[Samba] search in ldap
Bradley W. Langhorst
brad at langhorst.com
Wed Aug 21 06:09:02 GMT 2002
I think you misunderstand the guest ok parameter
guest ok (S)
If this parameter is yes for a service, then no password is required
to connect to the service. Privileges will be those of the guest
account.
See the section below on security for more information about this
option.
Default: guest ok = no
(it's not entirely intuitive...)
if removing the guest ok stuff doesn't work then try these...
- did you do smbpasswd -w (to set ldap admin password)
- what is in /etc/samba/users.map
- increase logging and post a logon attempt here.
- start with a new smb.conf
On Wed, 2002-08-21 at 10:02, Camus Moire wrote:
> On 21 Aug 2002 09:01:48 -0400
> "Bradley W. Langhorst" <brad at langhorst.com> wrote:
>
> > you need to post more info
> > smb.conf parameters
> > slapd.conf
> >
> > ldapsearch -x uid=user
> >
>
>
> Hi Brad,
>
> user is testuser
> pwd is test
>
> included: ldapsearch -x uid=testuser
> and testparm output.
>
> ---------------------------------------------------------------
> version: 2
>
> #
> # filter: uid=testuser
> # requesting: ALL
> #
>
> # testuser, employee, i, a, firm, de
> dn: uid=testuser,ou=employee,ou=i,o=a,dc=firm,dc=de
> cn: testuser
> uid: testuser
> uidNumber: 3006
> gidNumber: 1000
> homeDirectory: /home/testuser
> loginShell: /bin/false
> gecos: System User
> description: System User
> objectClass: top
> objectClass: account
> objectClass: posixAccount
> objectClass: sambaAccount
> pwdLastSet: 0
> logonTime: 0
> logoffTime: 2147483647
> kickoffTime: 2147483647
> pwdCanChange: 0
> pwdMustChange: 2147483647
> displayName: System User
> acctFlags: [UX]
> rid: 7012
> primaryGroupID: 3001
> homeDrive: k:
> smbHome: \\server\homes
> profilePath: \\server\profiles\testuser
> scriptPath: testuser.cmd
> lmPassword: 01FC5A6BE7BC6929AAD3B435B51404EE
> ntPassword: 0CB6948805F797BF2A82807973B89537
> userPassword:: e1NTSEF9Qk5hUG94K0RkZW5YSklDTktBbFEwNXV5ckdCS0hjWjc=
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
>
> -----------------------------------------------------------------
>
> Load smb config files from smb.conf
> Processing section "[netlogon]"
> Processing section "[profiles]"
> Processing section "[homes]"
> Processing section "[fonts]"
> Loaded services file OK.
> Press enter to see a dump of your service definitions
> # Global parameters
> [global]
> coding system =
> client code page = 850
> code page directory = /usr/share/samba/codepages
> workgroup = NETZWERK
> netbios name =
> netbios aliases =
> netbios scope =
> server string = ldap test
> interfaces = 192.168.168.0/255.255.255.0
> bind interfaces only = No
> security = USER
> encrypt passwords = Yes
> update encrypted = No
> allow trusted domains = Yes
> hosts equiv =
> min passwd length = 5
> map to guest = Never
> null passwords = No
> obey pam restrictions = No
> password server =
> smb passwd file = //etc/samba/smbpasswd
> root directory =
> pam password change = No
> passwd program = /usr/sbin/smbldap-passwd.pl -o %u
> passwd chat = *new*password* %n\n *new*password* %n\n *successfully*
> passwd chat debug = No
> username map = /etc/samba/users.map
> password level = 0
> username level = 0
> unix password sync = Yes
> restrict anonymous = No
> lanman auth = Yes
> use rhosts = No
> admin log = No
> log level = 5
> syslog = 1
> syslog only = No
> log file = /var/log/samba/%m.log
> max log size = 0
> timestamp logs = Yes
> debug hires timestamp = No
> debug pid = No
> debug uid = No
> protocol = NT1
> large readwrite = No
> max protocol = NT1
> min protocol = CORE
> read bmpx = No
> read raw = Yes
> write raw = Yes
> nt smb support = Yes
> nt pipe support = Yes
> nt status support = Yes
> announce version = 4.5
> announce as = NT
> max mux = 50
> max xmit = 65535
> name resolve order = lmhosts host wins bcast
> max packet = 65535
> max ttl = 259200
> max wins ttl = 518400
> min wins ttl = 21600
> time server = No
> unix extensions = No
> change notify timeout = 60
> deadtime = 0
> getwd cache = Yes
> keepalive = 300
> lpq cache time = 10
> max smbd processes = 0
> max disk size = 0
> max open files = 10000
> read size = 16384
> socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> stat cache size = 50
> use mmap = Yes
> total print jobs = 0
> load printers = Yes
> printcap name = /etc/printcap
> disable spoolss = No
> enumports command =
> addprinter command =
> deleteprinter command =
> show add printer wizard = Yes
> os2 driver map =
> strip dot = No
> mangling method = hash
> character set = ISO8859-15
> mangled stack = 50
> stat cache = Yes
> domain admin group = "@"Domain Admins""
> domain guest group =
> machine password timeout = 604800
> add user script = /usr/sbin/smbldap-useradd.pl -w %u
> delete user script =
> logon script =
> logon path = \\%N\%U\profile
> logon drive = k:
> logon home = \\%N\%U
> domain logons = Yes
> os level = 80
> lm announce = Auto
> lm interval = 60
> preferred master = False
> local master = Yes
> domain master = True
> browse list = Yes
> enhanced browsing = Yes
> dns proxy = No
> wins proxy = No
> wins server =
> wins support = Yes
> wins hook =
> kernel oplocks = Yes
> lock spin count = 3
> lock spin time = 10
> oplock break wait time = 0
> ldap server = 127.0.0.1
> ldap port = 389
> ldap suffix = dc=firm,dc=de
> ldap filter = (&(uid=%u)(objectclass=sambaAccount))
> ldap admin dn = cn=Man,dc=firm,dc=de
> ldap ssl = no
> ldap del only sam attr = No
> add share command =
> change share command =
> delete share command =
> config file =
> preload =
> lock dir = /var/lib/samba
> pid directory = /var/run/samba
> utmp directory =
> wtmp directory =
> utmp = No
> default service =
> message command =
> dfree command =
> valid chars =
> remote announce =
> remote browse sync =
> socket address = 0.0.0.0
> homedir map = auto.home
> time offset = 0
> NIS homedir = No
> source environment =
> panic action =
> hide local users = No
> host msdfs = No
> winbind uid =
> winbind gid =
> template homedir = /home/%D/%U
> template shell = /bin/false
> winbind separator = \
> winbind cache time = 15
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = No
> comment =
> path =
> alternate permissions = No
> username =
> guest account = nobody
> invalid users =
> valid users =
> admin users =
> read list =
> write list =
> printer admin =
> force user =
> force group =
> read only = Yes
> create mask = 0664
> force create mode = 00
> security mask = 0777
> force security mode = 00
> directory mask = 0775
> force directory mode = 00
> directory security mask = 0777
> force directory security mode = 00
> force unknown acl user = 00
> inherit permissions = No
> inherit acls = No
> guest only = No
> guest ok = No
> only user = No
> hosts allow =
> hosts deny =
> status = Yes
> nt acl support = Yes
> block size = 1024
> max connections = 0
> min print space = 0
> strict allocate = No
> strict sync = No
> sync always = No
> write cache size = 0
> max print jobs = 1000
> printable = No
> postscript = No
> printing = bsd
> print command = lpr -r -P%p %s
> lpq command = lpq -P%p
> lprm command = lprm -P%p %j
> lppause command =
> lpresume command =
> queuepause command =
> queueresume command =
> printer name =
> use client driver = No
> default devmode = No
> printer driver =
> printer driver file = //etc/samba/printers.def
> printer driver location =
> default case = lower
> case sensitive = No
> preserve case = Yes
> short preserve case = Yes
> mangle case = No
> mangling char = ~
> hide dot files = Yes
> hide unreadable = No
> delete veto files = No
> veto files = /Icon?/ICON?/*.eml/*.nws/riched20.dll/*.{*}/.AppleDouble/TheFindByContentFolder/Network Trash Folder/TheVolumeSettingsFolder/.AppleDesktop/.bin/
> hide files =
> veto oplock files =
> map system = No
> map hidden = No
> map archive = Yes
> mangled names = Yes
> mangled map =
> browseable = Yes
> blocking locks = Yes
> csc policy = manual
> fake oplocks = No
> locking = Yes
> oplocks = No
> level2 oplocks = No
> oplock contention limit = 2
> posix locking = Yes
> strict locking = No
> share modes = Yes
> copy =
> include =
> exec =
> preexec close = No
> postexec =
> root preexec =
> root preexec close = No
> root postexec =
> available = Yes
> volume =
> fstype = NTFS
> set directory = No
> wide links = Yes
> follow symlinks = Yes
> dont descend =
> magic script =
> magic output =
> delete readonly = No
> dos filemode = No
> dos filetimes = No
> dos filetime resolution = No
> fake directory create times = No
> vfs object =
> vfs options =
> msdfs root = No
>
> [netlogon]
> comment = Network Logon Service
> path = /var/lib/samba/netlogon
> guest ok = Yes
>
> [profiles]
> path = /var/lib/samba/profiles
> read only = No
> create mask = 0644
> directory mask = 0755
> guest ok = Yes
> browseable = No
>
> [homes]
> comment = Home
> valid users = %S
> read only = No
> create mask = 0640
> browseable = No
>
> [fonts]
> comment = PC Fonts
> path = /share/fonts-pc
> read only = No
> guest ok = Yes
>
> --------------------------------------------------
>
> Regards,
>
> Camus Moire
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
>
>
More information about the samba
mailing list