[Samba] Authentication problem when using LDAP
David Collier-Brown
David.Collier-Brown at Sun.COM
Fri Feb 27 17:20:45 GMT 2004
A colleague has seen a problem (with Samba 3.0), in using
LDAP.
A very simple version of the problem is as follows, where
he tries to authenticate a user "grw"
> > I am almost there... I get the following when I do a simple test to
> > find the user 'grw' by attempting to change the password (even
> > though I do not want Samba to change the pw, this just is a test)
> >
> > # smbpasswd -D 10 grw
> > Netbios name list:-
> > my_netbios_names[0]="REYMASTER"
> > New SMB password:
> >
> > Retype new SMB password:
> >
> > Trying to load: ldapsam_compat
> > Attempting to register passdb backend ldapsam
> > Successfully added passdb backend 'ldapsam'
> > Attempting to register passdb backend ldapsam_compat
> > Successfully added passdb backend 'ldapsam_compat'
> > Attempting to register passdb backend smbpasswd
> > Successfully added passdb backend 'smbpasswd'
> > Attempting to register passdb backend tdbsam
> > Successfully added passdb backend 'tdbsam'
> > Attempting to register passdb backend guest
> > Successfully added passdb backend 'guest'
> > Attempting to find an passdb backend to match ldapsam_compat
> > (ldapsam_compat)
> > Found pdb backend ldapsam_compat
> > pdb backend ldapsam_compat has a valid init
> > Attempting to find an passdb backend to match guest (guest)
> > Found pdb backend guest
> > pdb backend guest has a valid init
> > smbldap_search: base => [ou=people,dc=ncs,dc=att,dc=com], filter =>
> > [(&(&(uid=grw)(objectclass=posixAccount))(objectclass=sambaAccount))],
> > scope => [2]
> > smbldap_open_connection: <ldap://reymaster:389> ldap://reymaster:389
> > smbldap_open_connection: connection opened
> > ldap_connect_system: Binding to ldap server <ldap://reymaster:389>
> > ldap://reymaster:389
> > as "cn=proxyagent,ou=profile,dc=ncs,dc=att,dc=com"
> > ldap_connect_system: succesful connection to the LDAP server
> > The LDAP server is succesful connected
> > ldapsam_getsampwnam: Unable to locate user [grw] count=0
> > Failed to find entry for user grw.
> > Failed to modify password entry for user grw
It looks amost as if the user isn't there... see
just below the conf file..
> > my smb.conf file looks like this [global section]:
> >
> > [global]
> > printing = sysv
> > printcap name = /etc/printcap
> > load printers = yes
> > ; basic server settigns
> > workgroup = UnixServers
> > netbios name = reymaster
> > server string = Samba File Server
> > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
> > SO_RCVBUF=8
> > 192
> >
> > ; security and login
> > security = user
> > encrypt passwords = Yes
> > log file = /var/log/samba/samba.log.%m
> > log level = 5
> > max log size = 500
> > hosts allow = 127.0.0.1 135.191.28.0/255.255.255.192
> >
> > ; LDAP configuration
> > ldap admin dn =
> > "cn=proxyagent,ou=profile,dc=ncs,dc=att,dc=com"
> > ldap suffix = "ou=people,dc=ncs,dc=att,dc=com"
> > ldap filter = "(&(uid=%u)(objectclass=posixAccount))"
> > ; ldap user suffix = ou=Users
> > ; ldap group suffix = ou=Groups
> > ldap server = reymaster
> > ldap ssl = off
> > ldap port = 389
> >
> >
> > In the Samba documentation that I have read, it refers to an {
> > objectClass=sambaAccount }
> > Do I need to add this in my LDAP server?
What's the content of objectClass=sambaAccount, or more
correctly, where do we read about it?
--dave
--
David Collier-Brown, | Always do right. This will gratify
Sun Microsystems, | some people and astonish the rest.
Toronto, Ontario, | -- Mark Twain
(905) 415-2849 or x52849 | davecb at canada.sun.com
More information about the samba
mailing list