[Samba] LDAP issues

Alex Moen alexm at ndtel.com
Thu Jan 26 09:51:12 MST 2012 

Forgot to add... If I create a Unix account, and add it to the local  
smbpasswd subsystem, it works fine.  I can log in using the  
credentials that I create.  So, samba is working, and linux/ldap is  
working, but samba/ldap has issues...

----------------
Alex Moen
Network Services Technician II
North Dakota Telephone Company
701-662-6481

On Jan 26, 2012, at 9:54 AM, Alex Moen wrote:

> Centos 6
> Samba 3
> smbldap-tools installed.
>
> LDAP directory not on local host.
>
> Example user LDIF:
>
> dn: uid=testuser at mydomain.com,ou=mydomain,o=ndtc
> mailHost: mailserver.mydomain.com
> loginShell: /bin/bash
> gidNumber: 500
> uidNumber: 53112
> uid: testuser at mydomain.com
> sn: user
> cn: test user
> mail: testuser at mydomain.com
> homeDirectory: /cust/mydomain/users/testuser
> gecos: test user,,662-6123
> objectClass: mirapointmailuser
> objectClass: inetorgperson
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: sambaSAMAccount
> sambaLogonTime: 0
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 2147483647
> sambaPwdCanChange: 0
> sambaSID: S-1-5-21-3311107553-3899660464-2674327009-107224
> sambaAcctFlags: [UX]
> sambaHomeDrive: F:
> sambaHomePath: \\ndtc-fs\cust\mydomain\users
> sambaPwdLastSet: 1327615956
> sambaPwdMustChange: 2147483647
>
> getent passwd shows:
>
> testuser at mydomain.com:x:53112:500:test user,,662-6123:/cust/mydomain/ 
> users/testuser:/bin/bash
>
> I can ssh to the server with this account.  So, the linux/ldap stuff  
> seems to work properly.
>
> However, I cannot connect with the smb proto.  Continue to get a  
> username/password prompt.
>
> My suspicion is the "@" in the uid, which as I understand it, in the  
> windoze world signifies a group... I think I am confusing something  
> in the process.
>
> My question is: can Samba be configured to append the  
> "@mydomain.com" to the username, then authenticate the user?  So the  
> user could use the testuser login via the windoze login and drive  
> mapping processes, but Samba would actually use  
> testuser at mydomain.com to actually authenticate?
>
> All these accounts are already in use in the LDAP directory, and so  
> the uid cannot be changed.
>
> lmk if there's anything else needed here... I'm willing to share  
> configs, command outputs, etc. to get this solved.
>
> TIA!
>
> ----------------
> Alex Moen
> Network Services Technician II
> North Dakota Telephone Company
> 701-662-6481
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list