[Samba] Samba4 binding LDAP Server
Danilo Mussolini
danilo at mdotti.com
Mon Jun 2 09:31:23 MDT 2014
Not supported ? Really ?
There you go:
[root at Nemesis ~]# ldapsearch -xLLL
'(&(sambadomainname=*)(objectclass=sambadomain))' '*' objectclass
dn: sambaDomainName=O2POS,dc=o2pos,dc=com
sambaDomainName: O2POS
sambaSID: S-1-5-21-3378243240-46098705-3816341305
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
sambaNextUserRid: 1000
sambaMinPwdLength: 5
sambaPwdHistoryLength: 0
sambaLogonToChgPwd: 0
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaForceLogoff: -1
sambaRefuseMachinePwdChange: 0
The LDAP server runs in a Debian Linux, and the version is:
$OpenLDAP: slapd 2.4.23 (Dec 16 2012 11:48:44)
Actually, now I have only Samba4 in this server. The other ones have
Samba Version 3.6.9-151.el6
On Mon, Jun 2, 2014 at 12:19 PM, Harry Jede <walk2sun at arcor.de> wrote:
> Hi Danilo,
>
> > Yes, maybe I'm wrong naming that.
> > As Rowland said it is a standalone server which authenticates users
> > from LDAP.
> That is not a supported samba/ldap setup. Nevertheless I have seen this
> some years ago.
>
> post the output of this command, if you are using openldap:
> ldapsearch -xLLL '(&(sambadomainname=*)(objectclass=sambadomain))' '*'
> objectclass
>
> btw, what os do you use, which ldap server
>
> > I have just noticed something in my tests with this file server. As
> > mentioned before, I have the following share:
> >
> > [Test]
> > comment = test
> > path = /u01
> > read only = no
> >
> >
> > And /u01 folder has the following permissions:
> >
> > drwxrwsr-x 5 root o2pos 4096 Jun 1 13:16 u01
> >
> >
> > I'm authenticating with the user mussolini (which is my name :))
> > from the LDAP database:
> >
> > [root at Nemesis ~]# id mussolini
> > uid=3001(mussolini) gid=3001(mussolini)
> > groups=3001(mussolini),3003(admins),3014(o2pos)
> This is also not a supported user configuration. Very early samba 3
> releases had supported this. Current samba3 and samba4 do not support
> users and groups with identical names. Enhance the loglevels in
> samba and in your ldap server.
>
> Please post your samba3 version: smbd -V
>
> > The authentication is done and the share Test is mounted
> > successfully, but even my user been a member of "o2pos" group, I
> > can't write in this folder. So, if I change the group owner of the
> > u01 folder to "admins" (which also has my user as member) I can
> > write files and folders normally in the Test share. Curious , isn't
> > it ?
> No, we simply dont know how your users and groups are setup in ldap.
> Post the relevant information.
>
>
> > Just to remember, this only happens in Samba4.
> Try
> acl group control = Yes
> in your share definition
>
>
> --
>
>
> Harry Jede
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list