Very Computer

Hello,

I have the ambitious goal to do a domain logon from a Windows 2000
mashine authentificate against a Samba PDC Server using pam_ldap.

I'm using Samba-2.2.1, the authentification is working fine against
the server itself using encrypted passwords. Assuming that the
pam_ldap modul won't work, when I use encrypted passwords,
I said my Samba server not to use them.
On the window mashine I changed the neccessary value of the
PlainTextPassword variable. With these changes I cannot logon correctly
meaning that I am recognised but can't load my server profile.

Normal 'net use' mapping of shares is working under this condition
with the ldap password.

Does anyone has why the domain logon fails ? Maybe the mashine
password, the user password or the combination ?!??

Please help !

regards

Joachim Tork

Hi!,

Quote:> I have the ambitious goal to do a domain logon from a Windows 2000
> mashine authentificate against a Samba PDC Server using pam_ldap.

> I'm using Samba-2.2.1, the authentification is working fine against
> the server itself using encrypted passwords. Assuming that the
> pam_ldap modul won't work, when I use encrypted passwords,
> I said my Samba server not to use them.
> On the window mashine I changed the neccessary value of the
> PlainTextPassword variable. With these changes I cannot logon correctly
> meaning that I am recognised but can't load my server profile.

> Normal 'net use' mapping of shares is working under this condition
> with the ldap password.

> Does anyone has why the domain logon fails ? Maybe the mashine
> password, the user password or the combination ?!??

Do the SAMBA logs give you any clues as to what is going wrong ?
You may have to increase the verboseness of the logging file to see what is
really going wrong, but it should tell you at what point the system is
failing.

Keep in mind that as far as I know the standard SAMBA distribution doesn't
make use of the pam_ldap approach (I could be wrong here).  Have you specified
your ldap server in the smb.conf file with the syntax:

ldap server = <ldapserver_1>[:port][,<ldapsever_X>[:port]]*

You might have to get the HEAD or TNG branch versions of SAMBA which do have
LDAP authentication support within them.

See ya

Dean Thompson

--
+____________________________+____________________________________________+

| Bach. Computing (Hons)     | ICQ     - 45191180                         |
| PhD Student                | Office  - <Off-Campus>                     |
| School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
| MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
| Melbourne, Australia       |                                            |
+----------------------------+--------------------------------------------+