Hello all,
After successfully struggling with the getent passwd/group on Opensuse10.2 and zimbra 4.5.6, now I face another one: I cannot add my windowsxp client to zimbra ldap domain.

The zimbra samba UI is working fine.

This is my /etc/samba/smb.conf:
Code:
[global]
workgroup = vulcan.com
netbios name = fajar102
os level = 33
preferred master = yes
enable privileges = yes
server string = %h server (Samba, Opensuse102)
wins support = yes
dns proxy = no
name resolve order = wins bcast hosts
log file = /var/log/samba/log.%m
log level = 3 
max log size = 1000
syslog only = no
syslog = 5
#panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
ldap passwd sync = yes
passdb backend = ldapsam:ldap://192.168.1.101
ldap admin dn ="uid=zimbra,cn=admins,cn=zimbra"
ldap suffix = dc=vulcan,dc=com
ldap group suffix = ou=groups
ldap user suffix = ou=people
ldap machine suffix = ou=machines
obey pam restrictions = no
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUnix\spassword:* %n\n *Retype\snew\sUnix\spassword:* %n\n *password\supdated\ssuccessfully*
domain logons = yes
logon path = \\fajar102.vulcan.com\%U\profile
logon home = \\fajar102.vulcan.com\%U
logon script = logon.cmd
#add user script = /usr/sbin/useradd --quiet --disabled-password --gecos "" %u
#add machine script = /usr/sbin/useradd --shell /bin/false --disabled-password --quiet "machine account" --force-badname %u
#add user script = /usr/sbin/useradd --quiet %u
#add machine script = /usr/sbin/useradd --shell /bin/false --quiet %u
######## FOR OPENSUSE ##########
username map = /etc/samba/smbusers
add user script = /usr/local/bin/smbldap-useradd -m %u
delete user script = /usr/local/bin/smbldap-userdel %u
add group script = /usr/local/bin/smbldap-groupadd -p %g
delete group script = /usr/local/bin/smbldap-groupdel %g
add user to group script = /usr/local/bin/smbldap-groupmod -m %g %u
delete user from group script = /usr/local/bin/smbldap-groupmod -x %g %u
set primary group script = /usr/local/bin/smbldap-usermod -g %g %u
add machine script = /usr/local/bin/smbldap-useradd -w %u
# if you want to add machines to domain automaticaly, add machine script is:
#add machine script = /usr/local/bin/smbldap-useradd -w -i %u
#################################
socket options = TCP_NODELAY
domain master = yes
local master = yes
The part that I'm not sure is the useradd script, I used the one from Greg's howto, but seems like it's for Ubuntu, so I use the smbldap-tools from scalix and if use independently it seems to be working. I can query user from ldap from it.

Code:
fajar102:~ # smbldap-usershow adminsmb4
dn: uid=adminsmb4,ou=people,dc=vulcan,dc=com
displayName: Admin SMB4
givenName: Admin
objectClass: organizationalPerson,zimbraAccount,amavisAccount,posixAccount,sambaSamAccount
zimbraId: 3b832a17-132c-49af-95c3-46a1219c13df
zimbraMailStatus: enabled
zimbraMailDeliveryAddress: adminsmb4@vulcan.com
uid: adminsmb4
mail: adminsmb4@vulcan.com
cn: Admin SMB4
zimbraMailTransport: lmtp:fajar102.vulcan.com:7025
zimbraMailHost: fajar102.vulcan.com
sn: SMB4
This is the error that in samba log:
Code:
Jul  5 13:49:07 fajar102 smbd[22231]: [2007/07/05 13:49:07, 3] smbd/service.c:make_connection_snum(950)
Jul  5 13:49:07 fajar102 smbd[22231]:   acer-centrino (192.168.1.237) connect to service IPC$ initially as user adminsmb4 (uid=20001, gid=20003) (pid 22231)

Jul  5 13:49:08 fajar102 smbd[22231]:   api_rpcTNP: rpc command: SAMR_LOOKUP_DOMAIN
Jul  5 13:49:08 fajar102 smbd[22231]: [2007/07/05 13:49:08, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2797)
Jul  5 13:49:08 fajar102 smbd[22231]:   Returning domain sid for domain VULCAN.COM -> S-1-5-21-1439140547-2811502038-3238742711

Jul  5 13:49:08 fajar102 smbd[22231]:   api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN
Jul  5 13:49:08 fajar102 smbd[22231]: [2007/07/05 13:49:08, 3] lib/util_seaccess.c:se_access_check(250)
Jul  5 13:49:08 fajar102 smbd[22231]: [2007/07/05 13:49:08, 3] lib/util_seaccess.c:se_access_check(251)
Jul  5 13:49:08 fajar102 smbd[22231]:   se_access_check: user sid is S-1-5-21-1439140547-2811502038-3238742711-41002

Jul  5 13:49:08 fajar102 smbd[22231]:   api_rpcTNP: rpc command: SAMR_CREATE_USER
Jul  5 13:49:08 fajar102 smbd[22231]: [2007/07/05 13:49:08, 3] smbd/sec_ctx.c:push_sec_ctx(208)

Jul  5 13:49:09 fajar102 smbd[22231]: [2007/07/05 13:49:09, 0] passdb/pdb_interface.c:pdb_default_create_user(368)
Jul  5 13:49:09 fajar102 smbd[22231]:   _samr_create_user: Running the command `/usr/local/bin/smbldap-useradd -w acer-centrino$' gave 3
Jul  5 13:49:09 fajar102 smbd[22231]: [2007/07/05 13:49:09, 3] passdb/pdb_interface.c:pdb_default_create_user(384)
Jul  5 13:49:09 fajar102 smbd[22231]:   pdb_default_create_user: failed to create a new user structure: NT_STATUS_NO_SUCH_USER
Jul  5 13:49:09 fajar102 smbd[22231]: [2007/07/05 13:49:09, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
Jul  5 13:49:09 fajar102 smbd[22231]:   pop_sec_ctx (20001, 20003) - sec_ctx_stack_ndx = 0
From windowxp, the error was:
Your computer could not be joined to the domain because the following error has occured: The user name could not be found

Anyone has able to overcome this?
Thanks.