[Samba] SMB+LDAP

Gaiseric Vandal gaiseric.vandal at gmail.com
Tue Aug 7 16:45:14 MDT 2012


You also need

sambaAccountFlags: [UX    ] for user account and
sambaAccountFlags: [W    ] for machine accounts.




On 08/07/12 17:37, Frans Lanting - IT Admin wrote:
> Hi Folks,
>
> A couple of questions about making SMB (3 or 4) authenticate to an
> external (anonymous) LDAP server:
>
> 1) A typical LDAP user record is below. Is there anything  lacking in
> this record that would prevent Samba from authenticating against our
> LDAP server? Note the sambaSID is as is, gobblygook info:
>
>
> dsAttrTypeNative:eduPersonAffiliation: Employee Member
> dsAttrTypeNative:givenName: David
> dsAttrTypeNative:homeDirectory: /afs/cats.csux.edu/users/t/dsixpack
> dsAttrTypeNative:mail: dsixpack at csux.edu
> dsAttrTypeNative:objectClass: posixAccount organizationalPerson
> csuxPerson top sambaSamAccount person inetOrgPerson csuxMain eduPerson
> dsAttrTypeNative:sambaSID: S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX
> dsAttrTypeNative:sn: Sixpack
> dsAttrTypeNative:csuxPersonGuID: G000242316
> AppleMetaNodeLocation: /LDAPv3/ldap-99.soe.csux.edu
> AppleMetaRecordName: uid=dsixpack,ou=People,dc=crm,dc=csux,dc=edu
> NFSHomeDirectory: /Users/dsixpack
> Password: ********
> PrimaryGroupID: 100002
> RealName:
>  David Sixpack
> RecordName: dsixpack
> RecordType: dsRecTypeStandard:Users
> UniqueID: 9239
> UserShell: /bin/bash
>
> 2) Regarding the "sudo smbpasswd -w secret" step, does this smb user
> need to exist in our LDAP or that local to the machine running the SMB
> daemon? I wasn't clear on how this step in the process is supposed to
> work.
>
> 3) Is the "ldap admin dn =" also required?
>
> Note we have read-only access to our LDAP server, though a record
> could be created for us if absolutely needed.
>
> Any help or ideas MUCH appreciated! Thanks!
>
> David




More information about the samba mailing list