Samba kann sich nicht an LDAP anbinden

[2007/12/11 13:54:51, 1] lib/smbldap.c:another_ldap_try(1153)
  Connection to LDAP server failed for the 15 try!
[2007/12/11 13:54:52, 2] lib/smbldap.c:smbldap_open_connection(786)
  smbldap_open_connection: connection opened
[2007/12/11 13:54:52, 2] lib/smbldap.c:smbldap_connect_system(982)
  failed to bind to server ldap://127.0.0.1/ with dn="cn=admin,dc=MEINSERVER" Error: Invalid credentials

[global]

workgroup = MEINEDOMAENE
netbios name = MEINSERVER
passdb backend = ldapsam:ldap://127.0.0.1
interfaces = 127.0.0.0/8 eth0 eth1
bind interfaces only = yes
server string = Server Lancelot
os level = 65
log level = 0
syslog = 0
log file = /var/log/samba/%m.log

ldap delete dn = yes
passwd program = /usr/sbin/smbldap-passwd %u
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

logon script = logon.bat
logon path = \\MEINEIP\profiles\%U
logon drive = h:
logon home = \\MEINEIP\%U

domain logons = yes
preferred master = yes
domain master = yes
time server = yes
unix password sync = yes
encrypt passwords = yes
wins support = yes
security = user

ldap suffix = dc=MEINSERVER
ldap machine suffix = ou=Computers
ldap user suffix = ou=People
ldap group suffix = ou=Groups
#ldap idmap suffix = ou=ldmap

ldap admin dn = cn=samba,ou=DSA,dc=MEINSERVER
ldap ssl = no
ldap passwd sync = yes

[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No

[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = yes
locking = no

[profiles]
comment = Profile Share
path = /home/samba/profiles
read only = No
profile acls = yes
nt acl support = yes]

# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.

#######################################################################
# Global Directives:

# Features to permit
#allow bind_v2

# Schema and objectClass definitions
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
include		/etc/ldap/schema/samba.schema

schemacheck	on

# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile         /var/run/slapd/slapd.pid

# List of arguments that were passed to the server
argsfile        /var/run/slapd/slapd.args

# Read slapd.conf(5) for possible values
loglevel        16383

# Where the dynamically loaded modules are stored
modulepath	/usr/lib/ldap
moduleload	back_bdb

# The maximum number of entries that is returned for a search operation
sizelimit 500

# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1

#######################################################################
# Specific Backend Directives for bdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend		bdb
checkpoint 512 30

#######################################################################
# Specific Backend Directives for 'other':
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend		<other>

#######################################################################
# Specific Directives for database #1, of type bdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database        bdb

# The base of your directory in database #1
suffix          "dc=MEINSERVER"

# rootdn directive for specifying a superuser on the database. This is needed
# for syncrepl.
# rootdn          "cn=admin,dc=MEINSERVER"

# Where the database file are physically stored for database #1
directory       "/var/lib/ldap"

# For the Debian package we use 2MB as default but be sure to update this
# value if you have plenty of RAM
dbconfig set_cachesize 0 2097152 0

# Sven Hartge reported that he had to set this value incredibly high
# to get slapd running at all. See http://bugs.debian.org/303057
# for more information.

# Number of objects that can be locked at the same time.
dbconfig set_lk_max_objects 1500
# Number of locks (both requested and granted)
dbconfig set_lk_max_locks 1500
# Number of lockers
dbconfig set_lk_max_lockers 1500

# Indexing options for database #1
index		objectClass				eq
index           uidNumber,gidNumber			eq
index		cn,sn,uid,displayName			pres,sub,eq
index		memberUid,mail,givenname		eq,subinitial
index		sambaSID,sambaPrimaryGroupSID,sambaDomainName	eq

# Save the time that the entry gets modified, for database #1
lastmod         on

# Where to store the replica logs for database #1
# replogfile	/var/lib/ldap/replog

# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
#access to attrs=userPassword,shadowLastChange
#        by dn="cn=admin,dc=MEINSERVER" write
#        by anonymous auth
#        by self write
#        by * none

# Ensure read access to the base for things like
# supportedSASLMechanisms.  Without this you may
# have problems with SASL not knowing what
# mechanisms are available and the like.
# Note that this is covered by the 'access to *'
# ACL below too but if you change that as people
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work 
# happily.
#access to dn.base="" by * read

# The admin dn has full write access, everyone else
# can read everything.
#access to *
        by dn="cn=admin,dc=MEINSERVER" write
        by * read

# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
#        by dn="cn=admin,dc=MEINSERVER" write
#        by dnattr=owner write

#######################################################################
# Specific Directives for database #2, of type 'other' (can be bdb too):
# Database specific directives apply to this databasse until another
# 'database' directive occurs
#database        <other>

# The base of your directory for database #2
#suffix		"dc=debian,dc=org"

rootdn "cn=admin,dc=MEINSERVER"
rootpw  {SSHA}7iuCMi5iaEyeCUm0E515Om1Dobr7SNY4


access to dn.base="" by * read

# users can authenticate and change their password

access to attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,sambaPwdMustChange
  by dn="cn=admin,dc=MEINSERVER" write
  by dn="cn=samba,ou=DSA,dc=MEINSERVER" write
  by dn="cn=smbldap-tools,ou=DSA,dc=MEINSERVER" write
  by dn="cn=nssldap,ou=DSA,dc=MEINSERVER" write
  by self write
  by anonymous auth
  by * none

# some attributes need to be readable anonymously so that
# ’id user’ can answer correctly

access to attrs=objectClass,entry,homeDirectory,uid,uidNumber,gidNumber,memberUid
  by dn="cn=samba,ou=DSA,dc=MEINSERVER" write
  by dn="cn=smbldap-tools,ou=DSA,dc=MEINSERVER" write
  by * read

# somme attributes can be writable by users themselves

access to attrs=description,telephoneNumber,roomNumber,homePhone,loginShell,gecos,cn,sn,givenname
  by dn="cn=samba,ou=DSA,dc=MEINSERVER" write
  by dn="cn=smbldap-tools,ou=DSA,dc=MEINSERVER" write
  by self write
  by * read

# some attributes need to be writable for samba

access to attrs=cn,sambaLMPassword,sambaNTPassword,\
sambaPwdLastSet,sambaLogonTime,sambaLogoffTime,\
sambaKickoffTime,sambaPwdCanChange,sambaPwdMustChange,\
sambaAcctFlags,displayName,sambaHomePath,sambaHomeDrive,\
SambaLogonScript,sambaProfilePath,description,\
sambaUserWorkstations,sambaPrimaryGroupSID,sambaDomainName,\
sambaMungedDial,sambaBadPasswordCount,sambaBadPasswordTime,\
sambaPasswordHistory,sambaLogonHours,sambaSID,sambaSIDList,\
sambaTrustFlags,sambaGroupType,sambaNextRid,sambaNextGroupRid,\
sambaNextUserRid,sambaAlgorithmicRidBase,sambaShareName,\
sambaOptionName,sambaBoolOption,sambaIntegerOption,\
sambaStringOption,sambaStringListoption
  by dn="cn=samba,ou=DSA,dc=MEINSERVER" write
  by dn="cn=smbldap-tools,ou=DSA,dc=MEINSERVER" write
  by self read
  by * none

# samba need to be able to create the samba domain account

access to dn.base="dc=MEINSERVER"
  by dn="cn=samba,ou=DSA,dc=MEINSERVER" write
  by dn="cn=smbldap-tools,ou=DSA,dc=MEINSERVER" write
  by * none

# samba need to be able to create new users account

access to dn="ou=Users,dc=MEINSERVER"
  by dn="cn=samba,ou=DSA,dc=MEINSERVER" write
  by dn="cn=smbldap-tools,ou=DSA,dc=MEINSERVER" write
  by * none

# samba need to be able to create new groups account

access to dn="ou=Groups,dc=MEINSERVER"
  by dn="cn=samba,ou=DSA,dc=MEINSERVER" write
  by dn="cn=smbldap-tools,ou=DSA,dc=MEINSERVER" write
  by * none

# samba need to be able to create new computers account

access to dn="ou=Computers,dc=MEINSERVER"
  by dn="cn=samba,ou=DSA,dc=MEINSERVER" write
  by dn="cn=smbldap-tools,ou=DSA,dc=MEINSERVER" write
  by * none

[2007/12/17 16:52:25, 20] lib/adt_tree.c:pathtree_print_children(294)
  ROOT/HKLM/SYSTEM/: [CurrentControlSet] (NULL)
[2007/12/17 16:52:25, 20] lib/adt_tree.c:pathtree_print_children(294)
  ROOT/HKLM/SYSTEM/CurrentControlSet/: [Control] (NULL)
[2007/12/17 16:52:25, 20] lib/adt_tree.c:pathtree_print_children(294)
  ROOT/HKLM/SYSTEM/CurrentControlSet/Control/: [Print] (data)
[2007/12/17 16:52:25, 20] lib/adt_tree.c:pathtree_print_children(294)
  ROOT/HKLM/SYSTEM/CurrentControlSet/: [Services] (NULL)
[2007/12/17 16:52:25, 20] lib/adt_tree.c:pathtree_print_children(294)
  ROOT/HKLM/SYSTEM/CurrentControlSet/Services/: [LanmanServer] (NULL)
[2007/12/17 16:52:25, 20] lib/adt_tree.c:pathtree_print_children(294)
  ROOT/HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/: [Shares] (data)
[2007/12/17 16:52:40, 10] passdb/lookup_sid.c:uid_to_sid(1330)
  uid 0 -> sid S-1-22-1-0
[2007/12/17 16:52:56, 10] passdb/lookup_sid.c:gid_to_sid(1359)
  gid 0 -> sid S-1-22-2-0
[2007/12/17 16:52:56, 10] auth/auth_util.c:create_local_nt_token(844)
  Create local NT token for S-1-22-1-0
[2007/12/17 16:53:11, 10] passdb/lookup_sid.c:sid_to_gid(1450)
  winbind failed to find a gid for sid S-1-5-32-544
[2007/12/17 16:53:11, 3] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2007/12/17 16:53:11, 3] smbd/uid.c:push_conn_ctx(358)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2007/12/17 16:53:11, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2007/12/17 16:53:11, 5] auth/auth_util.c:debug_nt_user_token(448)
  NT user token: (NULL)
[2007/12/17 16:53:11, 5] auth/auth_util.c:debug_unix_user_token(474)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2007/12/17 16:53:11, 10] groupdb/mapping.c:pdb_create_builtin_alias(702)
  Trying to create builtin alias 544
[2007/12/17 16:53:11, 10] passdb/lookup_sid.c:check_dom_sid_to_level(663)
  Accepting SID S-1-5-32 in level 1
[2007/12/17 16:53:11, 10] passdb/lookup_sid.c:lookup_sid(941)
  Sid S-1-5-32-544 -> BUILTIN\Administrators(4)
[2007/12/17 16:53:11, 3] groupdb/mapping.c:pdb_create_builtin_alias(723)
  pdb_create_builtin_alias: Could not get a gid out of winbind
[2007/12/17 16:53:11, 0] auth/auth_util.c:create_builtin_administrators(792)
  create_builtin_administrators: Failed to create Administrators
[2007/12/17 16:53:11, 2] auth/auth_util.c:create_local_nt_token(914)
  create_local_nt_token: Failed to create BUILTIN\Administrators group!
[2007/12/17 16:53:11, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0