[Samba] samba failed to authenticate to openLDAP
szeng at mainframe.ca
Tue Mar 1 17:17:57 GMT 2005
Great Tips... Thanks you. I will take a look at smbldap-tools and try again.
> Judicious snippage, post at the bottom.
>> I tried to let Samba authenticate against LDAP but could not figure
>> out how to build the LDAP tree for Samba.
>> Fedora core 2
>> Samba 3.0.10
>> OpenLDAP 2.1.29
>> `--- ou=People : to store user accounts for Unix and Windows
>> `--- ou=Hosts : to store computer accounts for UNIXX & Windows
>> `--- ou=Groups : to store system groups for Unix and Windows
>> What I did were:
>> workgroup = TESTDM
>> passdb backend = ldapsam:ldap://10.10.0.101/
>> log level = 1 passdb:8 auth:8
>> domain logons = Yes
>> wins support = Yes
>> ldap admin dn = cn=root,dc=mydomain
>> ldap delete dn = Yes
>> ldap group suffix = ou=Group
>> ldap machine suffix = ou=Hosts
>> ldap user suffix = ou=People
>> ldap suffix = dc=mfelc
>> ldap passwd sync = Yes
>> ldap ssl = no
>> 3) start Samba server
>> 4) run smbclient //smbserver -U myid
>> session setup failed: NT_STATUS_LOGON_FAILURE
>> Attached is the smbd.log, I deleted the normal log and keep failed
>> messages as below:
>> check_sam_security: Couldn't find user 'szeng' in passdb file.
>> check_ntlm_password: sam authentication for user [szeng] FAILED with
>> error NT_STATUS_NO_SUCH_USER
>> Is there anybody who might have some idea of what is wrong.
> Yep. You did nothing to create the samba attributes that will have to
> exist in each user account for the users to log in. I suggest you read
> the documentation on setting up an LDAP/PDC system that is on the
> samba.org web site. You've missed quite a few steps here, so you may
> want to read it through to get a complete idea. Your solution is going
> to include the following:
> 1. Obtain and configure the smbldap-tools package.
> 2. Run the smbldap-populate script
> 3. Make sure you've got a sambaDomain (I think that's the object type)
> in the base of your DIT.
> 4. Join the machine to the domain (since you appear to want a domain setup)
> 4. Add samba attributes to each user's account.
> Yes there are 2 #4 entries. Doesn't matter which one comes first. As
> far as I can remember, those will be the critical steps to not miss.
> If you've followed the documentation and not done those steps, you've
> missed something.
Mainframe Entertainment Inc
T: (604) 628-1000 ext 5293
More information about the samba