Antwort: [Samba] ldap configuration oddity

Mathias.Wohlfarth at Mathias.Wohlfarth at
Fri Dec 3 22:04:41 GMT 2004

1. try without ssl (tls)

2. the ldap structure must match the structure defined in smb.conf
I loaded the following ldif file into the ldap server (ldapadd) to build 
the structure:
dn: o=smb,dc=wohlfarth,dc=home
objectClass: organization
o: smb

dn: ou=groups,o=smb,dc=wohlfarth,dc=home
objectClass: organizationalUnit
ou: groups

dn: ou=users,o=smb,dc=wohlfarth,dc=home
objectClass: organizationalUnit
ou: users

dn: ou=machines,o=smb,dc=wohlfarth,dc=home
objectClass: organizationalUnit
ou: machines

dn: ou=idmaps,o=smb,dc=wohlfarth,dc=home
objectClass: organizationalUnit
ou: idmaps
The coresponding smb.conf definitions are:
ldap suffix = o=smb,dc=wohlfarth,dc=com
        ldap group suffix = ou=groups
        ldap machine suffix = ou=machines
        ldap user suffix = ou=users
        ldap idmap suffix = ou=idmaps
3. You can use smbpasswd -a -D 256 <user> to add a user. samba must not be 
up and the debuging information is a good help.
4. I am using phpldapadmin (from to look into ldap - good 

hope you get a step further
regards Mathias
Mathias Wohlfarth EDV-Beratung
53111 Bonn
Tel.    0172 / 53 45 591
        01801 / 777 555 33 01
Fax     0228 / 9469181
Email   mathias.wohlfarth at

"Patrick W. Riehecky" <prieheck at>
Gesendet von: at
03.12.2004 18:14
        An:     samba at
        Thema:  [Samba] ldap configuration oddity

Hey, I am totally confused/lost/confused getting this config working.

I am trying to get samba to authenticate against LDAP.  After reading a 
bunch of docs I generated the config at the end.

When I run testparm against it I get:
Load smb config files from /etc/samba/smb.conf
Unknown parameter encountered: "ldap server"
Ignoring unknown parameter "ldap server"
   and then the rest of my config file INCLUDING 
passdb backend = ldapsam:ldaps://

I would suspect that LDAP support is not compiled in for this binary, 
except then testparm should complain a bit more about all my LDAP 
config settings, not just the ldap server setting.  Furthermore, I am 
using Fedora's rpm, and I think that they would either offer a LDAP 
enabled rpm or enable it themselves - I cannot locate a rpm that states 
that it is LDAP enabled, so my guess is the former.

I am using Samba version 3.0.9-1.fc3 for Fedora Core 3.
Here is my config file.
your thoughts?

        server string = %h (Samba %v)

        log file = /var/log/samba/log.%m
        log level = 5
        max log size = 100

        dns proxy = No
        socket options = IPTOS_LOWDELAY TCP_NODELAY

        security = user
        obey pam restrictions = Yes
        encrypt passwords = Yes

        default = homes
        load printers = No
        show add printer wizard = No

        max disk size = 300

        invalid users = root @wheel @root
        wide links = No

        hide unreadable = Yes
        hide special files = Yes
        veto files = /,/proc,/dev,/sys,/etc,/boot,/lib,/home
        dont descend = /,/proc,/dev,/sys,/etc,/boot,/lib,/home

        ldap server =
        ldap admin dn = "cn=foo,ou=bar,dc=iwu,dc=edu"
        ldap suffix = dc=iwu,dc=edu
        ldap ssl = start tls
        ldap delete dn = No

        ldap filter = (&(uid=%u)(objectclass=sambaSamAccunt))
        idmap backend = ldap:ldap://
        ldap user suffix = ou=foo
        ldap group suffix = ou=bar

        passdb backend = ldapsam:ldaps://
        ldap passwd sync = Yes

        comment = %S's Home Directory
        valid users = %S
        browseable = no
        read only = no

To unsubscribe from this list go to the following URL and read the

More information about the samba mailing list