[Samba] samba with customized ldap backend

Rowland Penny rpenny at samba.org
Mon Nov 7 13:34:50 UTC 2016 

On Mon, 7 Nov 2016 18:30:51 +0530 (IST)
Arun Gupta via samba <samba at lists.samba.org> wrote:

> Sir,
> 
> As you told that Samba normaly set uid=Username and not the
> uidNumber. Here due some requirement we had configured ldap with dn
> uid="user's emp id" and it is very well working with all the services
> like nagios anonymous authentication, ssh, smtp, imap authentication,
> rdesktop means all the possible services but I am very badly stuck
> with samba authentication.
> 
> For example I have created below ldif uid='user's empid'
> 
> dn: uid=102220,ou=People,dc=pn,ou=User,dc=cdac,dc=in
> empID: 102220
> username: micki
> cn: Demo Account
> centre: PN
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: top
> objectClass: shadowAccount
> objectClass: sambaSamAccount
> oldempid: 2220
> mail: micki at cdac.in
> givenName: Demo Accoung
> shadowLastChange: 15587
> loginShell: /bin/bash
> uidNumber: 5345
> gidNumber: 5345
> homeDirectory: /mbox1.1/micki
> userPassword:: 
> {SSHA256}v7vlA8YYjJ27IbPQQa8eaChdHFcpu6EGYWxZH1O7w13ZocmtLTb9nw==
> sambaPwdLastSet: 1473165911
> sambaLMPassword: 7e58f6a33f8b3ef68ef354180a3a1da7
> sambaSID: S-1-5-21-4079184197-2446238136-3299756537-1008
> sambaAcctFlags: [UX         ]
> sambaNTPassword: 0242A7FEC5CD294F916925766089E573
> uid: 102220
> description: Unix
> 
> ## pdbedit -L -v -u 102220
> -----------------------------
> Unix username:        102220
> NT username:          102220
> Account Flags:        [UX         ]
> User SID:             S-1-5-21-4079184197-2446238136-3299756537-1008
> Finding user 102220
> Trying _Get_Pwnam(), username as lowercase is 102220
> Checking combinations of 0 uppercase letters in 102220
> Get_Pwnam_internals didn't find user [102220]!
> Primary Group SID:    (NULL SID)
> Full Name:            Demo Account
> Home Directory:       \\report\102220
> HomeDir Drive:
> Logon Script:
> Profile Path:         \\report\102220\profile
> Domain:               REPORT
> Account desc:         Unix
> Workstations:
> Munged dial:
> Logon time:           0
> Logoff time:          never
> Kickoff time:         never
> Password last set:    Tue, 06 Sep 2016 18:15:11 IST
> Password can change:  Tue, 06 Sep 2016 18:15:11 IST
> Password must change: Tue, 19 Jan 2038 08:44:07 IST
> Last bad password   : 0
> Bad password count  : 0
> Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> ----------------------
> 
> here Unix username found 102220 and I am able to authenticate by uid 
> (102220 ) instead of username (micki), if we can customze 
> somwhere in samba search pattern I am sure my goal will be complete
> for that kindly give me some suggestions for the same
> 
> Regard
> Arun
> 

Have you asked on the sssd-users mailing list about this ???

If you are using sssd then Samba ISN'T doing the authentication, SSSD
is.

Rowland

More information about the samba mailing list