Everything is finally working, but it’s not ideal. I basically got here by following the instructions on this page. I created a new user and here is the info from ldap:
# mkh, people, gray.uchicago.edu dn: uid=mkh,ou=people,dc=gray,dc=uchicago,dc=edu uid: mkh cn: Me Help givenName: Me sn: Help objectClass: top objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount loginShell: /bin/tcsh mail: mkh@frodo.uchicago.edu uidNumber: 2001 gidNumber: 200 homeDirectory: /users/mkh sambaSID: S-1-5-5004 userPassword:: e2NyeXB0fSQxJFVaZllIVk1ZJGJmZWo1SHB1RVVidHFrRDVraE9JTC8= sambaNTPassword: 880AAD1DE8956477793C417928DE4C25 sambaLMPassword: CC348B8E03291947AAD3B435B51404EE sambaAcctFlags: [U ]
Working down the list, everything is as it was before messing with samba until get to the objectClass: sambaSamAccount line. This object needed to be added for samba to work. This object also requires the sambaSID field. The sambaSID if found by using the same three fields (S-1-5) as the SambaDomainName. The fourth field is found by mulitplying the uidNumber (2001) by 2 (=4002) and adding 1000 to it (=5002).
Even though only sambaSID is required, samba won’t work without the other fields: sambaNTPassword, sambaLMPassword and sambaAcctFlags. I actually never added sambaAcctFlags, it just showed up after I added something else. It is interesting to note though, that originally sambaAcctFlags came up with this value [DU ]. The first ‘D’ meant to disable the samba account. So, even though I had everything set up correctly, it didn’t work because the account was disabled. After I changed it and got rid of the D, everything worked fine.
sambaNTPassword and sambaLMPassword are created by running the mkntpwd command. The source for this command was found in /usr/share/doc/samba-3.0.10/LDAP/smbldap-tools/mkntpwd. I ran make in this directory to create the executable. I then linked it to /usr/local/bin.
Now the problem is that LDAP uses the userPassword field to connect, but samba uses the sambaNTPassword. So, if a user changes their password, it’s not going to change the sambaNTPassword and that will not allow the user to use samba to mount the other disks. This is bad. But I think we can work with this. I just have to turn off password changing everywhere and set up a webpage to do this.