[Samba] Using Unix/LDAP Log in Credentials for Security = User Share Authentication

Brandon Stanko b.stanko at braysing.com
Thu Jul 26 17:36:26 GMT 2007


I'm new to Samba so this may be a very easy fix, but I've not been able 
to find it anywhere online or in the /Samba-3 By Example/ book.

I'm currently testing Samba 3.0.23c with an OpenLDAP v3 backend on 
CentOS 5.  I am able to get OpenLDAP installed and running for 
authentication and can get Samba installed and configured well enough to 
request and accept a LDAP user name/password when browsing to a share.  
However, I would like Samba to just use the user name/password that I've 
used as my login credentials for this step as well.  Currently when I 
browse to the share I am met with a dialog box that states: "You must 
log in to access guest at centos/test."  The dialog has a spot for user 
name, domain, and password.  The user name and domain are filled in with 
the correct information, but the password is not.  When I enter my log 
in password it lets me into the share correctly.  When I log into a 
Windows 2000 machine using the same credentials I am able to browse the 
share exactly as I would like to on the Linux box.

Also, both the Windows 2000 and Linux box were able to join the domain 
TEST and have accounts in the LDAP directory.

Below is a copy of my smb.conf file (copied and edited from /Samba-3 By 

    unix charset            = LOCALE
    workgroup            = TEST
    netbios name            = CENTOS
    security            = user
    interfaces            = eth0, lo
    bind interfaces only        = Yes
    passdb backend            = ldapsam:ldap://
    username map            = /etc/samba/smbusers
    log level            = 1
    syslog                = 0
    log file            = /var/log/samba/%m
    max log size            = 50
    smb ports            = 139 445
    name resolve order        = wins bcast hosts
    time server            = Yes
    show add printer wizard        = No
    add user script            = /var/lib/samba/sbin/smbldap-useradd.pl 
-a -m '%u'
    delete user script        = /var/lib/samba/sbin/smbldap-userdel.pl 
-a -m '%u'
    add group script        = /var/lib/samba/sbin/smbldap-groupadd.pl -p 
    delete group script        = /var/lib/samba/sbin/smbldap-groupdel.pl 
-p '%g'
    add user to group script    = 
/var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g'
    delete user from group script    = 
/var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g'
    set primary group script    = 
/var/lib/samba/sbin/smbldap-groupmod.pl -g '%g' '%u'
    add machine script        = /var/lib/samba/sbin/smbldap-useradd.pl 
-w '%u'
    logon script            = scripts\logon.bat
    logon path            = \\%L\profiles\%U
    logon drive            = W:
    domain logons            = Yes
    wins support            = Yes
    ldap suffix            = dc=braysing,dc=com
    ldap machine suffix        = ou=user
    ldap user suffix        = ou=user
    ldap group suffix        = ou=Groups
    ldap idmap suffix        = ou=Idmap
    ldap admin dn            = <ldap base dn uid>
    idmap backend            = ldap:ldap://
    idmap uid            = 10000-20000
    idmap gid            = 10000-20000
    map acl inherit            = Yes
    printing            = cups

    path = /tmp
    hosts allow = 192.168.3., 127.
    hosts deny =

    comment                = Home Directories
    valid users            = %S
    read only            = No
    browseable            = No

    comment                = SMB Print Spool
    path                = /var/spool/samba
    guest ok            = Yes
    printable            = Yes
    browseable            = No
    comment                = Application Files
    path                = /apps
    admin users            =  Administrator
    read only            = No

    comment                = Network Logon Service
    path                = /var/lib/samba/netlogon
    guest ok            = Yes
    locking                = No

    comment                = Profile Share
    path                = /var/lib/samba/profiles
    read only            = No
    profile acls            = Yes

    comment                = Printer Drivers
    path                = /var/lib/samba/drivers
    browseable            = Yes
    guest ok            = No
    read only            = Yes
    write list            = Administrator

    comment                = Test Share
    path                = /u1
    browseable            = Yes
    guest ok            = No
    read only            = No

Thanks in advance for all of your help.


More information about the samba mailing list