RedHat enterprise v4
openldap 2.2.13-4
cyrus-sasl 2.1.19-5.EL4
samba 3.0.10-1.4E.9
krb-libs 1.3.4-27
server1: openldap and kerberos server
server2: samba server
We have openldap working as posix source for all of our *nix logins -
with passwords stored in kerberos accessed via sasl.
We have an exiting samba server running on redhat for macintosh/windows
user access to network storage. Our passwords are stored in smbpasswd.
Access works fine in this configuration.
We would like to centralize this authentication and have samba read it's
passwords from ldap/kerberos.
I have created a new samba server - with pam enabled and no smbpasswd file.
I have created a domain record in ldap - dn:
"sambaDomainName=SERVER2,ou=services,ou=samba,dc=bates,dc=edu",
sambaSID: S-1-0-0
I have a testuser account in ldap with all posixAccount information and
objectClass: sambaSamAccount and sambaSID: S-1-0-0-{uid*2 + 1000}
# net getlocalsid
SID for domain SERVER2 is: S-1-0-0
#
smb.conf is at the end of this email.
I can access my samba share via smbclient \\server2\testuser
I cannot access my samba share via either windows or macintosh.
From Windows, I receive the error "\\server2\testuser is not
accessible. You might not have permissions to use this network
resource. Contact the administrator of this server to see if you have
access permissions. The account is not authorized to log in from this
station."
From Macintosh, I am given the login prompt, I type my username and
password, then get the error "Could not connect to the server because
the name or password is not correct."
I assume the errors are because I do not have sambaLMPassword or
sambaNTPassword stored in my ldap database. I do not want to do this.
How do I set up samba to read all access from pam (as in the smbclient)
and not require storage of passwords in ldap?
Any help would be appreciated. I have spent hours on Google and am
getting nowhere.
Thanks,
Karen McArthur
Bates College, Lewiston, Maine
[EMAIL PROTECTED]
*******
smb.conf
*******
workgroup = BCIS
server string = Samba Server %v
hosts allow = 134.181. 127.
log file = /var/log/samba/%m.log
max log size = 50
security = user
encrypt passwords = no
obey pam restrictions = yes
ldap admin dn = "cn=smbadmin,dc=bates,dc=edu"
;ldap ssl = start tls
passdb backend = ldapsam:ldap://ldap.bates.edu:714
ldap delete dn = no
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap machine suffix = ou=Hosts
ldap suffix = dc=bates,dc=edu
local master = no
name resolve order = host lmhosts wins bcast
wins server = x.y.z.a, x.y.z.b
dns proxy = no
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = no
[homes]
comment = Home Directories
browseable = no
writable = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
