[Samba] Getting samba ldap to work?

Roberto Morelli r.morelli at usl11.toscana.it
Wed Jan 19 16:10:07 GMT 2005


----- Messaggio Originale -----
OGGETTO: [Samba] Getting samba ldap to work?
DA:  Tim Tyler 
A: 
DATA: 19-01-2005 16:46

Hi Tim,

   Samba experts,
    I am having problems getting samba 3.0.8 working with ldap 
authentication on an aix 5.1 system.   I have successfully gotten
ldap to 
work with telnet, ftp, ssh, finger, etc.   But, I seem to be really
stuck 
on getting samba to work for some reason.   I am running my ldap
server on 
another host (Debian).  I did enter in a samba schema into the
slapd.conf 
file.   I have both opendlap and nss_ldap installed on the aix
server, 
though I am not sure if samba even tries to use them or not.
  Questions:
1. Does samba use openldap or nss_ldap?

I think that Samba needs an ldap client to connect to server ldap, if
your ldap server (on Debian host) is OpenLDAP you need to install and
use
succesfully OpenLDAP client on Samba Server (nss_ldap is not
necessary in this phase).
 
2. Should I consider using pam support?  If so, do I need to
recompile 
samba for pam support?

I think that pam support is not necessary in this contest and for
your specific problem.

3. I notice that some people configure their smb.conf file to use
ldap 
server or passdb backend =.  Which should I be using?
#      passdb backend = ldapsam:"ldap://lincon.beloit.edu"

         ldap suffix        = "ou=People,dc=lincon,dc=beloit,dc=edu"

I suggest  this value for ldap suffix
ldap suffix = "dc=lincon,dc=beloit,dc=edu" if your accounts are in
"ou=People,dc=lincon,dc=beloit,cd=edu" subtree 

         ldap admin dn      = "cn=admin,dc=lincon,dc=beloit,dc=edu"
#       ldap port          = 389
         ldap server        = 144.89.254.9
         ldap ssl           = no
         ldap machine suffix = ou=Machine
         ldap user suffix = ou=People
         ldap group suffix = ou=Group

NOTE: When I use passdb backend, I never get a prompt to login with
my 
username and password.  It simply fails stating their is no backend.
    [2005/01/18 14:54:05, 0]
passdb/pdb_interface.c:make_pdb_methods_name(664)
   No builtin nor plugin backend for ldapsam found
[2005/01/18 14:54:05, 1]
passdb/pdb_interface.c:make_pdb_context_list(765)
   Loading ldapsam:ldap://lincon.beloit.edu failed!
[2005/01/18 14:54:05, 0]
passdb/pdb_interface.c:make_pdb_methods_name(664)
   No builtin nor plugin backend for ldapsam found
[2005/01/18 14:54:05, 1]
passdb/pdb_interface.c:make_pdb_context_list(765)
   Loading ldapsam:ldap://lincon.beloit.edu failed!

If you have ldap client installed, be sure that your configure line
of Samba (if you have build from source) have -with-ldapsam switch

  When I comment out that and use the ldap server line (with ldap
port 
commented out), I get a prompt, but get these errors in the logs:
2005/01/18 15:20:11, 1] lib/util_sock.c:get_peer_name(959)
   Gethostbyaddr failed for 144.89.40.114
[2005/01/18 15:20:12, 1] lib/util_sock.c:get_peer_name(959)
   Gethostbyaddr failed for 144.89.40.114

In this test you can try to change this line
ldap server = 144.89.254.9
with 
ldap server = lincon.beloit.edu
if you have (as you hope) a DNS or host resolution for this name.

I feel like its not really getting to the point of inquiring for a 
username, etc.  Any suggestions are much appreciated! -thanks
  Tim

I hope these suggestions may help you.
Bye 

Roberto Morelli
Azienda U.S.L. 11 
Empoli (FI)
Tim Tyler
Network Engineer - Beloit College
tyler at beloit.edu 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba




More information about the samba mailing list