[Samba] Samba and LDAP backend - howto docs problems?
Wim Bakker
wim at unetix.nl
Fri Apr 9 11:39:39 GMT 2004
On Friday 09 April 2004 04:00, Suhaimi Jamalludin wrote:
> Hi Wim Bakker,
>
> You have to make sure that LDAP is running withi out any error.
> Can you do this (note: make sure there is no ACL applied on the
> slapd.conf else you wont see the out put ofyour DN):
> # ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
>
> Is there any out put?
>
> Can you please show me your smb.conf Globla config
Hai,
Yes ldapsearch gives decent output.
I found the error, I think, at least , it's working now.
I used initially ldap-2.2.8. , I reinstalled everything but now
with ldap-2.1.19 (after noticing somewhere that ldap-2.0/2.1
were tested ) and now I get users added.
The only thing I had to change from the example in chapter 2
of the reference guide was the ldap admin dn from cn=Manager
to cn=Manager,dc=unetix,dc=nl.
My smb.conf (global section):
[global]
workgroup = AMSTERDAM
netbios name = TEST
server string = Samba PDC running %v
passdb backend = ldapsam:ldap://localhost
username map = /etc/samba/smbusers
encrypt passwords = Yes
update encrypted = Yes
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
SO_RCVBUF=8192
add machine script = /usr/sbin/useradd -g machines -c Machine -d /dev/
null -s /bin/false %u$
add user script = /usr/sbin/useradd -g users -m -s /bin/false %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G %g %u
logon script = logon.bat
logon path = \\%L\profiles\%U
logon drive = H:
logon home = \\%L\%U\.profile
domain logons = Yes
os level = 255
preferred master = Yes
domain master = Yes
local master = Yes
wins support = Yes
ldap suffix = dc=unetix,dc=nl
ldap machine suffix = ou=People
ldap user suffix = ou=People
ldap group suffix = ou=People
ldap idmap suffix = ou=People
ldap admin dn = "cn=Manager,dc=unetix,dc=nl"
ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
ldap ssl = Off
ldap passwd sync = No
idmap uid = 15000-20000
idmap gid = 15000-20000
winbind separator = +
admin users = @wheel
my slapd.conf:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/samba.schema
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
database bdb
suffix "dc=unetix,dc=nl"
rootdn "cn=Manager,dc=unetix,dc=nl"
rootpw {SSHA}4qk9y4r03iIV2ZxG0rvPdUjO4Eg2ZSCF
directory /var/openldap-data
index cn,sn,uid,displayName pres,sub,eq
index uidNumber,gidNumber eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index memberUid eq
index objectClass eq
I compiled ldap-2.1.19 with :
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
samba-3.0.3pre2 with:
./configure --with-automount --with-smbmount --with-acl-support
--with-libsmbclient --with-configdir=/etc/samba --with-logfilebase=/var/log/
samba --with-privatedir=/etc/samba/private --with-lockdir=/var/lock/samba
--with-piddir=/var/run --with-mysql-prefix=/usr/local/mysql
--with-expsam=mysql --enable-cups --with-ldap
I didn't use nss ldap and pam ldap , users I have first to add to /etc/passwd
, than I can add them with smbpasswd -a.
output ldapsearch -x -b 'dc=unetix,dc=nl' '(objectclass=*)' :
# extended LDIF
#
# LDAPv3
# base <dc=unetix,dc=nl> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#
# unetix.nl
dn: dc=unetix,dc=nl
objectClass: dcObject
objectClass: organization
dc: unetix
o: Quenya Org Network
description: The Samba-3 Network LDAP Example
# Manager, unetix.nl
dn: cn=Manager,dc=unetix,dc=nl
objectClass: organizationalRole
cn: Manager
description: Directory Manager
# People, unetix.nl
dn: ou=People,dc=unetix,dc=nl
objectClass: top
objectClass: organizationalUnit
ou: People
# admin, People, unetix.nl
dn: cn=admin,ou=People,dc=unetix,dc=nl
cn: admin
objectClass: top
objectClass: organizationalRole
objectClass: simpleSecurityObject
userPassword:: e1NTSEF9NHFrOXk0cjAzaUlWMlp4RzBydlBkVWpPNEVnMlpTQ0Y=
# Groups, unetix.nl
dn: ou=Groups,dc=unetix,dc=nl
objectClass: top
objectClass: organizationalUnit
ou: Groups
# admin, Groups, unetix.nl
dn: cn=admin,ou=Groups,dc=unetix,dc=nl
cn: admin
objectClass: top
objectClass: organizationalRole
objectClass: simpleSecurityObject
userPassword:: e1NTSEF9NHFrOXk0cjAzaUlWMlp4RzBydlBkVWpPNEVnMlpTQ0Y=
# Computers, unetix.nl
dn: ou=Computers,dc=unetix,dc=nl
objectClass: top
objectClass: organizationalUnit
ou: Computers
# admin, Computers, unetix.nl
dn: cn=admin,ou=Computers,dc=unetix,dc=nl
cn: admin
objectClass: top
objectClass: organizationalRole
objectClass: simpleSecurityObject
userPassword:: e1NTSEF9NHFrOXk0cjAzaUlWMlp4RzBydlBkVWpPNEVnMlpTQ0Y=
# AMSTERDAM, unetix.nl
dn: sambaDomainName=AMSTERDAM,dc=unetix,dc=nl
sambaDomainName: AMSTERDAM
sambaSID: S-1-5-21-2053538423-3623938635-3332097444
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
sambaNextUserRid: 41000
sambaNextGroupRid: 41001
# gerrit, People, unetix.nl
dn: uid=gerrit,ou=People,dc=unetix,dc=nl
uid: gerrit
sambaSID: S-1-5-21-2053538423-3623938635-3332097444-67670
sambaPrimaryGroupSID: S-1-5-21-2053538423-3623938635-3332097444-1201
sambaPwdCanChange: 1081504922
sambaPwdMustChange: 2147483647
sambaLMPassword: BF33E1D731D97755AAD3B435B51404EE
sambaNTPassword: E49B11B16B5C046D8475BF5F0B82304B
sambaPwdLastSet: 1081504922
sambaAcctFlags: [U ]
objectClass: sambaSamAccount
objectClass: account
# krelis, People, unetix.nl
dn: uid=krelis,ou=People,dc=unetix,dc=nl
uid: krelis
sambaSID: S-1-5-21-2053538423-3623938635-3332097444-67672
sambaPrimaryGroupSID: S-1-5-21-2053538423-3623938635-3332097444-1201
sambaPwdCanChange: 1081504967
sambaPwdMustChange: 2147483647
sambaLMPassword: 644DC242C2698CFDAAD3B435B51404EE
sambaNTPassword: 7A2773DD002533663A5325F83AB71D15
sambaPwdLastSet: 1081504967
sambaAcctFlags: [U ]
objectClass: sambaSamAccount
objectClass: account
# search result
search: 2
result: 0 Success
# numResponses: 12
# numEntries: 11
I added to users , krelis and gerrit.
Output smbclient -L test -U krelis
Password:
Domain=[AMSTERDAM] OS=[Unix] Server=[Samba 3.0.3pre2]
Sharename Type Comment
--------- ---- -------
public Disk
pdf Printer pdf printer
print$ Disk Printer Driver Download Area
IPC$ IPC IPC Service (Samba PDC running 3.0.3pre2)
ADMIN$ IPC IPC Service (Samba PDC running 3.0.3pre2)
lp Printer lp
krelis Disk Home directory of krelis
Domain=[AMSTERDAM] OS=[Unix] Server=[Samba 3.0.3pre2]
Server Comment
--------- -------
TEST Samba PDC running 3.0.3pre2
Workgroup Master
--------- -------
AMSTERDAM TEST
UNETIX FILESERVER
Seems like it's working basically.
Now nss ldap and pam ldap.
TIA
Wim Bakker
More information about the samba
mailing list