[Samba] ldapsam cannot find NT password hash

David Kowis david at kow.is
Sun May 26 23:42:44 UTC 2019



On 5/26/19 10:14 AM, Rowland penny via samba wrote:
>> Just curious, since I appear to be running a PDC, is there a way to have
>> a standalone samba server, and just get the user/password information
>> from LDAP without doing all the domain stuff? That's actually what I'd
>> like to do. I don't need a domain controller.
> 
> I sort of thought you didn't
> 
> Try this:
> 
> remove 'security = user' which will make it 'security = auto'
> 
> Change these:
> 
>     domain logons = yes
>     server role = member server
> 
> To:
> 
>     domain logons = no
>     server role = standalone server
> 
> This should get you a standalone server with users in LDAP.
> 
> I must point out that I have never tried the above, but it should work.

Sadly, it doesn't seem to, or it's a combination of how I must configure
things in FreeNAS land. `testparm` shows the expected output with a few
exceptions. Fortunately, I'm able to override settings in the smb4.conf
by specifying them again, and last-one-in-wins:
https://termbin.com/ausk

It is showing up as a ROLE_STANDALONE server, but I do see during the
startup of smbd:
https://pastebin.com/Fgd8PPXb

I assume that's from the lines, but I don't know.
```
        idmap config nosgoth: ldap_url = ldap://pione.dark.kow.is
        idmap config nosgoth: ldap_user_dn =
cn=sambaadmin,dc=dark,dc=kow,dc=is
        idmap config nosgoth: ldap_base_dn = ou=idmap,dc=dark,dc=kow,dc=is
        idmap config nosgoth: range = 10000-90000000
        idmap config nosgoth: backend = ldap
```

Is there a way to specify things by setting them to empty? I can't
delete the entries, because FreeNAS auto-generates this file on boot
from it's configuration database, but I can append to the end and
include stuff that overrides the existing setup....

Thanks again!
-- David



More information about the samba mailing list