AW: [Samba] 3.0alpha23 not authenticating with LDAP (RedHat 9) - Helpneeded!

[Jürgen Hötzel]

Hi, 
> Hi!
> 
> 	I am trying to migrate to a new server, with a 
> shiny-new installation of RedHat 9.  I have downloaded the 
> 3.0alpha23 rpm intended for RedHat 8.0...
I use it on RedHat ES 2.1 and Redhat 8.0 without Problems (I use the
Source-RPMs).
> 
> 	I am also using the stock RedHat 9 version of OpenLDAP. 
>  By itself, LDAP is working fine:  this is how I log onto my 
> Linux boxes.  I am including one sample user (me) below, 
> which I extracted using "ldapsearch -x".
> 
> Unknown parameter encountered: "ldap port"
> Ignoring unknown parameter "ldap port"
> Unknown parameter encountered: "ldap server"
> Ignoring unknown parameter "ldap server"
LDAP ist not enabled by default in the RPMs. You should download the
SRPMs and add
--with-ldapsam 
in the samba.spec file.
> # gordonp, Users, WHITEROCK
> dn: uid=gordonp,ou=Users,dc=WHITEROCK
> cn: gordonp
> sn: gordonp
> uid: gordonp
> uidNumber: 1001
> gidNumber: 200
> homeDirectory: /home/gordonp
> loginShell: /bin/bash
> gecos: System User
> description: System User
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: sambaAccount
> pwdLastSet: 0
> logonTime: 0
> logoffTime: 2147483647
> kickoffTime: 2147483647
> pwdCanChange: 0
> pwdMustChange: 2147483647
> displayName: System User
> acctFlags: [UX]
> rid: 3002
> primaryGroupID: 1401
> homeDrive: H:
> smbHome: \\PDC-SRV\homes
> profilePath: \\PDC-SRV\profiles\gordonp
> scriptPath: gordonp.cmd
> lmPassword: 6224B0199F8273C3AAD3B435B51404EE
> ntPassword: 8747D6F1DF9E9C1034D3754CC0350D6B
> userPassword:: e1NTSEF9cmxIUkRJWVJCdWVQaW15QmNTSGwxbVh4bUE1UENqSXU=
If this is a result of "ldapsearch -x" you have a security Problem. 
the Password attributes should only be readable by authenticated Users. 
Use something like

access to attrs=userPassword,lmPassword,ntPassword
  by self write
  by * auth

in your slapd.conf.

Jürgen