[Samba] samba with ldap and digest-md5

Ben Booble oneoutof100 at hotmail.com
Mon Oct 18 06:40:28 GMT 2004

Hi all,

I am running samba-server-3.0.6-4.1.100mdk,  openldap-servers-2.1.25-6mdk, 
lib64sasl2-plug-digestmd5-2.1.15-10.1.100mdk.  I have searched through the 
lists and I am wondering if I am the only one doing this kind of set-up..

Anyway question is as follows:  In my ldap server I have normal posix 
accounts with plain text password that are sorted out by a sasl-regex in the 
slapd.conf and that works well.  With smb, how does it handle passwords 
between it and ldap and does anyone know of any special configuration 
settings should be in place to get it to work?  I have read the IDEALX doco 
and several contradictory ones so god knows which is right.  At the moment 
the smb server sees the request from a client (adding a pc to the domain), 
goes off to authenticate but comes back with invalid credentials for the 
"administrator" user.   I am almost sure it is because of the way samba send 
the password but I don't really know.

I know more about ldap than I do about samba so I am hoping to get some 
extra insight to how smb works.   Will samba work with sasl digest-md5 at 

Here are relevant details from smb.conf:
   security = user
   encrypt passwords = yes
   smb passwd file = /etc/samba/smbpasswd
   unix password sync = Yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
   pam password change = yes
  encrypt passwords = yes
  smb passwd file = /etc/samba/smbpasswd
  obey pam restrictions = yes
  domain master = yes
  local master = yes
  domain logons = yes
add user script = /usr/share/samba/scripts/smbldap-useradd.pl '%u'
delete user script = /usr/share/samba/scripts/smbldap-userdel.pl '%u'
add user to group script = /usr/share/samba/scripts/smbldap-groupmod.pl -m 
'%u' '%g'
delete user from group script = /usr/share/samba/scripts/smbldap-groupmod.pl 
-x '%u' '%g'
set primary group script = /usr/share/samba/scripts/smbldap-usermod.pl -g 
'%g' '%u'
add group script = /usr/share/samba/scripts/smbldap-groupadd.pl '%g' && 
/usr/share/samba/scripts/smbldap-groupshow.pl %g|awk '/^gidNumber:/ {print 
delete group script = /usr/share/samba/scripts/smbldap-userdel.pl '%g'

passdb backend = ldapsam:ldaps://newser1.cpc.net.au smbpasswd guest
ldap admin dn = uid=administrator,ou=System,ou=People,dc=cpc
ldap port = 389
ldap suffix = dc=cpc
ldap machine suffix = ou=Hosts,ou=System
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap machine suffix = ou=Hosts,ou=System
ldap user suffix = ou=Utiba,ou=People
ldap group suffix = ou=grpUtiba,ou=Group

smb.log :
  ldap_connect_system: Binding to ldap server ldaps://newser1.cpc.net.au as 
[2004/10/19 01:54:31, 2] lib/smbldap.c:smbldap_connect_system(796)
  failed to bind to server with dn= 
uid=administrator,ou=System,ou=People,dc=cpc Error: Invalid credentials



Don't just search. Find. Check out the new MSN Search! 

More information about the samba mailing list