[Samba] samba with customized ldap backend
Rowland Penny
rpenny at samba.org
Mon Nov 7 13:34:50 UTC 2016
On Mon, 7 Nov 2016 18:30:51 +0530 (IST)
Arun Gupta via samba <samba at lists.samba.org> wrote:
> Sir,
>
> As you told that Samba normaly set uid=Username and not the
> uidNumber. Here due some requirement we had configured ldap with dn
> uid="user's emp id" and it is very well working with all the services
> like nagios anonymous authentication, ssh, smtp, imap authentication,
> rdesktop means all the possible services but I am very badly stuck
> with samba authentication.
>
> For example I have created below ldif uid='user's empid'
>
> dn: uid=102220,ou=People,dc=pn,ou=User,dc=cdac,dc=in
> empID: 102220
> username: micki
> cn: Demo Account
> centre: PN
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: top
> objectClass: shadowAccount
> objectClass: sambaSamAccount
> oldempid: 2220
> mail: micki at cdac.in
> givenName: Demo Accoung
> shadowLastChange: 15587
> loginShell: /bin/bash
> uidNumber: 5345
> gidNumber: 5345
> homeDirectory: /mbox1.1/micki
> userPassword::
> {SSHA256}v7vlA8YYjJ27IbPQQa8eaChdHFcpu6EGYWxZH1O7w13ZocmtLTb9nw==
> sambaPwdLastSet: 1473165911
> sambaLMPassword: 7e58f6a33f8b3ef68ef354180a3a1da7
> sambaSID: S-1-5-21-4079184197-2446238136-3299756537-1008
> sambaAcctFlags: [UX ]
> sambaNTPassword: 0242A7FEC5CD294F916925766089E573
> uid: 102220
> description: Unix
>
> ## pdbedit -L -v -u 102220
> -----------------------------
> Unix username: 102220
> NT username: 102220
> Account Flags: [UX ]
> User SID: S-1-5-21-4079184197-2446238136-3299756537-1008
> Finding user 102220
> Trying _Get_Pwnam(), username as lowercase is 102220
> Checking combinations of 0 uppercase letters in 102220
> Get_Pwnam_internals didn't find user [102220]!
> Primary Group SID: (NULL SID)
> Full Name: Demo Account
> Home Directory: \\report\102220
> HomeDir Drive:
> Logon Script:
> Profile Path: \\report\102220\profile
> Domain: REPORT
> Account desc: Unix
> Workstations:
> Munged dial:
> Logon time: 0
> Logoff time: never
> Kickoff time: never
> Password last set: Tue, 06 Sep 2016 18:15:11 IST
> Password can change: Tue, 06 Sep 2016 18:15:11 IST
> Password must change: Tue, 19 Jan 2038 08:44:07 IST
> Last bad password : 0
> Bad password count : 0
> Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> ----------------------
>
> here Unix username found 102220 and I am able to authenticate by uid
> (102220 ) instead of username (micki), if we can customze
> somwhere in samba search pattern I am sure my goal will be complete
> for that kindly give me some suggestions for the same
>
> Regard
> Arun
>
Have you asked on the sssd-users mailing list about this ???
If you are using sssd then Samba ISN'T doing the authentication, SSSD
is.
Rowland
More information about the samba
mailing list