[Samba] Samba / LDAP : map uid to another field ?
Sylvain
debian.roxx at gmail.com
Thu May 24 07:39:50 MDT 2012
Hi !
I have an OpenLDAP where users DN are in the form «
uid=P1234,ou=people,dc=example,dc=com » and where the login is in the «
eduPersonPrincipalName » attribute (ex : jdoe).
I have configured my system (Debian Squeeze) to authenticate against LDAP
(libpam-ldapd + libnss-ldapd with a mapping uid<->eduPersonPrincipalName),
if I do « ssh jdoe at server », it's works great.
Now I want to give Samba share to theses users so I configured Samba
(3.5.6) to connect to LDAP but I cannot authenticate with
eduPersonPrincipalName, if I use the « uid », it's works.
I have searched for a mapping option in samba but I didn't found...
Is it possible to map « uid » attribute to another attribute ? If yes, how ?
Here the smb.conf :
[global]
server string = %h server
obey pam restrictions = Yes
passdb backend = ldapsam:"ldap://192.168.102.153"
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
domain logons = Yes
domain master = Yes
dns proxy = No
ldap admin dn = cn=admin,dc=example,dc=fr
ldap group suffix = ou=groups
ldap passwd sync = yes
ldap suffix = dc=example,dc=fr
ldap ssl = no
ldap user suffix = ou=people
ldap debug level = 1
ldap debug threshold = 1
panic action = /usr/share/samba/panic-action %d
[netlogon]
path = /srv/samba/netlogon
write list = P1234
browseable = No
[profiles]
path = /srv/samba/export/profiles
valid users = %U
read only = No
create mask = 0600
directory mask = 0700
profile acls = Yes
browseable = No
[homes]
comment = Home Directories
valid users = %S
create mask = 0700
directory mask = 0700
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
printable = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
Here the slapd log which show the use of uid:
May 24 15:34:08 docs-test slapd[623]: conn=1149 fd=19 ACCEPT from IP=
192.168.102.153:55825 (IP=0.0.0.0:389)
May 24 15:34:08 docs-test slapd[623]: conn=1149 op=0 BIND
dn="cn=admin,dc=example,dc=fr" method=128
May 24 15:34:08 docs-test slapd[623]: conn=1149 op=0 BIND
dn="cn=admin,dc=example,dc=fr" mech=SIMPLE ssf=0
May 24 15:34:08 docs-test slapd[623]: conn=1149 op=0 RESULT tag=97 err=0
text=
May 24 15:34:08 docs-test slapd[623]: conn=1149 op=1 SRCH base="" scope=0
deref=0 filter="(objectClass=*)"
May 24 15:34:08 docs-test slapd[623]: conn=1149 op=1 SRCH
attr=supportedControl
May 24 15:34:08 docs-test slapd[623]: conn=1149 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text=
May 24 15:34:08 docs-test slapd[623]: conn=1149 op=2 SRCH
base="dc=example,dc=fr" scope=2 deref=0
filter="(&(uid=sderosiaux)(objectClass=sambaSamAccount))"
May 24 15:34:08 docs-test slapd[623]: conn=1149 op=2 SRCH attr=uid
uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange
sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn
displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath
description sambaUserWorkstations sambaSID sambaPrimaryGroupSID
sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags
sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp
uidNumber gidNumber homeDirectory loginShell gecos
May 24 15:34:08 docs-test slapd[623]: conn=1149 op=2 SEARCH RESULT tag=101
err=0 nentries=0 text=
May 24 15:34:08 docs-test slapd[623]: conn=1149 fd=19 closed (connection
lost)
Thanks for advice,
Sylvain
More information about the samba
mailing list