[Samba] LDAP backend for a stand-alone server

Matt Ingram Tue, 22 Feb 2005 07:03:18 -0800

I'm sure I'm missing something in the configuration or am misconfiguring the ldif. Regular linux accounts authenticate fine looking at the ldap but not samba accounts. When I try to map a drive, it just returns "Incorrect password or unkown username". I have ldap running on a seperate server from the samba server.

I get nothing in the messages logs on the samba server, and ldap logs have no errors, but often show the uid and group being nobody.

I'm running SuSE 9.1 on both servers. Samba server is running: samba-3.0.2a-51 and the ldap server is running openldap2-2.2.6-37.22.

I'm attaching an ldif of a user, the samba server, the ldap log and a section of the samba server smb.conf.

Thanks in advance for any help.

Matt.

samba server ldif:
================
dn: sambaDomainName=sambaserver,ou=samba-test,dc=xxxx,dc=zzz
sambaDomainName: sambaserver
sambaSID: S-1-0-0
objectClass: sambaDomain
objectClass: top


user ldif
=================
dn: uid=bpitt,ou=Users,ou=samba-test,dc=xxxx,dc=zzz
cn: Brad
displayName: Brad Pitt
gecos: Brad Pitt
homeDirectory: /home/bpitt
loginShell: /bin/bash
sambaPrimaryGroupSID: S-1-5-32-547
sambaSID: S-1-0-0-21004
shadowLastChange: 11778
uid: bpitt
uidNumber: 10002
userPassword: {crypt}NwPCGOg9Bec.Q
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
sambaAcctFlags: [DU         ]
sambaLMPassword: FDA95FBECA288D44AAD3B435B51404EE
sambaNTPassword: FBF9032214C67D388E0A0858D649380A
sambaHomeDrive: \\sambaserver\bpitt
gidNumber: 6000


smb.conf
=========
[global]
       workgroup = workgroup
       netbios name = sambserver
       interfaces = 127.0.0.1 eth0
       bind interfaces only = true
       printing = cups
       printcap name = cups
       printer admin = @ntadmin, root, administrator
       map to guest = Bad User
       username map = /etc/samba/smbusers
       passdb backend = ldapsam:ldap://ldapserver
       ldap passwd sync = Yes
       ldap suffix = dc=xxxx,dc=zzz
       ldap user suffix = ou=Users,ou=samba-test
       ldap group suffix = ou=samba-groups,ou=samba-test
       ldap admin dn = cn=Manager,dc=xxxx,dc=zzz

# I've tried this commented out with the same results.
       ldap filter = "(&(uid=%u)(objectclass=sambaSamAccount))"


/var/log/messages from an attempted drive map
================================

Feb 22 09:37:04 gofannon slapd[10121]: conn=2481 op=8 SRCH base="dc=xxxx,dc=zzz" scope=2 deref=0 filter="(&(sambaSID=s-1-0-0-501)(objectClass=sambaSamAccount))" Feb 22 09:37:04 gofannon slapd[10121]: conn=2481 op=8 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime modifyTimestamp Feb 22 09:37:04 ldapserver slapd[10121]: conn=2481 op=8 SEARCH RESULT tag=101 err=0 nentries=0 text= Feb 22 09:37:04 ldapserver slapd[10121]: conn=2482 op=5 SRCH base="dc=xxxx,dc=zzz" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=nobody))" Feb 22 09:37:04 ldapserver slapd[10121]: conn=2482 op=5 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Feb 22 09:37:04 ldapserver slapd[10121]: conn=2482 op=5 SEARCH RESULT tag=101 err=0 nentries=0 text= Feb 22 09:37:04 ldapserver slapd[10121]: conn=2482 op=6 SRCH base="dc=xxxx,dc=zzz" scope=2 deref=0 filter="(&(objectClass=posixGroup)(memberUid=nobody))" Feb 22 09:37:04 ldapserver slapd[10121]: conn=2482 op=6 SRCH attr=cn userPassword memberUid uniqueMember gidNumber Feb 22 09:37:04 ldapserver slapd[10121]: conn=2482 op=6 SEARCH RESULT tag=101 err=0 nentries=0 text= Feb 22 09:37:04 ldapserver slapd[10121]: conn=2481 op=9 SRCH base="dc=xxxx,dc=zzz" scope=2 deref=0 filter="(&(&(uid=bpitt)(objectClass=sambaSamAccount))(objectClass=sambaSamAccount))" Feb 22 09:37:04 ldapserver slapd[10121]: conn=2481 op=9 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime modifyTimestamp Feb 22 09:37:04 ldapserver slapd[10121]: conn=2481 op=9 SEARCH RESULT tag=101 err=0 nentries=1 text=


--
Matt Ingram
Intermediate Unix Administrator, IS
Canadian Bank Note Company, Limited

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] LDAP backend for a stand-alone server

Reply via email to