[Samba] Re: 3.0alpha23 not authenticating with LDAP (RedHat 9) - Now Working!!

Gordon Pritchard gordonp at sfu.ca
Tue May 13 23:12:22 GMT 2003 

	<<in answer to my own earlier posting>>:

On Tue, 2003-05-13 at 14:10, Gordon Pritchard wrote:

> 	I am also using the stock RedHat 9 version of OpenLDAP.  By itself,
> LDAP is working fine:  this is how I log onto my Linux boxes.
> 
> 	Moving onto 'smbclient'... I have my super-duper-domain-joining-
> pseudo-user entered into smbpasswd (chosen to be 'root').  If I run
> smbclient as 'root' (either supplied on the command-line with '-U root',
> or invoking smbclient while I am the system root user), then it behaves
> as it should - I get a listing of available shares.
> 
> 	So far, so good.
> 	Now, same thing, but as any old user but supplying no password.  This
> also allows me to see the available shares, as an anonymous user,

>  Further, if
> I now supply a password for 'gordonp', smbclient responds thusly:
> 
> Doing spnego session setup (blob length=58)
> session setup failed: NT_STATUS_LOGON_FAILURE


	OK - as some of you astute, long-time readers will have guessed, the
answer seems to lie in the smb.conf file.  Specifically, I didn't have
enough LDAP in there.  Some surfing revealed more parameters, which
worked (thanks to http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html
and Ignacio Coupeau).

	Here are now the relevant LDAP parameters in my smb.conf:

==================== Begin Included Text ====================
# SAMBA - LDAP declarations
    passdb backend = ldapsam:ldap://trainwreck/
   ldap suffix = dc=WHITEROCK
   ldap user suffix = ou=Users
   ldap admin dn = cn=Manager,dc=WHITEROCK
   ldap machine suffix = ou=Computers
   ldap ssl = no
====================  End Included Text  ====================

	Now, I am able to perform authenticated browsing with my LDAP users!

	Further testing will have to wait until I'm physically at the (WinXP
Pro) computer, but the Linux components are looking good!

	Thanks for the moral support (and virtual beers :-) ),
	-Gord

-- 
Gordon Pritchard, P.Eng.         | Institute of Electrical and
Research Labs Manager            |      Electronics Engineers
Simon Fraser University, Surrey  | Quarter Century Wireless Ass'n
gordonp at sfu.ca                   | Telephone Pioneers of America
phone:  604.268.7509             | Amateur Radio:  VA7SFU, VA7GP

More information about the samba mailing list