Am Mon, 7 Dec 2015 10:28:50 +0100 schrieb Paul van der Vlis paul@vandervlis.nl:
Op 07-12-15 om 09:50 schreef Dieter Klünter:
Am Sun, 6 Dec 2015 14:19:23 +0100 schrieb Paul van der Vlis paul@vandervlis.nl:
Hello,
I have a replicated LDAP and a few Windows PC's what want to authenticate using Samba. Normally I use "smbpasswd -w" to give the ldap admin dn, but because it's replicated there is no ldap admin!
[...] Is this a samba3 or a samba4 server?
Samba3.
This is what I use for authentitication in smb.conf:
passdb backend = ldapsam:ldapi:/// ldap ssl = off ldap suffix = "dc=domain,dc=nl" ldap admin dn = "cn=admin,dc=domain,dc=nl" ldap machine suffix = ou=machines ldap user suffix = ou=users ldap group suffix = ou=groups ldap delete dn = no
So I use the user "cn=admin,dc=domain,dc=nl", and this user does not excist on the replicated LDAP when I check it with ldapsearch. So I can understand this does not work.
Because you defined rootDN in smb.conf and you have not configured rootDN. Don't define rootDN in any ldap client configuration, create instead an object with appropriate administrative authorization.
-Dieter