[Samba] samba 2.2.3a / openLDAP connection problem

Martin Wood martin at ideaworks3d.com
Tue Mar 16 12:38:32 GMT 2004 


Markus Amersdorfer wrote:
> On Mon, 15 Mar 2004 16:47:14 +0000
> Martin Wood <martin at ideaworks3d.com> wrote:
> 
> Hi,
> 
> 
>>ok, thanks for the replies so far...I dont seem to be having much luck
>>the samba and ldap servers are on the same machine..
>>[...]
>>ldapsearch -x '(cn=Manager)'
>>gives :
>>[nothing-found]
> 
> 
> Can you add entries to and search the directory without any Samba
> software involved?
> What does "ldapsearch -x" return?
> Also, try some more verbose ldapsearch-commands. Debian e.g. needs
> /etc/ldap/ldap.conf to hold BASE and URI information in order for
> "ldapsearch -x '(pattern)'" to succeed (AFAICT), otherwise your have to
> set these options explicitly...

right, i edited ldap.conf and now my ldapsearch queries are returning 
responses.

e.g.

ldapsearch -b "ou=People,dc=ideaworks3d,dc=com" -LLL -D 
"cn=manager,dc=ideaworks3d,dc=com" -W -x "(uid=marvldap)"

gives me the correct output (the LDIF format entry for marvldap)


but still no luck with smbpasswd -a smbuser


i've checked my smb.conf :

#############

     ldap admin dn = cn=manager,dc=ideaworks3d,dc=com
     ldap server = localhost
     ldap suffix = ou=People,dc=ideaworks3d,dc=com

     # Don't include "root" here, as joining clients need the "root" user...
     invalid users = bin daemon adm sync shutdown halt mail news uucp 
operator gopher

     hosts allow = 10.xxx.xxx.xxx/255.xxx.xxx.xxx localhost

############

my slapd.conf has these access controls :

############

access to attribute=userPassword,lmPassword,ntPassword
         by dn="cn=manager,dc=ideaworks3d,dc=com" write
         by anonymous auth
         by * none
 

access to *
         by dn="cn=manager,dc=ideaworks3d,dc=com" write
         by dn="cn=nss,dc=ideaworks3d,dc=com" read
         by * auth

#############

from what i can make out from the slapd output, the query for an 
existing posix account is being made, but nothing happens after that.

from reading

http://mawi.org/sambaldap/Samba_and_LDAP_on_Debian.html#usermanadd

he first creates the *nix account, then adds user info to ldap from and 
ldif file and then runs smbpasswd

I thought the idea was the smbpasswd would add the ldap info automatically?

and anyway, even adding the user.ldif file via ldapadd (which succeeds) 
doesnt change the behaviour of smbpasswd -a user

any other details i should be scrutinising for possible errors ?

thanks again for your help, its really appreciated.

martin

More information about the samba mailing list