[Samba] Samba4 binding LDAP Server

Harry Jede walk2sun at arcor.de
Mon Jun 2 09:19:29 MDT 2014


Hi Danilo,

> Yes, maybe I'm wrong naming that.
> As Rowland said it is a standalone server which authenticates users
> from LDAP.
That is not a supported samba/ldap setup. Nevertheless I have seen this
 some years ago.

post the output of this command, if you are using openldap:
ldapsearch -xLLL '(&(sambadomainname=*)(objectclass=sambadomain))' '*' objectclass

btw, what os do you use, which ldap server

> I have just noticed something in my tests with this file server. As
> mentioned before, I have the following share:
> 
> [Test]
> comment = test
> path = /u01
> read only = no
> 
> 
> And /u01 folder has the following permissions:
> 
> drwxrwsr-x    5   root    o2pos  4096 Jun  1 13:16     u01
> 
> 
>  I'm authenticating with the user mussolini (which is my name :))
> from the LDAP database:
> 
> [root at Nemesis ~]# id mussolini
> uid=3001(mussolini) gid=3001(mussolini)
> groups=3001(mussolini),3003(admins),3014(o2pos)
This is also not a supported user configuration. Very early samba 3
releases had supported this. Current samba3 and samba4 do not support
users and groups with identical names. Enhance the loglevels in
 samba and in your ldap server.

Please post your samba3 version: smbd -V
 
> The authentication is done and the share Test is mounted
> successfully, but even my user been a member of "o2pos" group, I
> can't write in this folder. So, if I change the group owner of the
> u01 folder to "admins" (which also has my user as member) I can
> write files and folders normally in the Test share. Curious , isn't
> it ?
No, we simply dont know how your users and groups are setup in ldap.
Post the relevant information.

 
> Just to remember, this only happens in Samba4.
Try
acl group control = Yes
in your share definition


-- 


	Harry Jede


More information about the samba mailing list