[Samba] LDAP backend for a stand-alone server
Matt Ingram
mingram at cbnco.com
Tue Feb 22 15:02:16 GMT 2005
I'm sure I'm missing something in the configuration or am misconfiguring
the ldif. Regular linux accounts authenticate fine looking at the ldap
but not samba accounts. When I try to map a drive, it just returns
"Incorrect password or unkown username". I have ldap running on a
seperate server from the samba server.
I get nothing in the messages logs on the samba server, and ldap logs
have no errors, but often show the uid and group being nobody.
I'm running SuSE 9.1 on both servers. Samba server is running:
samba-3.0.2a-51 and the ldap server is running openldap2-2.2.6-37.22.
I'm attaching an ldif of a user, the samba server, the ldap log and a
section of the samba server smb.conf.
Thanks in advance for any help.
Matt.
samba server ldif:
================
dn: sambaDomainName=sambaserver,ou=samba-test,dc=xxxx,dc=zzz
sambaDomainName: sambaserver
sambaSID: S-1-0-0
objectClass: sambaDomain
objectClass: top
user ldif
=================
dn: uid=bpitt,ou=Users,ou=samba-test,dc=xxxx,dc=zzz
cn: Brad
displayName: Brad Pitt
gecos: Brad Pitt
homeDirectory: /home/bpitt
loginShell: /bin/bash
sambaPrimaryGroupSID: S-1-5-32-547
sambaSID: S-1-0-0-21004
shadowLastChange: 11778
uid: bpitt
uidNumber: 10002
userPassword: {crypt}NwPCGOg9Bec.Q
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
sambaAcctFlags: [DU ]
sambaLMPassword: FDA95FBECA288D44AAD3B435B51404EE
sambaNTPassword: FBF9032214C67D388E0A0858D649380A
sambaHomeDrive: \\sambaserver\bpitt
gidNumber: 6000
smb.conf
=========
[global]
workgroup = workgroup
netbios name = sambserver
interfaces = 127.0.0.1 eth0
bind interfaces only = true
printing = cups
printcap name = cups
printer admin = @ntadmin, root, administrator
map to guest = Bad User
username map = /etc/samba/smbusers
passdb backend = ldapsam:ldap://ldapserver
ldap passwd sync = Yes
ldap suffix = dc=xxxx,dc=zzz
ldap user suffix = ou=Users,ou=samba-test
ldap group suffix = ou=samba-groups,ou=samba-test
ldap admin dn = cn=Manager,dc=xxxx,dc=zzz
# I've tried this commented out with the same results.
ldap filter = "(&(uid=%u)(objectclass=sambaSamAccount))"
/var/log/messages from an attempted drive map
================================
Feb 22 09:37:04 gofannon slapd[10121]: conn=2481 op=8 SRCH
base="dc=xxxx,dc=zzz" scope=2 deref=0
filter="(&(sambaSID=s-1-0-0-501)(objectClass=sambaSamAccount))"
Feb 22 09:37:04 gofannon slapd[10121]: conn=2481 op=8 SRCH attr=uid
uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange
sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn
displayName sambaHomeDrive sambaHomePath sambaLogonScript
sambaProfilePath description sambaUserWorkstations sambaSID
sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName
objectClass sambaAcctFlags sambaMungedDial
sambaBadPasswordCount sambaBadPasswordTime modifyTimestamp
Feb 22 09:37:04 ldapserver slapd[10121]: conn=2481 op=8 SEARCH RESULT
tag=101 err=0 nentries=0 text=
Feb 22 09:37:04 ldapserver slapd[10121]: conn=2482 op=5 SRCH
base="dc=xxxx,dc=zzz" scope=2 deref=0
filter="(&(objectClass=posixAccount)(uid=nobody))"
Feb 22 09:37:04 ldapserver slapd[10121]: conn=2482 op=5 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass
Feb 22 09:37:04 ldapserver slapd[10121]: conn=2482 op=5 SEARCH RESULT
tag=101 err=0 nentries=0 text=
Feb 22 09:37:04 ldapserver slapd[10121]: conn=2482 op=6 SRCH
base="dc=xxxx,dc=zzz" scope=2 deref=0
filter="(&(objectClass=posixGroup)(memberUid=nobody))"
Feb 22 09:37:04 ldapserver slapd[10121]: conn=2482 op=6 SRCH attr=cn
userPassword memberUid uniqueMember gidNumber
Feb 22 09:37:04 ldapserver slapd[10121]: conn=2482 op=6 SEARCH RESULT
tag=101 err=0 nentries=0 text=
Feb 22 09:37:04 ldapserver slapd[10121]: conn=2481 op=9 SRCH
base="dc=xxxx,dc=zzz" scope=2 deref=0
filter="(&(&(uid=bpitt)(objectClass=sambaSamAccount))(objectClass=sambaSamAccount))"
Feb 22 09:37:04 ldapserver slapd[10121]: conn=2481 op=9 SRCH attr=uid
uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange
sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn
displayName sambaHomeDrive sambaHomePath sambaLogonScript
sambaProfilePath description sambaUserWorkstations sambaSID
sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName
objectClass sambaAcctFlags sambaMungedDial
sambaBadPasswordCount sambaBadPasswordTime modifyTimestamp
Feb 22 09:37:04 ldapserver slapd[10121]: conn=2481 op=9 SEARCH RESULT
tag=101 err=0 nentries=1 text=
--
Matt Ingram
Intermediate Unix Administrator, IS
Canadian Bank Note Company, Limited
More information about the samba
mailing list