[Samba] LDAP with Samba Server
Fernando Lozano
fernando at lozano.eti.br
Tue Nov 13 07:45:17 MST 2012
Rodrigo,
It's not hard to fix your LDAP data, but you must find why it sambaSID
values were stored the wrong way. Maybe your LDAP config files
(/etc/slapd.conf?) on the slave point to the wrong schema definitions?
As for the space it may be there because of phpLdapAdmin. Try another
LDAP browser, like the GUI (Windows) Ldap Admin or GC (for Gnome) to
check the values.
[]s, Fernando Lozano
> On 19:43:51 wrote rodrigo tavares:
>> Hello !
>>
>> Today I have a ldap server, it replicate the database from another
>> machine SMB-LDAP. See the result:
>>
>> dn: cn=informatica,ou=defensoria,dc=defensoria,dc=br
>> cn: informatica
>> description: Informatica
>> gidNumber: 2451
>> phpgwAccountExpires: -1
>> phpgwAccountType: g
>> userPassword:
>> mail: informatica at defensoria.br
>> memberUid: diego.santos
>> memberUid: alan.murta
>> memberUid: bruce.borba
>> memberUid: william.mor
>> memberUid: manuel.neto
>> memberUid: eli.set
>> memberUid: rodrigo.tavares
>> memberUid: faria.tavares
>> structuralObjectClass: posixGroup
>> entryUUID: e0cf40fa-b0af-1031-9098-b773bfdd8a70
>> creatorsName: cn=admin,dc=defensoria,dc=br
>> createTimestamp: 20121022161837Z
>> objectClass: top
>> objectClass: posixGroup
>> objectClass: phpgwAccount
>> objectClass: sambaGroupMapping
>> sambaGroupType: 2
>> displayName: informatica
>> sambaSID::
>> IFMtMS01LTIxLTM2OTQ4MTM4NjctMjE3NjUzNTQ2Ny0xMzMzMDcxNTk2LTU5MDM=
> The field "sambaSID" should never be base64 encoded!
> There is a space before "S-1-5", but should not ;-)
>
> $ echo IFMtMS01LTIxLTM2OTQ4MTM4NjctMjE3NjUzNTQ2Ny0xMzMzMDcxNTk2LTU5MDM=|
> base64 -d
> S-1-5-21-3694813867-2176535467-1333071596-5903
>
> check your smbldap config file.
>
> Maybe that all or most sambaSid attributes are wrong.
>
>> entryCSN: 20121112130102.988770Z#000000#000#000000
>> modifiersName: cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br
>> modifyTimestamp: 20121112130102Z
>>
>> I my smb.conf
>>
>> [system]
>>
>> comment = system
>> path = /home/system
>> public = yes
>> printable = no
>> browseable = no
>> guest ok = yes
>> read only = yes
>> write list = @informatica
>>
>> domain logons = yes
>> add user script = /usr/sbin/smbldap-useradd -a -m "%u"
>> add group script = /usr/sbin/smbldap-groupadd -p "%g"
>> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
>> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
>> "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g"
>> "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u"
>>
>>
>> ldap user suffix = ou=defensoria
>> ldap group suffix = ou=grupos
>> ldap machine suffix = ou=computadores
>> ldap passwd sync = yes
>> ldap admin dn = cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br
>> ldap suffix = dc=defensoria,dc=mg,dc=gov,dc=br
>> ldap ssl = no
>> passdb backend = ldapsam:ldap://10.26.7.249
>>
>>
>> http://rodrigofariat.files.wordpress.com/2012/11/ldap-smb.png
>>
>>
>>
>> When I try mapping the folder, come a screen with login/password,
>> then i type password but is not login is not access. Why is not
>> access ?
>>
>> Rodrigo Faria
>
More information about the samba
mailing list