Hello all, This is my first mailing list post, so God help me if I muck something up with the tagging and what not. Anyway, I want to configure Apache DS (1.5.7) to act as the passwd backend for a few Samba servers on our local network. Apache DS is already running and successfully authenticating for several Apache webservers, Mercurial repos, and an Openfire server. I don't need to have a full blown PDC, just being able to use pre-exsiting credentials to authenticate for Samba would be nice.
Right now, I've been able to use Directory Studio to enable the Samba schema in my ADS instance. It kind of threw me off for a bit because I didn't immediately realize that in order to enable it I had to make sure each of the dependecies was enabled, and it seems that NIS (or some other dependecy of Samba) was not enabled by default. I've got LDAP Account Manager running to help manage my server, and its how I've added a Samba Domain object to my directory. Here's some LDIF entires from my directory: dn: sambaDomainName=MYDOMAIN,dc=example, dc=com objectClass: sambaDomain objectClass: top sambaDomainName: MYDOMAIN sambaSID: S-1-5-21-3194997645-334687660-1995094790 sambaAlgorithmicRidBase: 1000 sambaNextUserRid: 1000 dn: ou=People,dc=example,dc=com objectClass: organizationalUnit objectClass: top ou: People dn: uid=smbtest,ou=People,dc=example,dc=com objectClass: organizationalPerson objectClass: person objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: top cn: smbtest gidnumber: 513 homedirectory: /home/smbtest sn: smbtest uid: smbtest uidnumber: 10005 gecos: System User givenname: smbtest loginshell: /bin/bash shadowLastChange: 14995 shadowMax: 45 userPassword:: blah dn: uid=person,ou=People,dc=example,dc=com objectClass: organizationalPerson objectClass: person objectClass: inetOrgPerson objectClass: posixAccount objectClass: sambaSamAccount objectClass: shadowAccount objectClass: top cn: Person gidNumber: 20000 homeDirectory: /home/person sambaSID: S-1-5-21-3194997645-334687660-1995094790-21002 sn: Person uid: person uidNumber: 10001 displayName: Person loginShell: /usr/bin/bash sambaAcctFlags: [XU ] sambaDomainName: mydomain sambaPasswordHistory: 10 sambaPrimaryGroupSID: S-1-5-21-3194997645-334687660-1995094790-512 userPassword:: blah And here's part of my smb.conf file: [global] workgroup = MYDOMAIN server string = Samba Server Version %v netbios name = mydomain interfaces = lo eth0 hosts allow = 127. 192.168.160. x.x.x.0 passdb backend = ldapsam:ldap://myldapserver:389/ ldap suffix = dc=example, dc=com ldap group suffix = ou=group ldap user suffix = ou=People ldap admin dn = uid=admin,ou=system security = user enable privileges = yes map to guest = bad user guest account = smbguest [test] comment = Test Share path = /test browseable = yes Now, I know that samba is able to communicate with ADS because when I run the "net getlocalsid" command, it gives me no errors. But when I run the command and alter the admin dn information, I get a failure to authenticate message (I've set the admin dn passwd using "smbpasswd -w"). However, when I try to connect to my test share using a Win XP Pro SP3 client, the share behaves like it can't authenticate either of my users (person or smbtest). I have also used smbldap to add the smbtest account successfuly (most likely the reason why it contains different attributes then the person account, person was added using LAM). Additionally, smbldap-userlist shows the smbtest user, but no others. I'm thinking that the issue is most likely due to a lack of the proper attributes to the People group, or something I'm missing in either individual account. Any information on the subject would be very helpful, or even a good place to go to try to find out more about how to integrate ApacheDS with Samba. Thanks in advance for any advice on this issue. Jeff
