[Samba] samba + ldap authentication

Muhammad Reza reza at mra.co.id
Fri Jun 11 07:12:19 GMT 2004 

Dear list
Maybe we have same problem with smbldap-tools-0.8.4-1
I didnt see password attribute in LDAP entry create by smbldap-tools, 
but all user i create can succesfully login to samba machine via ssh.

[root at lab samba]# smbldap-usershow administrator
dn: uid=Administrator,ou=Users,dc=mragroup,dc=net
cn: Administrator
sn: Administrator
objectClass: inetOrgPerson,sambaSAMAccount,posixAccount,shadowAccount
gidNumber: 512
uid: Administrator
uidNumber: 0
homeDirectory: /home/
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaHomeDrive: H:
sambaPrimaryGroupSID: S-1-5-21-3703471949-3718591838-2324585696-512
sambaSID: S-1-5-21-3703471949-3718591838-2324585696-2996
loginShell: /bin/false
gecos: Netbios Domain Administrator
sambaPwdCanChange: 1086934364
sambaAcctFlags: [U]
sambaPwdLastSet: 1086934585
sambaPwdMustChange: 1091686585

[root at lab samba]# smbldap-passwd administrator
Changing password for administrator
New password :
Retype new password :

[root at lab samba]#  ldapsearch -x -b 'dc=mragroup,dc=net' 
'(objectclass=*)' | more
--snip---
# Administrator, Users, mragroup.net
dn: uid=Administrator,ou=Users,dc=mragroup,dc=net
cn: Administrator
sn: Administrator
objectClass: inetOrgPerson
objectClass: sambaSAMAccount
objectClass: posixAccount
objectClass: shadowAccount
gidNumber: 512
uid: Administrator
uidNumber: 0
homeDirectory: /home/
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaHomeDrive: H:
sambaPrimaryGroupSID: S-1-5-21-3703471949-3718591838-2324585696-512
sambaSID: S-1-5-21-3703471949-3718591838-2324585696-2996
loginShell: /bin/false
gecos: Netbios Domain Administrator
sambaPwdCanChange: 1086934364
sambaAcctFlags: [U]
--snap---

with thos configuration i cat join my workstation to my samba server..
please help me...



>Quoting Beast <beast at beantransactions.com>:
>
>  
>
>>Peter Nyberg wrote:
>>    
>>
>>>here's an output. I don't know if one can see anything wrong here. I don't
>>>      
>>>
>>have
>>    
>>
>>>the account administrator in the /etc/passwd. Only in ldap.
>>>
>>>root at s2:/usr/local/sbin# ./smbldap-usershow.pl administrator
>>>dn: uid=Administrator,ou=Users,dc=dbb,dc=su,dc=se
>>>cn: Administrator
>>>sn: Administrator
>>>objectClass: inetOrgPerson,sambaSamAccount,posixAccount
>>>gidNumber: 512
>>>uid: Administrator
>>>uidNumber: 998
>>>homeDirectory: /home/Users/
>>>sambaPwdLastSet: 0
>>>sambaLogonTime: 0
>>>sambaLogoffTime: 2147483647
>>>sambaKickoffTime: 2147483647
>>>sambaPwdCanChange: 0
>>>sambaPwdMustChange: 2147483647
>>>sambaHomePath: \\s2\home\Users
>>>sambaHomeDrive: H:
>>>sambaProfilePath: \\s2\home\profiles\
>>>sambaPrimaryGroupSID: S-1-5-21-1027936538-659792286-2162639956-512
>>>sambaLMPassword: XXX
>>>sambaNTPassword: XXX
>>>      
>>>
>>Oops, did not see your recent post,sorry.
>>
>>This both attributes should not contain XXX, this means your previous 
>>smbldappasswd command did not works. Try using "smbpasswd administrator" 
>>   or direct modify to ldap entry.
>>
>>
>>-- 
>>
>>--beast
>>
>>    
>>
>I did the following:
>root at s2:/usr/local/samba/bin# ./smbpasswd administrator
>New SMB password:
>Retype new SMB password:
>root at s2:/usr/local/samba/bin#
>
>And now:
>root at s2:/usr/local/samba/bin# ./pdbedit administrator
>Administrator:4294967295:Administrator
>
>And:
>root at s2:/usr/local/sbin# ./smbldap-usershow.pl administrator
>dn: uid=Administrator,ou=Users,dc=dbb,dc=su,dc=se
>cn: Administrator
>sn: Administrator
>objectClass: inetOrgPerson,sambaSamAccount,posixAccount
>gidNumber: 512
>uid: Administrator
>uidNumber: 998
>homeDirectory: /home/Users/
>sambaLogonTime: 0
>sambaLogoffTime: 2147483647
>sambaKickoffTime: 2147483647
>sambaPwdMustChange: 2147483647
>sambaHomePath: \\s2\home\Users
>sambaHomeDrive: H:
>sambaProfilePath: \\s2\home\profiles\
>sambaPrimaryGroupSID: S-1-5-21-1027936538-659792286-2162639956-512
>sambaAcctFlags: [U          ]
>sambaSID: S-1-5-21-1027936538-659792286-2162639956-2996
>loginShell: /bin/false
>gecos: Netbios Domain Administrator
>sambaLMPassword: 176D7D7C26BFB683AAD3B435B51404EE
>sambaNTPassword: 2C925CDF69D46A468291C454DEF9CE18
>sambaPwdCanChange: 1086864688
>sambaPwdLastSet: 1086864688
>userPassword: {SMD5}+Ne1vmD3C1zlF/fqRjedOWIngzM=
>root at s2:/usr/local/sbin# cd ../samba/bin/
>
>But still:
>root at s2:/usr/local/samba/bin# ./net rpc group LIST global -U administrator
>Password:
>The username or password was not correct.
>
>I have force TLS in my slapd.conf, but in my smb.conf I have  
>passdb backend = ldapsam:ldap://s2.dbb.su.se
>Do you think it should be
>passdb backend = ldapsam:ldaps://s2.dbb.su.se
>
>I'm a newbie on both samba and ldap so I'm not sure how to change a password
>dirrectly into ldap database. I did a:
>root at s2:/usr/bin# ./ldappasswd administrator
>ldap_bind: Confidentiality required (13)
>        additional info: TLS confidentiality required
>root at s2:/usr/bin#
>
>That why I think the ldaps thing. I'll try it now and restart samba.
>
>No, still the same
>
>root at s2:/usr/bin# ./ldappasswd administrator
>ldap_bind: Confidentiality required (13)
>        additional info: TLS confidentiality required
>
>I really have to thank you for your time!
>
>  
>

More information about the samba mailing list