Re: LDAP madness! [u]

To: Pete Clarke <pete@devilincarnate.eclipse.co.uk>
Cc: debian-user@lists.debian.org
Subject: Re: LDAP madness! [u]
From: "Jeremy T. Bouse [c]" <jbouse@debian.org>
Date: Thu, 19 Jan 2006 19:19:12 -0800
Message-id: <[🔎] 43D056B0.6010003@debian.org>
In-reply-to: <[🔎] 005801c61d59$3d7c77e0$6400a8c0@tomsk>
References: <[🔎] 005801c61d59$3d7c77e0$6400a8c0@tomsk>

Pete,

    Without the LDAP entry you're attempting to authenticate against it
is hard to say. I have gotten Samba to work with LDAP before; however, I
don't currently have it setup as I'm re-structuring my LAN servers at
the moment. Of interest in the LDAP entries is that Samba has it's own
schema of attributes for which it looks for to authenticate and they are
not the same used for POSIX authenticates typically used for PAM & NSS
authentication. It actually maintains two (2) password attributes for
Samba IIRC.

    Regards,
    Jeremy

Pete Clarke wrote:

> Hi all,
>
> LDAP!
> I have successfully managed to get a working LDAP installation for
> Unix clients, nss & pam logins work fine, even alongside the current
> NIS setup for testing purposes!
>
> I am now trying to get the samba integration working for the Windows
> machines on this network....what a royal PITA this is proving to be!!
>
> I can get the structure into the DB alright, and "finger" returns user
> information.....smbldap-useradd and smbldap-password work fine, and
> anonymous binds (when using smbclient -L <server>) work well too ...
> the trouble is that I cannot get authenticated logings via Samba to
> work - I am only trying on the command line for the time being..
>
> The relevant portion (I believe) from the server smb.conf file is:
>
> ######## LDAP authentication ########
> netbios name = cholet
> enable privileges = yes
> ldap passwd sync = Yes
>
> passdb backend = ldapsam:ldap://127.0.0.1
> ldap admin dn = cn=admin,dc=wimbledon
> ldap suffix = dc=wimbledon
> ldap group suffix = ou=Groups
> ldap user suffix = ou=People
> ldap machine suffix = ou=Computers
> #ldap ssl = start_tls
>
> ldap delete dn = Yes
>
> passwd program = /usr/sbin/smbldap-passwd -u " %u"
>
> add machine script = /usr/sbin/smbldap-useradd -w "%u"
> add user script = /usr/sbin/smbldap-useradd -m "%u"
> delete user script = /usr/sbin/smbldap-userdel "%u"
> add group script = /usr/sbin/smbldap-groupadd -p "%g"
> delete group script = /usr/sbin/smbldap-groupdel "%g"
> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"et
> primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
>
> Logins from both the PDC and other samba boxes fail with :
> session setup failed: NT_STATUS_LOGON_FAILURE
>
> I am using Sarge on an Intel box for the server - does anyone have a
> working installation of Samba/LDAP that could help iron these problems
> out...?
>
> Cheers,
>
>
>
> Pete.
>
>

Reply to:

Follow-Ups:
- Re: LDAP madness! [u]
  - From: "Pete Clarke" <pete@devilincarnate.eclipse.co.uk>
- Re: LDAP madness! - FIXED (I think)
  - From: "Pete Clarke" <pete@devilincarnate.eclipse.co.uk>

References:
- LDAP madness!
  - From: "Pete Clarke" <pete@devilincarnate.eclipse.co.uk>

Prev by Date: Re: Bandwidth Throttling for Firefox?
Next by Date: Re: Most directories locked read-only: unlocked!
Previous by thread: LDAP madness!
Next by thread: Re: LDAP madness! [u]
Index(es):
- Date
- Thread