Re: 3.0alpha23 not authenticating with LDAP (RedHat 9) - Now
gordonp at sfu.ca
Tue May 13 23:12:22 GMT 2003
<<in answer to my own earlier posting>>:
On Tue, 2003-05-13 at 14:10, Gordon Pritchard wrote:
> I am also using the stock RedHat 9 version of OpenLDAP. By itself,
> LDAP is working fine: this is how I log onto my Linux boxes.
> Moving onto 'smbclient'... I have my super-duper-domain-joining-
> pseudo-user entered into smbpasswd (chosen to be 'root'). If I run
> smbclient as 'root' (either supplied on the command-line with '-U root',
> or invoking smbclient while I am the system root user), then it behaves
> as it should - I get a listing of available shares.
> So far, so good.
> Now, same thing, but as any old user but supplying no password. This
> also allows me to see the available shares, as an anonymous user,
> Further, if
> I now supply a password for 'gordonp', smbclient responds thusly:
> Doing spnego session setup (blob length=58)
> session setup failed: NT_STATUS_LOGON_FAILURE
OK - as some of you astute, long-time readers will have guessed, the
answer seems to lie in the smb.conf file. Specifically, I didn't have
enough LDAP in there. Some surfing revealed more parameters, which
worked (thanks to http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html
and Ignacio Coupeau).
Here are now the relevant LDAP parameters in my smb.conf:
==================== Begin Included Text ====================
# SAMBA - LDAP declarations
passdb backend = ldapsam:ldap://trainwreck/
ldap suffix = dc=WHITEROCK
ldap user suffix = ou=Users
ldap admin dn = cn=Manager,dc=WHITEROCK
ldap machine suffix = ou=Computers
ldap ssl = no
==================== End Included Text ====================
Now, I am able to perform authenticated browsing with my LDAP users!
Further testing will have to wait until I'm physically at the (WinXP
Pro) computer, but the Linux components are looking good!
Thanks for the moral support (and virtual beers :-) ),
Gordon Pritchard, P.Eng. | Institute of Electrical and
Research Labs Manager | Electronics Engineers
Simon Fraser University, Surrey | Quarter Century Wireless Ass'n
gordonp at sfu.ca | Telephone Pioneers of America
phone: 604.268.7509 | Amateur Radio: VA7SFU, VA7GP
More information about the samba