[Samba] Samba 3.4.7 with LDAP authentication

Amit More amore at xetus.com
Thu Oct 6 14:50:06 MDT 2011 

Thank you for your response. I appreciate it.

I changed the following directives,
    
        passdb backend = ldapsam:ldap://ldap1.example.com/
        ldap user suffix = ou=people
        ldap group suffix = ou=groups

Added the following,

        ldap admin dn = cn=root,dc=example,dc=com
        ldap machine suffix = ou=people


LDAP users are still not able to authenticate to the samba share. The error is the same. Heres an extract from the log file (/var/log/samba/user.log)



[2011/10/06 13:48:38,  3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [FILESERVER]\[amore]@[MACBOOKPRO-1B99] with the new password interface
[2011/10/06 13:48:38,  3] auth/auth.c:225(check_ntlm_password)
  check_ntlm_password:  mapped user is: [FILESERVER]\[amore]@[MACBOOKPRO-1B99]
[2011/10/06 13:48:38,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2011/10/06 13:48:38,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2011/10/06 13:48:38,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2011/10/06 13:48:38,  2] lib/smbldap.c:890(smbldap_open_connection)
  smbldap_open_connection: connection opened
[2011/10/06 13:48:38,  3] lib/smbldap.c:1101(smbldap_connect_system)
  ldap_connect_system: successful connection to the LDAP server
[2011/10/06 13:48:38,  4] lib/smbldap.c:1177(smbldap_open)
  The LDAP server is successfully connected
[2011/10/06 13:48:38,  4] passdb/pdb_ldap.c:1600(ldapsam_getsampwnam)
  ldapsam_getsampwnam: Unable to locate user [amore] count=0
[2011/10/06 13:48:38,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2011/10/06 13:48:38,  3] auth/auth_sam.c:282(check_sam_security)
  check_sam_security: Couldn't find user 'amore' in passdb.
[2011/10/06 13:48:38,  2] auth/auth.c:320(check_ntlm_password)
  check_ntlm_password:  Authentication for user [amore] -> [amore] FAILED with error NT_STATUS_NO_SUCH_USER
[2011/10/06 13:48:38,  3] smbd/sesssetup.c:42(do_map_to_guest)
  No such user amore [FILESERVER] - using guest account
[2011/10/06 13:48:38,  4] passdb/pdb_ldap.c:2550(ldapsam_getgroup)
  ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=65534))
[2011/10/06 13:48:38,  3] smbd/sec_ctx.c:210(push_sec_ctx)


Thanks,
Amit


On Oct 6, 2011, at 1:27 PM, Miguel Medalha wrote:

> 
>>  	ldap user suffix = ou=people,dc=example,dc=com
>>  	ldap group suffix = ou=groups,dc=example,dc=com
>> 	ldap suffix = dc=example,dc=com
> 
> Since your suffix is already in "ldap suffix", the other entries should be:
> 
> ldap user suffix = ou=people
> ldap group suffix = ou=groups
> 
> Don't you need the entry "ldap machine suffix"?
>

More information about the samba mailing list