[Samba] LDAP with Samba Server

Harry Jede walk2sun at arcor.de
Mon Nov 12 13:11:48 MST 2012 

On 19:43:51 wrote rodrigo tavares:
> Hello !
> 
> Today I have a ldap server, it replicate the database from another
> machine SMB-LDAP. See the result:
> 
> dn: cn=informatica,ou=defensoria,dc=defensoria,dc=br
> cn: informatica
> description: Informatica
> gidNumber: 2451
> phpgwAccountExpires: -1
> phpgwAccountType: g
> userPassword:
> mail: informatica at defensoria.br
> memberUid: diego.santos
> memberUid: alan.murta
> memberUid: bruce.borba
> memberUid: william.mor
> memberUid: manuel.neto
> memberUid: eli.set
> memberUid: rodrigo.tavares
> memberUid: faria.tavares
> structuralObjectClass: posixGroup
> entryUUID: e0cf40fa-b0af-1031-9098-b773bfdd8a70
> creatorsName: cn=admin,dc=defensoria,dc=br
> createTimestamp: 20121022161837Z
> objectClass: top
> objectClass: posixGroup
> objectClass: phpgwAccount
> objectClass: sambaGroupMapping
> sambaGroupType: 2
> displayName: informatica
> sambaSID::
> IFMtMS01LTIxLTM2OTQ4MTM4NjctMjE3NjUzNTQ2Ny0xMzMzMDcxNTk2LTU5MDM=
The field "sambaSID" should never be base64 encoded!
There is a space before "S-1-5", but should not ;-)

$ echo IFMtMS01LTIxLTM2OTQ4MTM4NjctMjE3NjUzNTQ2Ny0xMzMzMDcxNTk2LTU5MDM=|
base64 -d
 S-1-5-21-3694813867-2176535467-1333071596-5903

check your smbldap config file.

Maybe that all or most sambaSid attributes are wrong.

> entryCSN: 20121112130102.988770Z#000000#000#000000
> modifiersName: cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br
> modifyTimestamp: 20121112130102Z
> 
> I my smb.conf
> 
> [system]
>        
>         comment = system
>         path = /home/system
>         public = yes
>         printable = no
>         browseable = no
>         guest ok = yes
>         read only = yes
>         write list = @informatica
> 
>  domain logons = yes
>    add user script = /usr/sbin/smbldap-useradd -a -m "%u"
>    add group script = /usr/sbin/smbldap-groupadd -p "%g"
>    add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
>    delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
> "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g"
> "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u"
> 
> 
>  ldap user suffix = ou=defensoria
>    ldap group suffix = ou=grupos
>    ldap machine suffix = ou=computadores
>    ldap passwd sync = yes
>    ldap admin dn = cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br
>    ldap suffix = dc=defensoria,dc=mg,dc=gov,dc=br
>    ldap ssl = no
>    passdb backend = ldapsam:ldap://10.26.7.249
> 
> 
> http://rodrigofariat.files.wordpress.com/2012/11/ldap-smb.png
> 
> 
> 
> When I try mapping the folder, come a screen with login/password,
> then i type password but is not login is not access. Why is not
> access ?
> 
> Rodrigo Faria


-- 

Gruss
	Harry Jede

More information about the samba mailing list