[Samba] need recipe for samba to do user authentication against a centos 5.5 openldap server (NO IDMAPS! NO PDC!)

Clayton Hill claytonthecomputerwizard at gmail.com
Fri Jun 3 20:46:49 MDT 2011


Hi all,

Please help Ive been wasting days at this...
I am not trying to create a PDC, I am not joining an active directory, I am
not needing samba schema in my openldap (or do I?), I am not trying to use
winbind and idmaps for translations from SID to UID/GID, I just want my
samba server which shares linux home directories to authenticate
user+password against my existing linux based openldap server.

These are already POSIX accounts on the openldap server, so the UID and GID
need no translation AFAIK

All I want to do is have users log into the samba share with their openldap
Linux accounts.
unfortunately this is not working... at all.


Samba ver:
samba3x-3.3.8-0.52.el5_5.2
openldap ver:
2.3   (shouldnt matter)





my smb.conf :
-----------------------------------------------------------------------------------

[global]
        server string = %h server

        passdb backend = ldapsam:ldap://ldap.domain.com
*# looks like this syntax is deprecated. Whats the correct syntax?  *smb.conf
manpage is not making sense to me....

        security = user
        ldap passwd sync = yes
# is this needed?

        ldap ssl = no
        ldap admin dn = cn=superadmin,dc=domain,dc=com
        ldap suffix = dc=domain,dc=com
        ldap user suffix = ou=People
        ldap group suffix = ou=Group


[Shared]
        comment = Shared Directories
        path = /shared
        read only = No
        create mask = 0600
        directory mask = 0700

--------------------------------------------------------------------------------------------------------------
I then did

smbpasswd -w myadmindnpasswd


Im super confused as to why the above syntax isnt sufficient, and the howtos
out there are all not very helpful and use depricated syntax....

log level 2 snippet:

-------------------------------------------------------------------------------------------------------------------------------------------
[2011/06/03 19:25:00,  2] lib/smbldap_util.c:smbldap_search_domain_info(277)
  smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=SV3))]
[2011/06/03 19:25:00,  2] lib/smbldap.c:smbldap_open_connection(796)
  smbldap_open_connection: connection opened
[2011/06/03 19:25:00,  1] lib/smbldap_util.c:add_new_domain_info(233)
  add_new_domain_info: failed to add domain dn=
sambaDomainName=SV3,dc=domain,dc=com with: Invalid DN syntax
        invalid DN
[2011/06/03 19:25:00,  0] lib/smbldap_util.c:smbldap_search_domain_info(310)
  smbldap_search_domain_info: Adding domain info for SV3 failed with
NT_STATUS_UNSUCCESSFUL
[2011/06/03 19:25:00,  2] passdb/pdb_ldap.c:pdb_init_ldapsam(6259)
  pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the
domain
  pdb_init_ldapsam: Continuing on regardless, will be unable to allocate new
users/groups, and will risk BDCs having inconsistant SIDs
-------------------------------------------------------------------------------------------------------------------------------------------

this doesnt look good at all...  btw the samba server's hostname is SV3, why
is it using the syntax  "domain dn= sambaDomainName=SV3,dc=domain,dc=com "
this seems to no jive with what is in the smb.conf file, and I have no such
entry for the hostname of this samba server "SV3" or the string "dn=
sambaDomainName" specified anywhere in the configuration... I could of
course be interpreting this log incorrectly..



please help! :-)

Cheers,
-Clayton


More information about the samba mailing list