[Samba] ldapsam cannot find NT password hash

David Kowis david at kow.is
Sun May 26 15:03:39 UTC 2019 

Most of this is generated by FreeNAS's gui, so I'll have to figure out
how to override it. I know where the file is, but I don't know if
changes I make to it will actually stick, but that's for a different
forum :)

Just curious, since I appear to be running a PDC, is there a way to have
a standalone samba server, and just get the user/password information
from LDAP without doing all the domain stuff? That's actually what I'd
like to do. I don't need a domain controller.

On 5/26/19 4:12 AM, Rowland penny via samba wrote:
> On 26/05/2019 02:04, David Kowis via samba wrote:
>> Certainly: https://termbin.com/wr68
>>
>> Thanks again!
>>
> OK, you are running Samba as an NT4-style PDC, though you don't seem to
> think so, because you have 'server role = member server', so I would
> remove the 'server role' line.
> 
> I would change 'server min protocol = SMB2_02' to 'server min protocol =
> NT1'
> 
> I would also change 'ldap ssl = start tls' to 'ldap ssl = off' until you
> get Samba working, you can turn it on again later.
> 
> You have this:
> 
>     passdb backend = ldapsam:ldap://pione.dark.kow.is
>     ldap admin dn = cn=admin,dc=dark,dc=kow,dc=is
>     ldap suffix = dc=dark,dc=kow,dc=is
>     ldap user suffix = ou=Users
>     ldap group suffix = ou=Groups
>     ldap machine suffix = ou=Computers
>     ldap ssl = start tls
>     ldap password sync = yes
>     ldapsam:trusted = yes
>     ldapsam:editposix = yes
>     idmap config *: backend = tdb
>     idmap config *: range = 90000001-100000000
>     idmap config NOSGOTH: backend = ldap
>     idmap config NOSGOTH: range = 10000-90000000
>     idmap config NOSGOTH: ldap_base_dn = ou=idmap,dc=dark,dc=kow,dc=is
>     idmap config NOSGOTH: ldap_user_dn = cn=sambaadmin,dc=dark,dc=kow,dc=is
>     idmap config NOSGOTH: ldap_url = ldap://pione.dark.kow.is
> 
> When I tested creating a PDC some time ago, I could only get it working
> with this:
> 
>     passdb backend = ldapsam
>     ldap admin dn = cn=admin,dc=dark,dc=kow,dc=is
>     ldap suffix = dc=dark,dc=kow,dc=is
>     ldap user suffix = ou=Users
>     ldap group suffix = ou=Groups
>     ldap machine suffix = ou=Computers
>     ldap ssl = off
>     ldap password sync = yes
>     ldapsam:editposix = yes
>     ldapsam:trusted = yes
>     idmap config * : backend = ldap
>     idmap config * : range = 10000-90000000
>     idmap config * : ldap_url = ldap://pione.dark.kow.is
>     idmap config * : ldap_base_dn = ou=idmap,dc=dark,dc=kow,dc=is
>     idmap config * : ldap_user_dn = cn=admin,dc=dark,dc=kow,dc=is

I'll see if I can't give this configuration a go, in the meantime.

> 
> Rowland
> 
> 
> 
>

More information about the samba mailing list