[Samba] LDAP backend for a stand-alone server

Matt Ingram mingram at cbnco.com
Tue Feb 22 15:02:16 GMT 2005 

I'm sure I'm missing something in the configuration or am misconfiguring 
the ldif.  Regular linux accounts authenticate fine looking at the ldap 
but not samba accounts.  When I try to map a drive, it just returns 
"Incorrect password or unkown username".  I have ldap running on a 
seperate server from the samba server.

I get nothing in the messages logs on the samba server, and ldap logs 
have no errors, but often show the uid and group being nobody.

I'm running SuSE 9.1 on both servers.  Samba server is running: 
samba-3.0.2a-51 and the ldap server is running openldap2-2.2.6-37.22.

I'm attaching an ldif of a user, the samba server, the ldap log and a 
section of the samba server smb.conf.

Thanks in advance for any help.

Matt.

samba server ldif:
================
dn: sambaDomainName=sambaserver,ou=samba-test,dc=xxxx,dc=zzz
sambaDomainName: sambaserver
sambaSID: S-1-0-0
objectClass: sambaDomain
objectClass: top


user ldif
=================
dn: uid=bpitt,ou=Users,ou=samba-test,dc=xxxx,dc=zzz
cn: Brad
displayName: Brad Pitt
gecos: Brad Pitt
homeDirectory: /home/bpitt
loginShell: /bin/bash
sambaPrimaryGroupSID: S-1-5-32-547
sambaSID: S-1-0-0-21004
shadowLastChange: 11778
uid: bpitt
uidNumber: 10002
userPassword: {crypt}NwPCGOg9Bec.Q
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
sambaAcctFlags: [DU         ]
sambaLMPassword: FDA95FBECA288D44AAD3B435B51404EE
sambaNTPassword: FBF9032214C67D388E0A0858D649380A
sambaHomeDrive: \\sambaserver\bpitt
gidNumber: 6000


smb.conf
=========
[global]
        workgroup = workgroup
        netbios name = sambserver
        interfaces = 127.0.0.1 eth0
        bind interfaces only = true
        printing = cups
        printcap name = cups
        printer admin = @ntadmin, root, administrator
        map to guest = Bad User
        username map = /etc/samba/smbusers
        passdb backend = ldapsam:ldap://ldapserver
        ldap passwd sync = Yes
        ldap suffix = dc=xxxx,dc=zzz
        ldap user suffix = ou=Users,ou=samba-test
        ldap group suffix = ou=samba-groups,ou=samba-test
        ldap admin dn = cn=Manager,dc=xxxx,dc=zzz

# I've tried this commented out with the same results.
        ldap filter = "(&(uid=%u)(objectclass=sambaSamAccount))"


/var/log/messages from an attempted drive map
================================

Feb 22 09:37:04 gofannon slapd[10121]: conn=2481 op=8 SRCH 
base="dc=xxxx,dc=zzz" scope=2 deref=0 
filter="(&(sambaSID=s-1-0-0-501)(objectClass=sambaSamAccount))"
Feb 22 09:37:04 gofannon slapd[10121]: conn=2481 op=8 SRCH attr=uid 
uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange 
sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn 
displayName sambaHomeDrive sambaHomePath sambaLogonScript 
sambaProfilePath description sambaUserWorkstations sambaSID 
sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName 
objectClass sambaAcctFlags sambaMungedDial
 sambaBadPasswordCount sambaBadPasswordTime modifyTimestamp
Feb 22 09:37:04 ldapserver slapd[10121]: conn=2481 op=8 SEARCH RESULT 
tag=101 err=0 nentries=0 text=
Feb 22 09:37:04 ldapserver slapd[10121]: conn=2482 op=5 SRCH 
base="dc=xxxx,dc=zzz" scope=2 deref=0 
filter="(&(objectClass=posixAccount)(uid=nobody))"
Feb 22 09:37:04 ldapserver slapd[10121]: conn=2482 op=5 SRCH attr=uid 
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos 
description objectClass
Feb 22 09:37:04 ldapserver slapd[10121]: conn=2482 op=5 SEARCH RESULT 
tag=101 err=0 nentries=0 text=
Feb 22 09:37:04 ldapserver slapd[10121]: conn=2482 op=6 SRCH 
base="dc=xxxx,dc=zzz" scope=2 deref=0 
filter="(&(objectClass=posixGroup)(memberUid=nobody))"
Feb 22 09:37:04 ldapserver slapd[10121]: conn=2482 op=6 SRCH attr=cn 
userPassword memberUid uniqueMember gidNumber
Feb 22 09:37:04 ldapserver slapd[10121]: conn=2482 op=6 SEARCH RESULT 
tag=101 err=0 nentries=0 text=
Feb 22 09:37:04 ldapserver slapd[10121]: conn=2481 op=9 SRCH 
base="dc=xxxx,dc=zzz" scope=2 deref=0 
filter="(&(&(uid=bpitt)(objectClass=sambaSamAccount))(objectClass=sambaSamAccount))"
Feb 22 09:37:04 ldapserver slapd[10121]: conn=2481 op=9 SRCH attr=uid 
uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange 
sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn 
displayName sambaHomeDrive sambaHomePath sambaLogonScript 
sambaProfilePath description sambaUserWorkstations sambaSID 
sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName 
objectClass sambaAcctFlags sambaMungedDial
 sambaBadPasswordCount sambaBadPasswordTime modifyTimestamp
Feb 22 09:37:04 ldapserver slapd[10121]: conn=2481 op=9 SEARCH RESULT 
tag=101 err=0 nentries=1 text=




-- 
Matt Ingram
Intermediate Unix Administrator, IS
Canadian Bank Note Company, Limited

More information about the samba mailing list