Paul,
Great Tips... Thanks you. I will take a look at smbldap-tools and try again.
Steve
Judicious snippage, post at the bottom.
I tried to let Samba authenticate against LDAP but could not figure out how to build the LDAP tree for Samba.
Fedora core 2 Samba 3.0.10 OpenLDAP 2.1.29
dc=mydomain | `--- ou=People : to store user accounts for Unix and Windows | `--- ou=Hosts : to store computer accounts for UNIXX & Windows | `--- ou=Groups : to store system groups for Unix and Windows
What I did were:
[global] workgroup = TESTDM passdb backend = ldapsam:ldap://10.10.0.101/ log level = 1 passdb:8 auth:8 domain logons = Yes wins support = Yes ldap admin dn = cn=root,dc=mydomain ldap delete dn = Yes ldap group suffix = ou=Group ldap machine suffix = ou=Hosts ldap user suffix = ou=People ldap suffix = dc=mfelc ldap passwd sync = Yes ldap ssl = no 3) start Samba server
4) run smbclient //smbserver -U myid Password: session setup failed: NT_STATUS_LOGON_FAILURE
Attached is the smbd.log, I deleted the normal log and keep failed messages as below:
check_sam_security: Couldn't find user 'szeng' in passdb file.
auth/auth.c:check_ntlm_password(271)
check_ntlm_password: sam authentication for user [szeng] FAILED with error NT_STATUS_NO_SUCH_USER
Is there anybody who might have some idea of what is wrong.
Yep. You did nothing to create the samba attributes that will have to exist in each user account for the users to log in. I suggest you read the documentation on setting up an LDAP/PDC system that is on the samba.org web site. You've missed quite a few steps here, so you may want to read it through to get a complete idea. Your solution is going to include the following:
1. Obtain and configure the smbldap-tools package.
2. Run the smbldap-populate script
3. Make sure you've got a sambaDomain (I think that's the object type) in the base of your DIT.
4. Join the machine to the domain (since you appear to want a domain setup)
4. Add samba attributes to each user's account.
Yes there are 2 #4 entries. Doesn't matter which one comes first. As far as I can remember, those will be the critical steps to not miss. If you've followed the documentation and not done those steps, you've missed something.
-- Regards,
Steve Zeng Systems Administrator Mainframe Entertainment Inc T: (604) 628-1000 ext 5293 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
