[Samba] How to use another attribute than the uid ?
raphael gommeaux
raphael.gommeaux at gmail.com
Thu Mar 3 00:41:07 MST 2011
Hi,
I use Samba 3.5.4 PDC with ldap backend on a sles10 server with kernel smp
2.6.16.60-0.21.
On the ldap, the uid attribute can't be used for reasons beyond my control.
So i must use another attribute for the authentication (uidAuth).
In order to achieve this, i edited 3 files :
=> ldap.conf
=> smb.conf
=> nsswitch.conf
============================================================================
I have added these parameters to my ldap.conf :
pam_login_attribute uidAuth
pam_template_login_attribute uidAuth
pam_password exop
nss_base_passwd ou=users,ou=ent,ou=box,c=fr?one?objectClass=posixAccount
nss_base_shadow ou=users,ou=ent,ou=box,c=fr?one?objectClass=shadowAccount
nss_base_group ou=groups,ou=ent,ou=box,c=fr
nss_map_attribute uid uidAuth
=========================================================
smb.conf :
[global]
admin users = @admins, root
dns proxy = No
domain logons = Yes
domain master = Yes
dos filetime resolution = Yes
ldap admin dn = cn=admin,ou=adms,ou=box,c=fr
ldap ssl = No
ldap suffix = ou=ent,ou=box,c=fr
ldap timeout = 25
ldap user suffix = ou=users
ldap machine suffix = ou=computers
ldap group suffix = ou=groups
obey pam restrictions = yes
log file = /var/log/samba/%m.log
log level = 10
logon drive = I:
logon path =
logon script = %U.bat
max log size = 5000
name resolve order = wins host bcast lmhosts
os level = 255
passdb backend = ldapsam:ldap://192.168.1.50
preferred master = Yes
socket options = SO_KEEPALIVE TCP_NODELAY IPTOS_LOWDELAY
time server = Yes
update encrypted = Yes
username map = /etc/samba/smbusers
wins proxy = Yes
wins support = Yes
workgroup = DOMTEST
===================================================================
nsswitch.conf :
passwd: files ldap
shadow: files ldap
group: files ldap
==========================================================
Results :
1) Getent ok :
When i tested it with getent, i got the correct answer from the ldap.
2) I can't login with samba :
When i try to login with samba, the log indicates that samba does not use
these parameters. It search on the uid.
In the samba log of the station i have found
"filter=>[(&(uid=john.doe)(objectClass=sambaSamAccount))]" and "couldn't
find user 'john.doe' in passdb".
--------------
Question :
Anybody know how to force samba to use another attribute than the uid ?
More information about the samba
mailing list