thr3ads.net - samba - [Samba] Samba LDAP PDC help

If this information is useful, please help other people find it:
Share via:

George Farris

2002-Mar-28 08:36 UTC

[Samba] Samba LDAP PDC help - can't login.

I have followed the samba ldap pdc howto and am able to login and have
ldap authenticate shell accounts via the console and ssh.  However, when
I try to login via smbclient or a Windows 98 machine it won't
authenticate.  The ldap search actually ends up looking for a UID with
the domain included.  Log file shows thus:

daemon: conn=0 fd=9 connection from IP=127.0.0.1:1214 (IP=0.0.0.0:34049)
accepted.
conn=0 op=0 BIND dn="" method=128
ber_flush: 14 bytes to sd 9
deferring operation
conn=0 op=0 RESULT tag=97 err=0 textconn=0 op=1 SRCH
base="dc=cc,dc=mala,dc=bc,dc=ca" scope=2
filter="(&(objectClass=posixAccount)(uid=APOLLO\5CGEORGE))"
ber_flush: 14 bytes to sd 9
conn=0 op=1 SEARCH RESULT tag=101 err=0 text
Shouldn't the objectClass be sambaAccount not posixAccount?
Shouldn't the uid = george and not apollo\5cgeorge?

Apollo is the domain.

I actually tried to set the ldap filter in smb.conf like so:
ldap filter = "(&(uid=%u)(objectclass=sambaAccount))"
This didn't help.

Can anyone shed any light on what may be wrong?

-- 
=================================================================George Farris		
Computer Support Cowichan
farrisg@mala.bc.ca                    Malaspina University-College

A conclusion is simply the place where you got tired of thinking.
                           
------- Electronic Frontier Foundation  http://www.eff.org -------

Andrew Bartlett

2002-Mar-28 14:47 UTC

head link

[Samba] Samba LDAP PDC help - can't login.

George Farris wrote:> 
> I have followed the samba ldap pdc howto and am able to login and have
> ldap authenticate shell accounts via the console and ssh.  However, when
> I try to login via smbclient or a Windows 98 machine it won't
> authenticate.  The ldap search actually ends up looking for a UID with
> the domain included.  Log file shows thus:
> 
> daemon: conn=0 fd=9 connection from IP=127.0.0.1:1214 (IP=0.0.0.0:34049)
> accepted.
> conn=0 op=0 BIND dn="" method=128
> ber_flush: 14 bytes to sd 9
> deferring operation
> conn=0 op=0 RESULT tag=97 err=0 text> conn=0 op=1 SRCH
base="dc=cc,dc=mala,dc=bc,dc=ca" scope=2
> filter="(&(objectClass=posixAccount)(uid=APOLLO\5CGEORGE))"
> ber_flush: 14 bytes to sd 9
> conn=0 op=1 SEARCH RESULT tag=101 err=0 text> 
> Shouldn't the objectClass be sambaAccount not posixAccount?
> Shouldn't the uid = george and not apollo\5cgeorge?
This is the search that samba makes via nss_ldap (hence the
posixAccount) when attempting to find usernames in the form
domain\username.  If this doesn't exist, then it tries 'username'. 
This
isn't the cause of your problems.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

samba - Mar 2002 - Samba LDAP PDC help - can't login.

[Samba] Samba LDAP PDC help - can't login.

[Samba] Samba LDAP PDC help - can't login.