Trying to get Samba working with LDAP

Tony Moran voices at ayahuasca.net
Thu Feb 25 15:16:12 GMT 1999 

Hi, I'm running CVS Samba [2.1.0-prealpha] on Solaris 2.6 [gcc 2.8.1]
and OpenLDAP 1.2 +GDBM, both of which are now running fine, I just
have problems trying to get them working together..  Apart from
the LDAP Support in Samba document at openldap.org I'm mostly in the
dark..

Below are the smb.conf entries for LDAP, what my LDAP tree looks 
like and the error responses from trying to change the password 
of a sambaAccount uid with smbpasswd.   I've entered a dummy password 
into the LDAP sambaAccount entry, and am trying to enter the right one
with smbpasswd.  Possibly I'm just missing something basic in what I'm 
trying to do...  in any case,  any help is much appreciated, and
I'll certainbly do a write up of this whole process soon as I get 
it right.  

Thanks,   Tony



Firstly heres what smbpasswd spits back at me with Debug level  -10

webemea# /usr/local/samba/bin/smbpasswd -D 10 infmin
New SMB password:
Retype new SMB password:
Connected to LDAP server
Searching in [sn=Samba, o=3Com GIS, o=uk] for
[(&(uid=infmin)(objectclass=sambaAccount))]
search: No such object
0 matching entries found
Connection closed
pwdb_smb_map_names
Failed to find entry for user infmin.
Failed to change password entry for infmin



 Here's some of the debug info from slapd that comes upat the same time
 (sorry about the voluminousness of this)



elect activity on 1 descriptors
activity on: 5r
read activity on 5
ber_get_next
ber_get_next: tag 0x30 len 40 contents:
ber_dump: buf 0x5f610, ptr 0x5f610, end 0x5f638
          current len 40, contents:
        02 01 01  `  # 02 01 02 04 1c  c  n  =  M  a  n
         a  g  e  r  , 20  o  =  20 G  I  S, 20  o  =  u  k 80 00 
do_bind
do_bind: version 2 dn (cn=Manager, o=GIS, o=uk) method 128
send_ldap_result 0::
ber_flush: 14 bytes to sd 5
         0 0c 02 01 01  a 07 0a 01 00 04 00 04 00 
listening for connections on 3, activity on: 5r
before select active_threads 0
select activity on 1 descriptors
activity on: 5r
read activity on 5
ber_get_next
ber_get_next: tag 0x30 len 96 contents:
ber_dump: buf 0x5f748, ptr 0x5f748, end 0x5f7a8
          current len 96, contents:
        02 01 02  c  [ 04 1a  s  n  =  S  a  m  b  a  ,
        20  o  =  S  w  a  t 20  G  I  S  , 20  o  =  u
         k 0a 01 01 0a 01 00 02 01 00 02 01 00 01 01 00
        a0  , a3 0d 04 03  u  i  d 04 06  i  n  f  m  i
         n a3 1b 04 0b  o  b  j  e  c  t  c  l  a  s  s
        04 0c  s  a  m  b  a  A  c  c  o  u  n  t  0 00
        (end)
do_search
SRCH "SN=SAMBA,O=GIS,O=UK" 1 0    0 0 0
    filter: (&(uid=INFMIN)(objectclass=SAMBAACCOUNT))
    attrs:
send_ldap_result 32::
ber_flush: 14 bytes to sd 5
         0 0c 02 01 02  e 07 0a 01 20 04 00 04 00 
listening for connections on 3, activity on: 5r
before select active_threads 0
select activity on 1 descriptors
activity on: 5r
read activity on 5
ber_get_next
ber_get_next: tag 0x30 len 5 contents:
ber_dump: buf 0x5d450, ptr 0x5d450, end 0x5d455
          current len 5, contents:
        02 01 03  B 00 
do_unbind





My smb.conf:

[global]

ldap suffix = "cn=Samba o=GIS, o=uk"
ldap bind as = "cn=Manager, o=GIS, o=uk"
ldap passwd file = /usr/local/samba/private/ldappasswd
ldap server = localhost
ldap port = 389

My LDAP data so far :

 I've set up my Directory in stages, using ldapadd.

 firstly I created the database and root using an input file of:

dn: o=GIS, c=uk
o: GIS
description: GIS Company Services
objectClass: organization

 Then secondly I ran ldapadd on :

dn: sn=Samba, o=GIS, c=uk
sn: Samba
description: GIS Samba Service Directory
authority: Tony Moran <tony_moran at ayahuasca.net>
objectClass: sn

 and finally to enter my first Samba uid [Scheme taken from 'OpenLDAP
 Support in Samba' i used :

dn: uid=infmin, sn=Samba, o=GIS, c=uk
uid: infmin
cn: Information Services Admin
description: WIS Administration
uidNumber: 1001
gidNumber: 101
rid: 2001
grouprid: 2000
lmPassword: 1
ntPassword: 2
pwdLastSet: 35C11F1B
smbHome: \\samba1\infmin
homeDrive: Z
script: logon.bat
profile: \\samba1\infmin\profile
workstations: tmoran
objectClass: sambaAccount

 All the additions to the Directory seem to pass without any problems and
 ldapsearches work fine thus :

 webemea# ldapsearch -h localhost -b "o=GIS, c=uk" \
 webemea# 'objectclass=sambaAccount' infmin

uid=infmin, sn=Samba, o=GIS, c=uk


 Most of the information in my infmin account is dummy info - I just wanna
 see if I can get Samba communicating/authenticating via LDAP.


 Finally, this is my slapd.conf, which seems ok..

pidfile         /usr/local/openldap/var/slapd.pid
argsfile        /usr/local/openldap/var/slapd.args

#######################################################################
# ldbm database definitions
#######################################################################

database        ldbm
suffix          "o=GIS, c=uk"
directory       /usr/local/openldap/trial-slapd
rootdn          "cn=Manager, o=GIS, c=uk"
rootpw          secret

More information about the samba-technical mailing list