[Samba] LDAP issues

Alex Moen alexm at ndtel.com
Thu Jan 26 08:54:25 MST 2012

Centos 6
Samba 3
smbldap-tools installed.

LDAP directory not on local host.

Example user LDIF:

dn: uid=testuser at mydomain.com,ou=mydomain,o=ndtc
mailHost: mailserver.mydomain.com
loginShell: /bin/bash
gidNumber: 500
uidNumber: 53112
uid: testuser at mydomain.com
sn: user
cn: test user
mail: testuser at mydomain.com
homeDirectory: /cust/mydomain/users/testuser
gecos: test user,,662-6123
objectClass: mirapointmailuser
objectClass: inetorgperson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSAMAccount
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaSID: S-1-5-21-3311107553-3899660464-2674327009-107224
sambaAcctFlags: [UX]
sambaHomeDrive: F:
sambaHomePath: \\ndtc-fs\cust\mydomain\users
sambaPwdLastSet: 1327615956
sambaPwdMustChange: 2147483647

getent passwd shows:

testuser at mydomain.com:x:53112:500:test user,,662-6123:/cust/mydomain/ 

I can ssh to the server with this account.  So, the linux/ldap stuff  
seems to work properly.

However, I cannot connect with the smb proto.  Continue to get a  
username/password prompt.

My suspicion is the "@" in the uid, which as I understand it, in the  
windoze world signifies a group... I think I am confusing something in  
the process.

My question is: can Samba be configured to append the "@mydomain.com"  
to the username, then authenticate the user?  So the user could use  
the testuser login via the windoze login and drive mapping processes,  
but Samba would actually use testuser at mydomain.com to actually  

All these accounts are already in use in the LDAP directory, and so  
the uid cannot be changed.

lmk if there's anything else needed here... I'm willing to share  
configs, command outputs, etc. to get this solved.


Alex Moen
Network Services Technician II
North Dakota Telephone Company

More information about the samba mailing list