusted option can avoid this. However, local file ownership resolution 
won't work.


Matt Burkhardt, M.Sci. Technology Management
(301) 682-7901
502 Fairview Avenue
Frederick, MD  21701