Antwort: [Samba] ldap configuration oddity
Mathias.Wohlfarth at mw-eb.de
Mathias.Wohlfarth at mw-eb.de
Fri Dec 3 22:04:41 GMT 2004
1. try without ssl (tls)
2. the ldap structure must match the structure defined in smb.conf
I loaded the following ldif file into the ldap server (ldapadd) to build
the structure:
---------------------
dn: o=smb,dc=wohlfarth,dc=home
objectClass: organization
o: smb
dn: ou=groups,o=smb,dc=wohlfarth,dc=home
objectClass: organizationalUnit
ou: groups
dn: ou=users,o=smb,dc=wohlfarth,dc=home
objectClass: organizationalUnit
ou: users
dn: ou=machines,o=smb,dc=wohlfarth,dc=home
objectClass: organizationalUnit
ou: machines
dn: ou=idmaps,o=smb,dc=wohlfarth,dc=home
objectClass: organizationalUnit
ou: idmaps
-------------------------
The coresponding smb.conf definitions are:
-------------------------
ldap suffix = o=smb,dc=wohlfarth,dc=com
ldap group suffix = ou=groups
ldap machine suffix = ou=machines
ldap user suffix = ou=users
ldap idmap suffix = ou=idmaps
--------------------------
3. You can use smbpasswd -a -D 256 <user> to add a user. samba must not be
up and the debuging information is a good help.
4. I am using phpldapadmin (from sourceforge.net) to look into ldap - good
tool!
hope you get a step further
regards Mathias
Mathias Wohlfarth EDV-Beratung
Thomas-Mann-Str.1
53111 Bonn
Tel. 0172 / 53 45 591
01801 / 777 555 33 01
Fax 0228 / 9469181
Email mathias.wohlfarth at mw-eb.de
"Patrick W. Riehecky" <prieheck at iwu.edu>
Gesendet von: samba-bounces+mathias.wohlfarth=mw-eb.de at lists.samba.org
03.12.2004 18:14
An: samba at lists.samba.org
Kopie:
Thema: [Samba] ldap configuration oddity
Hey, I am totally confused/lost/confused getting this config working.
I am trying to get samba to authenticate against LDAP. After reading a
bunch of docs I generated the config at the end.
When I run testparm against it I get:
Load smb config files from /etc/samba/smb.conf
Unknown parameter encountered: "ldap server"
Ignoring unknown parameter "ldap server"
and then the rest of my config file INCLUDING
passdb backend = ldapsam:ldaps://accounts.iwu.edu
I would suspect that LDAP support is not compiled in for this binary,
except then testparm should complain a bit more about all my LDAP
config settings, not just the ldap server setting. Furthermore, I am
using Fedora's rpm, and I think that they would either offer a LDAP
enabled rpm or enable it themselves - I cannot locate a rpm that states
that it is LDAP enabled, so my guess is the former.
I am using Samba version 3.0.9-1.fc3 for Fedora Core 3.
Here is my config file.
your thoughts?
--------
[global]
server string = %h (Samba %v)
log file = /var/log/samba/log.%m
log level = 5
max log size = 100
dns proxy = No
socket options = IPTOS_LOWDELAY TCP_NODELAY
security = user
obey pam restrictions = Yes
encrypt passwords = Yes
default = homes
load printers = No
show add printer wizard = No
max disk size = 300
invalid users = root @wheel @root
wide links = No
hide unreadable = Yes
hide special files = Yes
veto files = /,/proc,/dev,/sys,/etc,/boot,/lib,/home
dont descend = /,/proc,/dev,/sys,/etc,/boot,/lib,/home
ldap server = accounts.iwu.edu
ldap admin dn = "cn=foo,ou=bar,dc=iwu,dc=edu"
ldap suffix = dc=iwu,dc=edu
ldap ssl = start tls
ldap delete dn = No
ldap filter = (&(uid=%u)(objectclass=sambaSamAccunt))
idmap backend = ldap:ldap://accounts.iwu.edu
ldap user suffix = ou=foo
ldap group suffix = ou=bar
passdb backend = ldapsam:ldaps://accounts.iwu.edu
ldap passwd sync = Yes
[homes]
comment = %S's Home Directory
valid users = %S
browseable = no
read only = no
----------------------
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list