[Samba] ldap configuration oddity

Patrick W. Riehecky prieheck at iwu.edu
Fri Dec 3 17:14:01 GMT 2004 

Hey, I am totally confused/lost/confused getting this config working.

I am trying to get samba to authenticate against LDAP.  After reading a 
bunch of docs I generated the config at the end.

When I run testparm against it I get:
Load smb config files from /etc/samba/smb.conf
Unknown parameter encountered: "ldap server"
Ignoring unknown parameter "ldap server"
   and then the rest of my config file INCLUDING 
passdb backend = ldapsam:ldaps://accounts.iwu.edu

I would suspect that LDAP support is not compiled in for this binary, 
except then testparm should complain a bit more about all my LDAP 
config settings, not just the ldap server setting.  Furthermore, I am 
using Fedora's rpm, and I think that they would either offer a LDAP 
enabled rpm or enable it themselves - I cannot locate a rpm that states 
that it is LDAP enabled, so my guess is the former.

I am using Samba version 3.0.9-1.fc3 for Fedora Core 3.
Here is my config file.
your thoughts?

--------
[global]
        server string = %h (Samba %v)

        log file = /var/log/samba/log.%m
        log level = 5
        max log size = 100

        dns proxy = No
        socket options = IPTOS_LOWDELAY TCP_NODELAY

        security = user
        obey pam restrictions = Yes
        encrypt passwords = Yes

        default = homes
        load printers = No
        show add printer wizard = No

        max disk size = 300

        invalid users = root @wheel @root
        wide links = No

        hide unreadable = Yes
        hide special files = Yes
        veto files = /,/proc,/dev,/sys,/etc,/boot,/lib,/home
        dont descend = /,/proc,/dev,/sys,/etc,/boot,/lib,/home


        ldap server = accounts.iwu.edu
        ldap admin dn = "cn=foo,ou=bar,dc=iwu,dc=edu"
        ldap suffix = dc=iwu,dc=edu
        ldap ssl = start tls
        ldap delete dn = No

        ldap filter = (&(uid=%u)(objectclass=sambaSamAccunt))
        idmap backend = ldap:ldap://accounts.iwu.edu
        ldap user suffix = ou=foo
        ldap group suffix = ou=bar

        passdb backend = ldapsam:ldaps://accounts.iwu.edu
        ldap passwd sync = Yes

[homes]
        comment = %S's Home Directory
        valid users = %S
        browseable = no
        read only = no
----------------------

More information about the samba mailing list