[Samba] LDAP issues
Alex Moen
alexm at ndtel.com
Thu Jan 26 09:51:12 MST 2012
Forgot to add... If I create a Unix account, and add it to the local
smbpasswd subsystem, it works fine. I can log in using the
credentials that I create. So, samba is working, and linux/ldap is
working, but samba/ldap has issues...
----------------
Alex Moen
Network Services Technician II
North Dakota Telephone Company
701-662-6481
On Jan 26, 2012, at 9:54 AM, Alex Moen wrote:
> Centos 6
> Samba 3
> smbldap-tools installed.
>
> LDAP directory not on local host.
>
> Example user LDIF:
>
> dn: uid=testuser at mydomain.com,ou=mydomain,o=ndtc
> mailHost: mailserver.mydomain.com
> loginShell: /bin/bash
> gidNumber: 500
> uidNumber: 53112
> uid: testuser at mydomain.com
> sn: user
> cn: test user
> mail: testuser at mydomain.com
> homeDirectory: /cust/mydomain/users/testuser
> gecos: test user,,662-6123
> objectClass: mirapointmailuser
> objectClass: inetorgperson
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: sambaSAMAccount
> sambaLogonTime: 0
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 2147483647
> sambaPwdCanChange: 0
> sambaSID: S-1-5-21-3311107553-3899660464-2674327009-107224
> sambaAcctFlags: [UX]
> sambaHomeDrive: F:
> sambaHomePath: \\ndtc-fs\cust\mydomain\users
> sambaPwdLastSet: 1327615956
> sambaPwdMustChange: 2147483647
>
> getent passwd shows:
>
> testuser at mydomain.com:x:53112:500:test user,,662-6123:/cust/mydomain/
> users/testuser:/bin/bash
>
> I can ssh to the server with this account. So, the linux/ldap stuff
> seems to work properly.
>
> However, I cannot connect with the smb proto. Continue to get a
> username/password prompt.
>
> My suspicion is the "@" in the uid, which as I understand it, in the
> windoze world signifies a group... I think I am confusing something
> in the process.
>
> My question is: can Samba be configured to append the
> "@mydomain.com" to the username, then authenticate the user? So the
> user could use the testuser login via the windoze login and drive
> mapping processes, but Samba would actually use
> testuser at mydomain.com to actually authenticate?
>
> All these accounts are already in use in the LDAP directory, and so
> the uid cannot be changed.
>
> lmk if there's anything else needed here... I'm willing to share
> configs, command outputs, etc. to get this solved.
>
> TIA!
>
> ----------------
> Alex Moen
> Network Services Technician II
> North Dakota Telephone Company
> 701-662-6481
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list