[Samba] Re: Authentication confusion - may be LDAP related

Ric Tibbetts rtibbetts at lanl.gov
Tue Sep 27 20:40:37 GMT 2005


At 02:20 PM 9/27/2005, paul kölle wrote:
>Ric Tibbetts wrote:
> > dn: username=u123456,ou=aixuser,cn=aixsecdb,cn=aixdata
> > uid: 1040
> > username: u123456
> > <snip>
> >
> > with u123456 being my *nix login.
> >
> > To me, this looks very wrong (not to mention that there's no dc=).
>It looks wrong and the author surely has had no clue what cn means etc.
>nevertheless it should work.
>
>
> > If I'm seeing this right, shouldn't the login be the "uid" not
> > "username"? Is that what Samba is looking for?
>You can set "ldap filter = (username=%u)" in smb.conf along with a
>suitable value for "ldap suffix".
>
>Check the users with "getent passwd" to test if they are visible to the
>system.

Okay, I tried this. Here's my smb.conf:

# Global parameters
[global]
         workgroup = WIN
         server string = RX01 %a-%v
         security = user
         password server = <a server>
         username map = /usr/local/samba/private/smbusers
         log level = 100
         log file = /var/log/samba/%m.log
         max log size = 500
         wins server = <a server>
         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
         ldap filter = (username=%u)
         ldap admin dn = cn=root
         ldap suffix = cn=aixsecdb,cn=aixdata
         ldap group suffix = ou=aixgroup
         ldap user suffix = ou=aixuser
         ldap machine suffix = cn=aixid,ou=system

[Homes]
         comment = User Home Directories
         valid users = %S
         read only = No
         guest ok = Yes

Still no good.
I have no "getent" installed.





More information about the samba mailing list