Hi there. I had configured OpenLDAP, NSS and PAM over RedHat 7.3 for Linux authentication, and they work pretty well. Recently, I downloaded Samba 2.2.7a source code and configured it for LDAP access (--with-ldapsam). I also configured it as a domain logon for Win98 authentication and file server. It had looked to be working well, but after some tests, I noticed Samba is ignoring LDAP data. Please, take a look on the following for an example. That is a fragment of samba debug (smbd -i -d 5):
ldap_open_connection: starting... StartTLS issued: using a TLS connection ldap_open_connection: connection opened ldap_connect_system: succesful connection to the LDAP server ldap_search_one_user: searching for:[(&(uid=lfogel)(objectclass=sambaAccount))] get_single_attribute: [uid] = [lfogel] Entry found for user: lfogel get_single_attribute: [pwdLastSet] = [1043443975] get_single_attribute: [logonTime] = [0] get_single_attribute: [logoffTime] = [2147483647] get_single_attribute: [kickoffTime] = [2147483647] get_single_attribute: [pwdCanChange] = [0] get_single_attribute: [pwdMustChange] = [2147483647] get_single_attribute: [cn] = [lfogel] get_single_attribute: [homeDrive] = [<does not exist>] get_single_attribute: [smbHome] = [<does not exist>] get_single_attribute: [scriptPath] = [lfogel.bat] get_single_attribute: [profilePath] = [<does not exist>] get_single_attribute: [description] = [Leonardo Fogel] ... As one can see, Samba is connecting to LDAP and loading the user information. However, Win98 was not running the script "lfogel.bat". If I set the smb.conf parameter "logon script = %U.bat", Win98 will load and run "lfogel.bat". But, if I set "logon script = %U1.bat" (or comment it), Win98 will NOT run anything. (Of course, "lfogel1.bat" does not exist.) I also look at the Samba source code in order to find out what could be my mistake. It looks that the function "pass_check_smb" in "smbd/password.c" manages the access to LDAP. The function declares "SAM_ACCOUNT *sampass = NULL", initializes it (pdb_init_sam(&sampass)), loads LDAP attributes (pdb_getsampwnam(sampass, user)), checks the passwords (smb_password_ok(sampass, ...)) and finally discards everything (pdb_free_sam(sampass)). So, it looks like Samba 2.2.7a ignores all LDAP attributes after authentication succeeds. Please, if someone can figure out what the problem is, let me know. Thanks and regards. _______________________________________________________________________ Busca Yahoo! O servi�o de busca mais completo da Internet. O que voc� pensar o Yahoo! encontra. http://br.busca.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
