[Samba] Failed to retrieve password from secrets.tdb with anonymous bind

[Dr. Alberto Benati]

I see to clarify the context.

Everything is inside an intranet 10.X.X.X of my University and
OpenFiler (Samba / Proftpd) server must act as file server for many users
(about 100) against about 1000 total.

Authentication (with user password) is on University LDAP server.

If I create a local LDAP I must then provide a synchronization (account /
password) with University LDAP server that I can not manage/access/retrieve (I
have an anonymous bind only).

Subsequently testing (for security) I use tls for dialogue with University LDAP.

My problem that I can not do work Samba on LDAP authentication without
administration 

Alberto


---------- Original Message -----------
From: "Richard Foltyn" <richard.foltyn at gmail.com>
To: samba at lists.samba.org
Sent: Wed, 10 Sep 2008 08:41:19 +0200
Subject: Re: [Samba] Failed to retrieve password from secrets.tdb with
anonymous bind

> Why don't you just *create* a dedicated samba DN in LDAP which Samba
> can use? This is a much more secure setup than granting read or even
> write access to passwords to unauthenticated external connections.
> 
> The official smbldap-tools HOWTO even suggests how to do this:
> 
> 1) Create an LDAP entry which might look like this:
> 
> dn : cn=samba , ou=DSA, dc=IDEALX, dc=ORG
> objectclass : organizationalRole
> objectClass : top
> objectClass : simpleSecurityObject
> userPassword : sambasecretpwd
> cn : samba
> 
> 2) Set the password:
> ldappasswd -x -h localhost -D "cn=Manager,dc=IDEALX,dc=ORG" -s 
> sambasecretpwd \ -W cn=samba,ou=DSA,dc=IDEALX,dc=ORG
> 
> 3) Set you ldap admin dn in smb.conf
> 
> 4) Set the samba password with smbpasswd
> 
> Done.
> 
> (See the HOWTO for details:
> http://www.iallanis.info/smbldap-tools/docs/samba-ldap-howto/ )
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
------- End of Original Message -------