[Samba] samba with ldap and digest-md5
Ben Booble
oneoutof100 at hotmail.com
Mon Oct 18 06:40:28 GMT 2004
Hi all,
I am running samba-server-3.0.6-4.1.100mdk, openldap-servers-2.1.25-6mdk,
lib64sasl2-plug-digestmd5-2.1.15-10.1.100mdk. I have searched through the
lists and I am wondering if I am the only one doing this kind of set-up..
Anyway question is as follows: In my ldap server I have normal posix
accounts with plain text password that are sorted out by a sasl-regex in the
slapd.conf and that works well. With smb, how does it handle passwords
between it and ldap and does anyone know of any special configuration
settings should be in place to get it to work? I have read the IDEALX doco
and several contradictory ones so god knows which is right. At the moment
the smb server sees the request from a client (adding a pc to the domain),
goes off to authenticate but comes back with invalid credentials for the
"administrator" user. I am almost sure it is because of the way samba send
the password but I don't really know.
I know more about ldap than I do about samba so I am hoping to get some
extra insight to how smb works. Will samba work with sasl digest-md5 at
all?
Here are relevant details from smb.conf:
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
pam password change = yes
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
obey pam restrictions = yes
domain master = yes
local master = yes
domain logons = yes
add user script = /usr/share/samba/scripts/smbldap-useradd.pl '%u'
delete user script = /usr/share/samba/scripts/smbldap-userdel.pl '%u'
add user to group script = /usr/share/samba/scripts/smbldap-groupmod.pl -m
'%u' '%g'
delete user from group script = /usr/share/samba/scripts/smbldap-groupmod.pl
-x '%u' '%g'
set primary group script = /usr/share/samba/scripts/smbldap-usermod.pl -g
'%g' '%u'
add group script = /usr/share/samba/scripts/smbldap-groupadd.pl '%g' &&
/usr/share/samba/scripts/smbldap-groupshow.pl %g|awk '/^gidNumber:/ {print
$2}'
delete group script = /usr/share/samba/scripts/smbldap-userdel.pl '%g'
passdb backend = ldapsam:ldaps://newser1.cpc.net.au smbpasswd guest
ldap admin dn = uid=administrator,ou=System,ou=People,dc=cpc
ldap port = 389
ldap suffix = dc=cpc
ldap machine suffix = ou=Hosts,ou=System
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap machine suffix = ou=Hosts,ou=System
ldap user suffix = ou=Utiba,ou=People
ldap group suffix = ou=grpUtiba,ou=Group
smb.log :
ldap_connect_system: Binding to ldap server ldaps://newser1.cpc.net.au as
"uid=administrator,ou=System,ou=People,dc=cpc"
[2004/10/19 01:54:31, 2] lib/smbldap.c:smbldap_connect_system(796)
failed to bind to server with dn=
uid=administrator,ou=System,ou=People,dc=cpc Error: Invalid credentials
Regards,
Ben
_________________________________________________________________
Don't just search. Find. Check out the new MSN Search!
http://search.msn.com/
More information about the samba
mailing list