system: OES SP2 acting as PDC
recent update of eDirectory from to
sug | NDSbase | |
Samba version:
i | oes | samba | 3.0.26a-0.7

Problem: after the recent update users can not log in to Windows clients
any more or use tools like smbclient on Linux workstations. The
eDirectory server does not accept the credentials presented by the Samba
server. From log.smb:

[2009/07/14 09:51:49, 3] lib/smbldap.c:smbldap_connect_system(997)
ldap_connect_system: succesful connection to the LDAP server
[2009/07/14 09:51:49, 3] passdb/pdb_ldap.c:init_sam_from_ldap(738)
init_sam_from_ldap: smbldap_get_dn(schwarz) returned
[2009/07/14 09:51:49, 3] passdb/pdb_nds.c:pdb_nds_get_password(679)
NDS Universal Password NOT retrieved for cn=schwarz,ou=USERS,o=DOMAIN1

Workaround: authentication works again after running "smbpasswd -U
schwarz" on a root shell of the machine running the Samba server. But
although we have a limited number of users this is less than
satisfactory. The users should be able to change their password without
the aid of the sysadmins. Up to now this has always worked. So I assume
a problem with the patch for

Some details of the Samba configuration:

domain logons = yes
os level = 65
preferred master = Yes
domain master = Yes

security = user
local master = yes
wins support = yes
netbios name = %h-W
passdb backend = NDS_ldapsam:ldaps:// smbpasswd
ldap admin dn = cn=root,o=DOMAIN1
ldap suffix = o=DOMAIN1
ldap idmap suffix = o=DOMAIN1
ldap machine suffix = ou=Samba Computers
ldap group suffix = ou=Samba Groups
ldap passwd sync = on

passwd program = /opt/IDEALX/sbin/smbldap-passwd "%u"
add share command = /opt/IDEALX/novell/addSambaShare