Hi,

I'm a newbie at linux networking and am a bit lost.

I'm having a problem with loging in as a certain user from an XP machine to a samba share.

Our prvious sysadmin (he left and the sysadmin is now me) setup samba & ldap & PAM and it all works.
we use phpldapadmin to manage LDAP.
all our users are stored in LDAP but one of them cant access samba shares, it doesnt recognise the user&passwd.

I suspect the user is not setup as a samba user.

I've been diggin around the net (and these forums) for quite a while and i found somewhere that said you add samba ldap users by doing

smbpasswd -a barclayc

as root.

I have tried this but this is the output:

New SMB password:
Retype new SMB password:
ldapsam_modify_entry: Failed to modify user dn= uid=barclayc,ou=People,dc=webteam,dc=nexusmedia,dc=com with: Insufficient access

ldapsam_update_sam_account: failed to modify user with uid = barclayc, error: (Success)
Failed to modify entry for user barclayc.
Failed to modify password entry for user barclayc

Can anyone shed any light on why this doesnt work?
or if I should be doing this at all?
or any suggestions?

Thanks
Barclay

ldapsam_modify_entry: Failed to modify user dn= uid=barclayc,ou=People,dc=webteam,dc=nexusmedia,dc=com with: Insufficient access

This means that the Samba server stored LDAP administrator username or password incorrect, or this user have no write privileges.
You should check "ldap admin dn" in smb.conf and get his password via your teammate.
And then test this DN and password have enough priv to LDAP Server:
ldapdelete -x -W -D "your ldap admin dn" "some user can be safely deleted"
If success, the DN and pw is ok.
then you should use
smbpasswd -w the admin dn password
to write it to smb local password db
Try again.

Thanks

This sounds very helpful;

I tried to run the ldapdelete command as you said, and it returned this error:

ldap_bind: Invalid DN syntax (34)
additional info: invalid DN

I'm assuming this means that the password i'm trying is wrong.

So i'm gonna find out the password and let u know what happens.

cheers

This looks like you provided DN is INVALID, you better post your command here, and your DN detail.
Are you sure your DN exist in LDAP database or slapd.conf ?

This might be where i really show my lack of knowledge on the subject.
I think this is what your asking for

The command:
this is the line you mentioned in smb.conf

is this what you mean by DN detail?

In case this makes a difference: the test to see if the LDAP admin password was correct, was to delete an unimportant user, there weren't any so i added one(ttest).

Aaahh. OK.

I'm catchin up a little now.

This time i did:


And got back

You added one?
What DN are you use to add a user?
This DN should be a admin DN and have enough access priv.

Sorry was being a bit of a muppet before.

the DN in smb.conf is for 'samba_admin'
But i log in to phpLDAPAdmin with the DN for the 'admin'.

I can log into phpLDAPAdmin with the samba_admin DN, so i must have the right password for it.


But when i do the ldapdelete command i get:


Is the samba_admin user not setup correctly?
if i wanted smbpasswd to use the admin user do i just change the DN in smb.conf?
is doing that a good/bad idea or bad practice or insecure or anything?

thanks

I'm not very sure, you can try change your "ldap admin dn" and write right password via smbpasswd -w.