AW: [Samba] 3.0alpha23 not authenticating with LDAP (RedHat 9) -
Helpneeded!
Jürgen Hötzel
hoetzel at cyperfection.de
Wed May 14 08:12:35 GMT 2003
Hi,
> Hi!
>
> I am trying to migrate to a new server, with a
> shiny-new installation of RedHat 9. I have downloaded the
> 3.0alpha23 rpm intended for RedHat 8.0...
I use it on RedHat ES 2.1 and Redhat 8.0 without Problems (I use the
Source-RPMs).
>
> I am also using the stock RedHat 9 version of OpenLDAP.
> By itself, LDAP is working fine: this is how I log onto my
> Linux boxes. I am including one sample user (me) below,
> which I extracted using "ldapsearch -x".
>
> Unknown parameter encountered: "ldap port"
> Ignoring unknown parameter "ldap port"
> Unknown parameter encountered: "ldap server"
> Ignoring unknown parameter "ldap server"
LDAP ist not enabled by default in the RPMs. You should download the
SRPMs and add
--with-ldapsam
in the samba.spec file.
> # gordonp, Users, WHITEROCK
> dn: uid=gordonp,ou=Users,dc=WHITEROCK
> cn: gordonp
> sn: gordonp
> uid: gordonp
> uidNumber: 1001
> gidNumber: 200
> homeDirectory: /home/gordonp
> loginShell: /bin/bash
> gecos: System User
> description: System User
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: sambaAccount
> pwdLastSet: 0
> logonTime: 0
> logoffTime: 2147483647
> kickoffTime: 2147483647
> pwdCanChange: 0
> pwdMustChange: 2147483647
> displayName: System User
> acctFlags: [UX]
> rid: 3002
> primaryGroupID: 1401
> homeDrive: H:
> smbHome: \\PDC-SRV\homes
> profilePath: \\PDC-SRV\profiles\gordonp
> scriptPath: gordonp.cmd
> lmPassword: 6224B0199F8273C3AAD3B435B51404EE
> ntPassword: 8747D6F1DF9E9C1034D3754CC0350D6B
> userPassword:: e1NTSEF9cmxIUkRJWVJCdWVQaW15QmNTSGwxbVh4bUE1UENqSXU=
If this is a result of "ldapsearch -x" you have a security Problem.
the Password attributes should only be readable by authenticated Users.
Use something like
access to attrs=userPassword,lmPassword,ntPassword
by self write
by * auth
in your slapd.conf.
Jürgen
More information about the samba
mailing list