[Samba] Re: Authentication confusion - may be LDAP related
Ric Tibbetts
rtibbetts at lanl.gov
Tue Sep 27 20:40:37 GMT 2005
At 02:20 PM 9/27/2005, paul kölle wrote:
>Ric Tibbetts wrote:
> > dn: username=u123456,ou=aixuser,cn=aixsecdb,cn=aixdata
> > uid: 1040
> > username: u123456
> > <snip>
> >
> > with u123456 being my *nix login.
> >
> > To me, this looks very wrong (not to mention that there's no dc=).
>It looks wrong and the author surely has had no clue what cn means etc.
>nevertheless it should work.
>
>
> > If I'm seeing this right, shouldn't the login be the "uid" not
> > "username"? Is that what Samba is looking for?
>You can set "ldap filter = (username=%u)" in smb.conf along with a
>suitable value for "ldap suffix".
>
>Check the users with "getent passwd" to test if they are visible to the
>system.
Okay, I tried this. Here's my smb.conf:
# Global parameters
[global]
workgroup = WIN
server string = RX01 %a-%v
security = user
password server = <a server>
username map = /usr/local/samba/private/smbusers
log level = 100
log file = /var/log/samba/%m.log
max log size = 500
wins server = <a server>
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
ldap filter = (username=%u)
ldap admin dn = cn=root
ldap suffix = cn=aixsecdb,cn=aixdata
ldap group suffix = ou=aixgroup
ldap user suffix = ou=aixuser
ldap machine suffix = cn=aixid,ou=system
[Homes]
comment = User Home Directories
valid users = %S
read only = No
guest ok = Yes
Still no good.
I have no "getent" installed.
More information about the samba
mailing list