[Samba] Using Unix/LDAP Log in Credentials for Security = User
Share Authentication
Brandon Stanko
b.stanko at braysing.com
Thu Jul 26 17:36:26 GMT 2007
All,
I'm new to Samba so this may be a very easy fix, but I've not been able
to find it anywhere online or in the /Samba-3 By Example/ book.
I'm currently testing Samba 3.0.23c with an OpenLDAP v3 backend on
CentOS 5. I am able to get OpenLDAP installed and running for
authentication and can get Samba installed and configured well enough to
request and accept a LDAP user name/password when browsing to a share.
However, I would like Samba to just use the user name/password that I've
used as my login credentials for this step as well. Currently when I
browse to the share I am met with a dialog box that states: "You must
log in to access guest at centos/test." The dialog has a spot for user
name, domain, and password. The user name and domain are filled in with
the correct information, but the password is not. When I enter my log
in password it lets me into the share correctly. When I log into a
Windows 2000 machine using the same credentials I am able to browse the
share exactly as I would like to on the Linux box.
Also, both the Windows 2000 and Linux box were able to join the domain
TEST and have accounts in the LDAP directory.
Below is a copy of my smb.conf file (copied and edited from /Samba-3 By
Example)/:
[global]
unix charset = LOCALE
workgroup = TEST
netbios name = CENTOS
security = user
interfaces = eth0, lo
bind interfaces only = Yes
passdb backend = ldapsam:ldap://192.168.3.240
username map = /etc/samba/smbusers
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 139 445
name resolve order = wins bcast hosts
time server = Yes
show add printer wizard = No
add user script = /var/lib/samba/sbin/smbldap-useradd.pl
-a -m '%u'
delete user script = /var/lib/samba/sbin/smbldap-userdel.pl
-a -m '%u'
add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p
'%g'
delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl
-p '%g'
add user to group script =
/var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g'
delete user from group script =
/var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g'
set primary group script =
/var/lib/samba/sbin/smbldap-groupmod.pl -g '%g' '%u'
add machine script = /var/lib/samba/sbin/smbldap-useradd.pl
-w '%u'
logon script = scripts\logon.bat
logon path = \\%L\profiles\%U
logon drive = W:
domain logons = Yes
wins support = Yes
ldap suffix = dc=braysing,dc=com
ldap machine suffix = ou=user
ldap user suffix = ou=user
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = <ldap base dn uid>
idmap backend = ldap:ldap://192.168.3.240
idmap uid = 10000-20000
idmap gid = 10000-20000
map acl inherit = Yes
printing = cups
[IPC$]
path = /tmp
hosts allow = 192.168.3., 127.
hosts deny = 0.0.0.0/0
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
[printers]
comment = SMB Print Spool
path = /var/spool/samba
guest ok = Yes
printable = Yes
browseable = No
[apps]
comment = Application Files
path = /apps
admin users = Administrator
read only = No
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = Yes
locking = No
[profiles]
comment = Profile Share
path = /var/lib/samba/profiles
read only = No
profile acls = Yes
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
browseable = Yes
guest ok = No
read only = Yes
write list = Administrator
[test]
comment = Test Share
path = /u1
browseable = Yes
guest ok = No
read only = No
Thanks in advance for all of your help.
Brandon
More information about the samba
mailing list