[Samba] samba + ldap authentication
Peter Nyberg
Peter.Nyberg at dbb.su.se
Thu Jun 10 11:53:53 GMT 2004
Quoting Beast <beast at beantransactions.com>:
> Peter Nyberg wrote:
> > here's an output. I don't know if one can see anything wrong here. I don't
> have
> > the account administrator in the /etc/passwd. Only in ldap.
> >
> > root at s2:/usr/local/sbin# ./smbldap-usershow.pl administrator
> > dn: uid=Administrator,ou=Users,dc=dbb,dc=su,dc=se
> > cn: Administrator
> > sn: Administrator
> > objectClass: inetOrgPerson,sambaSamAccount,posixAccount
> > gidNumber: 512
> > uid: Administrator
> > uidNumber: 998
> > homeDirectory: /home/Users/
> > sambaPwdLastSet: 0
> > sambaLogonTime: 0
> > sambaLogoffTime: 2147483647
> > sambaKickoffTime: 2147483647
> > sambaPwdCanChange: 0
> > sambaPwdMustChange: 2147483647
> > sambaHomePath: \\s2\home\Users
> > sambaHomeDrive: H:
> > sambaProfilePath: \\s2\home\profiles\
> > sambaPrimaryGroupSID: S-1-5-21-1027936538-659792286-2162639956-512
> > sambaLMPassword: XXX
> > sambaNTPassword: XXX
>
> Oops, did not see your recent post,sorry.
>
> This both attributes should not contain XXX, this means your previous
> smbldappasswd command did not works. Try using "smbpasswd administrator"
> or direct modify to ldap entry.
>
>
> --
>
> --beast
>
I did the following:
root at s2:/usr/local/samba/bin# ./smbpasswd administrator
New SMB password:
Retype new SMB password:
root at s2:/usr/local/samba/bin#
And now:
root at s2:/usr/local/samba/bin# ./pdbedit administrator
Administrator:4294967295:Administrator
And:
root at s2:/usr/local/sbin# ./smbldap-usershow.pl administrator
dn: uid=Administrator,ou=Users,dc=dbb,dc=su,dc=se
cn: Administrator
sn: Administrator
objectClass: inetOrgPerson,sambaSamAccount,posixAccount
gidNumber: 512
uid: Administrator
uidNumber: 998
homeDirectory: /home/Users/
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdMustChange: 2147483647
sambaHomePath: \\s2\home\Users
sambaHomeDrive: H:
sambaProfilePath: \\s2\home\profiles\
sambaPrimaryGroupSID: S-1-5-21-1027936538-659792286-2162639956-512
sambaAcctFlags: [U ]
sambaSID: S-1-5-21-1027936538-659792286-2162639956-2996
loginShell: /bin/false
gecos: Netbios Domain Administrator
sambaLMPassword: 176D7D7C26BFB683AAD3B435B51404EE
sambaNTPassword: 2C925CDF69D46A468291C454DEF9CE18
sambaPwdCanChange: 1086864688
sambaPwdLastSet: 1086864688
userPassword: {SMD5}+Ne1vmD3C1zlF/fqRjedOWIngzM=
root at s2:/usr/local/sbin# cd ../samba/bin/
But still:
root at s2:/usr/local/samba/bin# ./net rpc group LIST global -U administrator
Password:
The username or password was not correct.
I have force TLS in my slapd.conf, but in my smb.conf I have
passdb backend = ldapsam:ldap://s2.dbb.su.se
Do you think it should be
passdb backend = ldapsam:ldaps://s2.dbb.su.se
I'm a newbie on both samba and ldap so I'm not sure how to change a password
dirrectly into ldap database. I did a:
root at s2:/usr/bin# ./ldappasswd administrator
ldap_bind: Confidentiality required (13)
additional info: TLS confidentiality required
root at s2:/usr/bin#
That why I think the ldaps thing. I'll try it now and restart samba.
No, still the same
root at s2:/usr/bin# ./ldappasswd administrator
ldap_bind: Confidentiality required (13)
additional info: TLS confidentiality required
I really have to thank you for your time!
More information about the samba
mailing list