[Samba] Samba With LDAP
Bruno Lopes de Souza Benchimol
brunobenchimol at terra.com.br
Sun Feb 29 17:44:26 GMT 2004
Options:
./configure --with-ldap --with-ldapsam --with-tdbsam --with-syslog --with-qu
otas --with-acl-support --with-winbind
Confs
-snip
# user level security. See the HOWTO Collection for details.
security = user
# Passwd programs
passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u
passwd chat = *new*password* %n\n *new*password* %n\n *successfuly*
unix password sync = Yes
## configs ldap
ldap suffix = dc=deblab
ldap admin dn = cn=admin,dc=deblab
ldap filter = (uid=%u)(objectclass=sambaSamAccount)
# ldap port = 389
# ldap server = 127.0.0.1
ldap ssl = no
add user script = /usr/local/sbin/smbldap-useradd.pl -w %u
# domain admin group = @root
admin users = @root
# others
encrypt passwords = yes
- end
* testparm -v
deblab:/usr/local/samba# bin/testparm -v
Load smb config files from /usr/local/samba/lib/smb.conf
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[printers]"
Processing section "[shares]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
- creating user
deblab:/usr/local/sbin# perl smbldap-groupadd.pl -a -g 4000 smb3
deblab:/usr/local/sbin# perl smbldap-useradd.pl -a -m -g 4000 -c "Test smb3"
smb3
deblab:/usr/local/sbin# perl smbldap-passwd.pl smb3
Changing password for smb3
New password :
Retype new password :
--- ldapsearch (so it created good)
deblab:/usr/local/samba# ldapsearch -x uid=smb3
version: 2
#
# filter: uid=smb3
# requesting: ALL
#
# smb3, People, deblab
dn: uid=smb3,ou=People,dc=deblab
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
cn: Test smb3
sn: smb3
uid: smb3
uidNumber: 1005
gidNumber: 4000
homeDirectory: /shares/smbhomes//smb3
loginShell: /bin/false
gecos: Test smb3
description: Test smb3
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: Test smb3
sambaSID: S-1-5-21-3516781642-1962875130-3438800523-3010
sambaPrimaryGroupSID: S-1-5-21-3516781642-1962875130-3438800523-9001
sambaHomeDrive: U:
sambaLogonScript: smb3.cmd
sambaHomePath: \\SMB\homes
sambaPwdMustChange: 1081963839
sambaLMPassword: AEBD4DE384C7EC43AAD3B435B51404EE
sambaPwdLastSet: 1078075839
sambaAcctFlags: [U]
sambaNTPassword: 7A21990FCD3D759941E45C490F143D5F
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
deblab:/usr/local/samba#
-- anonynous login
deblab:/usr/local/samba# bin/smbclient -L localhost
Password:
Anonymous login successful
Domain=[DEBLAB] OS=[Unix] Server=[Samba 3.0.2a]
Sharename Type Comment
--------- ---- -------
netlogon Disk Network Logon Service
....
ldap log
Feb 29 14:32:07 deblab slapd[209]: daemon: conn=29 fd=20 connection from
IP=127.0.0.1:1056 (IP=0.0.0.0:34049) accepted.
Feb 29 14:32:07 deblab slapd[311]: conn=29 op=0 BIND dn="" method=128
Feb 29 14:32:07 deblab slapd[311]: conn=29 op=0 RESULT tag=97 err=0 text=
Feb 29 14:32:07 deblab slapd[309]: conn=29 op=1 SRCH base="dc=deblab"
scope=2 filter="(uid=nobody)"
Feb 29 14:32:07 deblab slapd[309]: conn=29 op=1 SEARCH RESULT tag=101 err=0
text=
Feb 29 14:32:07 deblab slapd[310]: conn=29 op=2 SRCH base="dc=deblab"
scope=2
filter="(&(objectClass=posixGroup)(|(memberUid=nobody)(uniqueMember=uid=nobo
dy,ou=People,dc=deblab)))"
Feb 29 14:32:07 deblab slapd[310]: conn=29 op=2 SEARCH RESULT tag=101 err=0
text=
Feb 29 14:32:07 deblab slapd[209]: conn=-1 fd=20 closed
tahts good.
deblab:/usr/local/samba# bin/smbclient -U smb3 -L localhost
Password:
session setup failed: NT_STATUS_LOGON_FAILURE
then i got nothing on my ldap stuff.
now i put encrypt password = no , and now i get some stuff
Feb 29 14:37:33 deblab slapd[209]: daemon: conn=43 fd=23 connection from
IP=127.0.0.1:1077 (IP=0.0.0.0:34049) accepted.
Feb 29 14:37:33 deblab slapd[310]: conn=43 op=0 BIND dn="" method=128
Feb 29 14:37:33 deblab slapd[310]: conn=43 op=0 RESULT tag=97 err=0 text=
Feb 29 14:37:33 deblab slapd[309]: conn=43 op=1 SRCH base="dc=deblab"
scope=2 filter="(&(objectClass=shadowAccount)(uid=smb3))"
Feb 29 14:37:33 deblab slapd[309]: conn=43 op=1 SEARCH RESULT tag=101 err=0
text=
Feb 29 14:37:33 deblab slapd[209]: conn=-1 fd=23 closed
-- heres objectclass from smb3
objectClass
now i will add the shadowaccount in objectclass, and it still gives me the
same error:
but also i got the users logging onto linux, see the msg when one of them
try to log
Feb 29 14:42:39 deblab slapd[209]: daemon: conn=61 fd=23 connection from
IP=127.0.0.1:1098 (IP=0.0.0.0:34049) accepted.
Feb 29 14:42:39 deblab slapd[310]: conn=61 op=0 BIND dn="CN=ADMIN,DC=DEBLAB"
method=128
Feb 29 14:42:39 deblab slapd[310]: conn=61 op=0 RESULT tag=97 err=0 text=
Feb 29 14:42:39 deblab slapd[309]: conn=61 op=1 SRCH base="dc=deblab"
scope=2 filter="(uid=smb3)"
Feb 29 14:42:39 deblab slapd[309]: conn=61 op=1 SEARCH RESULT tag=101 err=0
text=
Feb 29 14:42:39 deblab slapd[311]: conn=61 op=2 BIND
dn="UID=SMB3,OU=PEOPLE,DC=DEBLAB" method=128
Feb 29 14:42:39 deblab slapd[311]: conn=61 op=2 RESULT tag=97 err=0 text=
Feb 29 14:42:39 deblab slapd[310]: conn=61 op=3 BIND dn="CN=ADMIN,DC=DEBLAB"
method=128
Feb 29 14:42:39 deblab slapd[310]: conn=61 op=3 RESULT tag=97 err=0 text=
Feb 29 14:42:39 deblab slapd[209]: daemon: conn=62 fd=24 connection from
IP=127.0.0.1:1099 (IP=0.0.0.0:34049) accepted.
Feb 29 14:42:39 deblab slapd[309]: conn=62 op=0 BIND dn="" method=128
Feb 29 14:42:39 deblab slapd[309]: conn=62 op=0 RESULT tag=97 err=0 text=
Feb 29 14:42:39 deblab slapd[311]: conn=62 op=1 SRCH base="dc=deblab"
scope=2 filter="(uid=smb3)"
Feb 29 14:42:39 deblab slapd[311]: conn=62 op=1 SEARCH RESULT tag=101 err=0
text=
Feb 29 14:42:39 deblab slapd[310]: conn=62 op=2 SRCH base="dc=deblab"
scope=2
filter="(&(objectClass=posixGroup)(|(memberUid=smb3)(uniqueMember=uid=smb3,o
u=People,dc=deblab)))"
Feb 29 14:42:39 deblab slapd[310]: conn=62 op=2 SEARCH RESULT tag=101 err=0
text=
Feb 29 14:42:39 deblab slapd[209]: conn=-1 fd=24 closed
Feb 29 14:42:39 deblab slapd[209]: conn=-1 fd=23 closed
it works.
i have no clue why i cannot log on samba. im really starting to get
cluelessy and pissed.
thanks
----- Original Message -----
From: "Vorsin Denis" <Vorsin at nordcomp.ru>
To: <samba at lists.samba.org>
Sent: Saturday, February 28, 2004 9:49 AM
Subject: [Samba] Samba With LDAP
> Please, let us look on
> #testparm -v
>
> AND what compile options U used with samba?
>
> Denis
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
> Esta mensagem foi verificada pelo E-mail Protegido Terra.
> Scan engine: VirusScan / Atualizado em 27/02/2004 / Versão: 1.4.1
> Proteja o seu e-mail Terra: http://www.emailprotegido.terra.com.br/
>
More information about the samba
mailing list