[Samba] samba failed to authenticate to openLDAP

Tony Earnshaw tonye at billy.demon.nl
Tue Mar 1 07:47:47 GMT 2005

Steve Zeng:

> I tried to let Samba authenticate against LDAP but could not figure out
> how to build the LDAP tree for Samba.
> Fedora core 2
> Samba 3.0.10
> OpenLDAP 2.1.29
> I used the migration tool bundled with OpenLDAP and successfully
> imported passwd, group and hosts from NIS into LDAP. I can authenticate
> from any of linux client against LDAP server. My LDAP DIT is as follows:
> dc=mydomain |
> `--- ou=People    : to store user accounts for Unix and Windows
> |
> `--- ou=Hosts     : to store computer accounts for UNIXX & Windows
> |
> `--- ou=Groups    : to store system groups for Unix and Windows

O.k. But you could find at a later stage (on, for example, a large
installation) that you could do better to separate Samba specific stuff
into a subtree, f.ex. under an ou smb. You can still have Samba users in
your People container.


No comment on the specific OpenLDAP stuff, it looks o.k. and you made it
work :)

> 2) Configure smb.conf with SWAT

You might find out later that a CLI editor is a better choice; it gives
you the chance of commenting and trying different settings out


> ldap suffix = dc=mfelc

This is your immediate problem. Where on earth did you get this from? Your
ldap suffix should normally be that of the suffix used in your slapd.conf
DSE (could possibly be a subtree): in this case dc=mydomain.


mail: tonye at billy.demon.nl

More information about the samba mailing list