[Samba] Samba and LDAP backend - howto docs problems?

Wim Bakker wim at unetix.nl
Fri Apr 9 11:39:39 GMT 2004 

On Friday 09 April 2004 04:00, Suhaimi Jamalludin wrote:
> Hi  Wim Bakker,
>
> You have to make sure that LDAP is running withi out any error.
> Can you do this (note: make sure there is no ACL applied on the
> slapd.conf else you wont see the out put ofyour DN):
>     # ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
>
> Is there any out put?
>
> Can you please show me your smb.conf Globla config

Hai, 
Yes ldapsearch gives decent output.
I found the error, I think, at least , it's working now.
I used initially ldap-2.2.8. , I reinstalled everything but now
with ldap-2.1.19 (after noticing somewhere that ldap-2.0/2.1
were tested ) and now I get users added.
The only thing I had to change from the example in chapter 2
of the reference guide was the ldap admin dn from cn=Manager
to cn=Manager,dc=unetix,dc=nl.
My smb.conf (global section):
[global]
        workgroup = AMSTERDAM
        netbios name = TEST
        server string = Samba PDC running %v
        passdb backend = ldapsam:ldap://localhost
        username map = /etc/samba/smbusers
        encrypt passwords = Yes
        update encrypted = Yes
        socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 
SO_RCVBUF=8192
        add machine script = /usr/sbin/useradd -g machines -c Machine -d /dev/
null -s /bin/false %u$
        add user script = /usr/sbin/useradd -g users -m -s /bin/false %u
        delete user script = /usr/sbin/userdel -r %u
        add group script = /usr/sbin/groupadd %g
        delete group script = /usr/sbin/groupdel %g
        add user to group script = /usr/sbin/usermod -G %g %u
        logon script = logon.bat
        logon path = \\%L\profiles\%U
        logon drive = H:
        logon home = \\%L\%U\.profile
        domain logons = Yes
        os level = 255
        preferred master = Yes
        domain master = Yes
        local master = Yes
        wins support = Yes
        ldap suffix = dc=unetix,dc=nl
        ldap machine suffix = ou=People
        ldap user suffix = ou=People
        ldap group suffix = ou=People
        ldap idmap suffix = ou=People
        ldap admin dn = "cn=Manager,dc=unetix,dc=nl"
        ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
        ldap ssl = Off
        ldap passwd sync = No
        idmap uid = 15000-20000
        idmap gid = 15000-20000
        winbind separator = +
        admin users = @wheel

my slapd.conf:
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/samba.schema
pidfile         /var/run/slapd.pid
argsfile        /var/run/slapd.args
database        bdb
suffix          "dc=unetix,dc=nl"
rootdn          "cn=Manager,dc=unetix,dc=nl"
rootpw          {SSHA}4qk9y4r03iIV2ZxG0rvPdUjO4Eg2ZSCF
directory       /var/openldap-data
index           cn,sn,uid,displayName           pres,sub,eq
index           uidNumber,gidNumber             eq
index           sambaSID                        eq
index           sambaPrimaryGroupSID            eq
index           sambaDomainName                 eq
index memberUid     eq
index   objectClass     eq

I compiled ldap-2.1.19 with :
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
samba-3.0.3pre2 with:
./configure --with-automount --with-smbmount --with-acl-support 
--with-libsmbclient --with-configdir=/etc/samba --with-logfilebase=/var/log/
samba --with-privatedir=/etc/samba/private --with-lockdir=/var/lock/samba 
--with-piddir=/var/run --with-mysql-prefix=/usr/local/mysql 
--with-expsam=mysql --enable-cups --with-ldap

I didn't use nss ldap and pam ldap , users I have first to add to /etc/passwd
, than I can add them with smbpasswd -a.

output ldapsearch -x -b 'dc=unetix,dc=nl' '(objectclass=*)' :

# extended LDIF
#
# LDAPv3
# base <dc=unetix,dc=nl> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#

# unetix.nl
dn: dc=unetix,dc=nl
objectClass: dcObject
objectClass: organization
dc: unetix
o: Quenya Org Network
description: The Samba-3 Network LDAP Example

# Manager, unetix.nl
dn: cn=Manager,dc=unetix,dc=nl
objectClass: organizationalRole
cn: Manager
description: Directory Manager

# People, unetix.nl
dn: ou=People,dc=unetix,dc=nl
objectClass: top
objectClass: organizationalUnit
ou: People

# admin, People, unetix.nl
dn: cn=admin,ou=People,dc=unetix,dc=nl
cn: admin
objectClass: top
objectClass: organizationalRole
objectClass: simpleSecurityObject
userPassword:: e1NTSEF9NHFrOXk0cjAzaUlWMlp4RzBydlBkVWpPNEVnMlpTQ0Y=

# Groups, unetix.nl
dn: ou=Groups,dc=unetix,dc=nl
objectClass: top
objectClass: organizationalUnit
ou: Groups

# admin, Groups, unetix.nl
dn: cn=admin,ou=Groups,dc=unetix,dc=nl
cn: admin
objectClass: top
objectClass: organizationalRole
objectClass: simpleSecurityObject
userPassword:: e1NTSEF9NHFrOXk0cjAzaUlWMlp4RzBydlBkVWpPNEVnMlpTQ0Y=

# Computers, unetix.nl
dn: ou=Computers,dc=unetix,dc=nl
objectClass: top
objectClass: organizationalUnit
ou: Computers

# admin, Computers, unetix.nl
dn: cn=admin,ou=Computers,dc=unetix,dc=nl
cn: admin
objectClass: top
objectClass: organizationalRole
objectClass: simpleSecurityObject
userPassword:: e1NTSEF9NHFrOXk0cjAzaUlWMlp4RzBydlBkVWpPNEVnMlpTQ0Y=

# AMSTERDAM, unetix.nl
dn: sambaDomainName=AMSTERDAM,dc=unetix,dc=nl
sambaDomainName: AMSTERDAM
sambaSID: S-1-5-21-2053538423-3623938635-3332097444
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
sambaNextUserRid: 41000
sambaNextGroupRid: 41001

# gerrit, People, unetix.nl
dn: uid=gerrit,ou=People,dc=unetix,dc=nl
uid: gerrit
sambaSID: S-1-5-21-2053538423-3623938635-3332097444-67670
sambaPrimaryGroupSID: S-1-5-21-2053538423-3623938635-3332097444-1201
sambaPwdCanChange: 1081504922
sambaPwdMustChange: 2147483647
sambaLMPassword: BF33E1D731D97755AAD3B435B51404EE
sambaNTPassword: E49B11B16B5C046D8475BF5F0B82304B
sambaPwdLastSet: 1081504922
sambaAcctFlags: [U          ]
objectClass: sambaSamAccount
objectClass: account

# krelis, People, unetix.nl
dn: uid=krelis,ou=People,dc=unetix,dc=nl
uid: krelis
sambaSID: S-1-5-21-2053538423-3623938635-3332097444-67672
sambaPrimaryGroupSID: S-1-5-21-2053538423-3623938635-3332097444-1201
sambaPwdCanChange: 1081504967
sambaPwdMustChange: 2147483647
sambaLMPassword: 644DC242C2698CFDAAD3B435B51404EE
sambaNTPassword: 7A2773DD002533663A5325F83AB71D15
sambaPwdLastSet: 1081504967
sambaAcctFlags: [U          ]
objectClass: sambaSamAccount
objectClass: account

# search result
search: 2
result: 0 Success

# numResponses: 12
# numEntries: 11

I added to users , krelis and gerrit.

Output smbclient -L test -U krelis
Password:
Domain=[AMSTERDAM] OS=[Unix] Server=[Samba 3.0.3pre2]

        Sharename       Type      Comment
        ---------       ----      -------
        public          Disk
        pdf             Printer   pdf printer
        print$          Disk      Printer Driver Download Area
        IPC$            IPC       IPC Service (Samba PDC running 3.0.3pre2)
        ADMIN$          IPC       IPC Service (Samba PDC running 3.0.3pre2)
        lp              Printer   lp
        krelis          Disk      Home directory of krelis
Domain=[AMSTERDAM] OS=[Unix] Server=[Samba 3.0.3pre2]

        Server               Comment
        ---------            -------
        TEST                 Samba PDC running 3.0.3pre2

        Workgroup            Master
        ---------            -------
        AMSTERDAM            TEST
        UNETIX               FILESERVER

Seems like it's working basically.
Now nss ldap and pam ldap.

TIA
Wim Bakker

More information about the samba mailing list