[Samba] auth problem
rtibbetts at lanl.gov
Fri Sep 23 15:43:31 GMT 2005
At 08:54 AM 9/23/2005, Greg Folkert wrote:
>On Thu, 2005-09-22 at 14:48 -0600, Ric Tibbetts wrote:
> > >
> > >There is a terribly good howto:
> > >
> > >http://www.idealx.org/prj/samba/smbldap-howto.en.html
> > Thank you!
> > That helped, I'm closer.
> > I left out one line from my smb.conf
> > I found it from digging through that how-to.
> > password server = <LDAP server>
> > With that in, it now picks up the users from LDAP, which is exactly
> > what I was after!
> > Now I just need to work out a performance issue. getting the IDs from
> > LDAP is SLOW!!!!
> > It works, just as I wanted it to. It's just slow.
>Well, it depends. How *slow* is slow?
>And also, have you cranked up the logging on the auth part?
> log level = passdb:10 auth:10
>Also have you set:
> passdb backend = ldapsam ldap://auth.yourhost.com
>I am also assuming you have all the LDAP stuff setup properly, of
>course as needed/if needed.
> ldap admin dn
> ldap delete dn
> ldap filter
> ldap group suffix
> ldap idmap suffix
> ldap machine suffix
> ldap passwd sync
> ldap replication sleep
> ldap suffix
> ldap timeout
> ldap user suffix
>Hopefully, if you have good throughput, its all in these settings. If
>you don't have good throughput... well time to check the networking
>tweaks for samba.
>Also, if the delay turns out to be a lookup delay, try hard coding the
>name and ipaddr in the /etc/hosts file on the AIX box. This sometimes is
>a good work around for DNS queries gone bad.
Well, what was working yesterday, has stopped today. This is getting
In short: I'm trying to use Samba in it's most basic form. I don't
need a windows login server, nor a domain controller, none of that.
I just, very simply, need it serve out shares to already logged in
windows users. I've done this many times, in other places. I can't
possibly imagine why it's not working now. I don't need a passwd
database. I don't even need passwords.
The process is:
1) users are at a PC (which is already logged in via the Windows ADS.
2) Users need a share from Unix server "X"
3) uinx server "X" should only need to validate that the request is
coming from a valid subnet, from a valid user. They don't need
anything else. Just the share.
That's it. This is Samba at it's simplest.
The only wrinkle in this whole thing is that the user names between
the windows side, and the Unix side, don't match. So I have a
smbusers file to translate that. Other than that, it's all pretty basic.
I'm getting crazy errors in the logs. Everything from unknown user,
to no domain controller, to no password server, etc... It's almost random.
What was working yesterday, is dead today, and I didn't change
anything while I was at home last night.
I'll strip it all down "again" today, and piece it back together, and
hope I can make it work again.
This is just nuts.
More information about the samba