[Samba] LDAP issues
Jürgen Echter
j.echter at echter-kuechen-elektro.de
Thu Jan 26 09:55:02 MST 2012
Am 26.01.2012 17:51, schrieb Alex Moen:
> Forgot to add... If I create a Unix account, and add it to the local
> smbpasswd subsystem, it works fine. I can log in using the
> credentials that I create. So, samba is working, and linux/ldap is
> working, but samba/ldap has issues...
>
> ----------------
> Alex Moen
> Network Services Technician II
> North Dakota Telephone Company
> 701-662-6481
>
> On Jan 26, 2012, at 9:54 AM, Alex Moen wrote:
>
>> Centos 6
>> Samba 3
>> smbldap-tools installed.
>>
>> LDAP directory not on local host.
>>
>> Example user LDIF:
>>
>> dn: uid=testuser at mydomain.com,ou=mydomain,o=ndtc
>> mailHost: mailserver.mydomain.com
>> loginShell: /bin/bash
>> gidNumber: 500
>> uidNumber: 53112
>> uid: testuser at mydomain.com
>> sn: user
>> cn: test user
>> mail: testuser at mydomain.com
>> homeDirectory: /cust/mydomain/users/testuser
>> gecos: test user,,662-6123
>> objectClass: mirapointmailuser
>> objectClass: inetorgperson
>> objectClass: posixAccount
>> objectClass: shadowAccount
>> objectClass: sambaSAMAccount
>> sambaLogonTime: 0
>> sambaLogoffTime: 2147483647
>> sambaKickoffTime: 2147483647
>> sambaPwdCanChange: 0
>> sambaSID: S-1-5-21-3311107553-3899660464-2674327009-107224
>> sambaAcctFlags: [UX]
>> sambaHomeDrive: F:
>> sambaHomePath: \\ndtc-fs\cust\mydomain\users
>> sambaPwdLastSet: 1327615956
>> sambaPwdMustChange: 2147483647
>>
>> getent passwd shows:
>>
>> testuser at mydomain.com:x:53112:500:test
>> user,,662-6123:/cust/mydomain/users/testuser:/bin/bash
>>
>> I can ssh to the server with this account. So, the linux/ldap stuff
>> seems to work properly.
>>
>> However, I cannot connect with the smb proto. Continue to get a
>> username/password prompt.
>>
>> My suspicion is the "@" in the uid, which as I understand it, in the
>> windoze world signifies a group... I think I am confusing something
>> in the process.
>>
>> My question is: can Samba be configured to append the "@mydomain.com"
>> to the username, then authenticate the user? So the user could use
>> the testuser login via the windoze login and drive mapping processes,
>> but Samba would actually use testuser at mydomain.com to actually
>> authenticate?
>>
>> All these accounts are already in use in the LDAP directory, and so
>> the uid cannot be changed.
>>
>> lmk if there's anything else needed here... I'm willing to share
>> configs, command outputs, etc. to get this solved.
>>
>> TIA!
>>
>> ----------------
>> Alex Moen
>> Network Services Technician II
>> North Dakota Telephone Company
>> 701-662-6481
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>
sounds if samba isn't using LDAP properly.
would you mind to show us your config?
greets
juergen
More information about the samba
mailing list