Hi Alexander,
First of all, you do not need to make any configuration in your
slapd.conf, this is only if you want to run a LDAP server on your Samba
host.
If you want to use an Novell LDAP server you need to extend its LDAP
schema first, to support the ObjectClass'es and attributes that Samba
uses/need. You probably have to find a version of the schema file that
is compatible with your LDAP server, Novell's LDAP server does't like
the syntax of the standard samba.schema file.
Afterwards you probly need an LDAP-Editor to access the server to add
ObjectClass'es and attributes to user accounts you want to "Samba
enable".
Netware Administrator and ConsoleOne don't support those (yet).
Best regards
Erik Holst Trans
Alexander Varga wrote:> Hi
> I have a little problem with my ldap authorization of samba against Novel
LDAP server.
> This is the log output from the Novel Ldap server:
>
----------------------------------------------------------------------------------------------------
> New TCP connection 0xcb1e3980, monitor = 0x1bf, index = 2
> (0xcb1e3980:0x0001:0x60) DoBind on connection 0xcb1e3980
> (0xcb1e3980:0x0001:0x60) DoBind: name =
'cn=SAMBAuser,ou=SRV100,ou=Resources,o=USS', client version = 3, method
= 0x80
> (0xcb1e3980:0x0001:0x60) Sending operation result
0:"":"" to connection 0xcb1e3980
>
> ###############################
> ### Samba user is the one who can browse the NDS to search for existing
user ..he logged in successfully (0:"":"")
> ##############################
>
> (0xcb1e3980:0x0002:0x63) DoSearch on connection 0xcb1e3980
> (0xcb1e3980:0x0002:0x63) Search request:
> base: "o=USS"
> scope:2 derefence:0 sizelimit:0 timelimit:0 attrsonly:0
> filter: "(&(uid=AlexanderVarga)(objectclass=sambaAccount))
> ################################
> ###### After it he was searching the Directory structure for user
AlexanderVarga, but of a type ObjectClass=sambaAccount....
> ################################
> (0xcb1e3980:0x0002:0x63) attribute: "uid"
> (0xcb1e3980:0x0002:0x63) attribute: "uidNumber"
> (0xcb1e3980:0x0002:0x63) attribute: "gidNumber"
> (0xcb1e3980:0x0002:0x63) attribute: "homeDirectory"
> (0xcb1e3980:0x0002:0x63) attribute: "pwdLastSet"
> ...
> (0xcb1e3980:0x0002:0x63) Sending operation result
0:"":"" to connection 0xcb1e3980
> Monitor 0x1bf found connection 0xcb1e3980 socket closed, err = 57, 0 of 0
bytes read
> Monitor 0x1bf initiating close for connection 0xcb1e3980
> Server closing connection 0xcb1e3980, socket error = 57
>
> #############################
> ### of course he couldn't find it, because on the novel they have
defined ObjectClasses: user, group... so it cannot match and it closes
connection
> ############################
>
----------------------------------------------------------------------------
>
----------------------------------------------------------------------------
> here is my slapd.conf ... it doesnot work to start slapd, because he cannot
load ldbm database. I compiled everything and I not familiar in that manner with
this, , but Vecause I am just a client,maybe I dont need this.:
>
> include /usr/local/etc/openldap/schema/core.schema
> include /usr/local/etc/openldap/schema/cosine.schema
> include /usr/local/etc/openldap/schema/inetorgperson.schema
> include /usr/local/etc/openldap/schema/nis.schema
> include /usr/local/etc/openldap/schema/misc.schema
> include /usr/local/etc/openldap/schema/openldap.schema
> include /etc/ldap/samba.schema
> pidfile /usr/local/var/slapd.pid
> argsfile /usr/local/var/slapd.args
> database lbdm
> suffix "o=USS"
> rootdn "cn=SAMBAuser,ou=SRV100,ou=Resources,o=USS"
> rootpw secret
> directory /usr/local/samba/var/openldap-data
> index objectClass eq
> -------------------------------------------------------------------
> ----------------------------------------------------------------------
> here is my ldap.conf... the ldap_cachemgr is working properly... i hope so
:)
>
> BASE o=USS
> URI ldap://nv6test.nw.usske.sk:389
> HOST 10.5.3.177
> PORT 389
> ------------------------------------------------------------------------
> -----------------------------------------------------------------------
> here is my smb.conf
>
> [global]
> workgroup = Inf-ks
> netbios name = SUNV240
> passwd backend = ldapsam://10.5.3.177:389
> ldap admin dn="cn=SAMBAuser,ou=SRV100,ou=Resources,o=USS"
> ldap filter = (&(uid=%u) (o=USS))
> ldap suffix = "o=USS"
> ldap port = 389
> ldap server = 10.5.3.177
> [share1]
> path = /tmp
> ---------------------------------------------------------
> ---------------------------------------------------------
>
> inbetween i ran this
>
> ldapclient manual \
> -a profileName=profile-imb \
> -a domainName=o=USS \
> -a serviceSearchDescriptor=passwd:o=USS \
> -a serviceSearchDescriptor=group:o=USS \
> -a authenticationMethod=simple -a defaultSearchBase=o=USS \
> -a searchTimeLimit=60 -a profileTTL=3600 \
> -a credentialLevel=proxy \
> -a proxyDN=cn=SAMBAuser,OU=SRV100,OU=Resources,O=USS \
> -a proxyPassword=mypassword \
> 10.5.3.177
> System successfully configured
>
> smbpasswd -w mypassword
> Setting stored password for
"cn=SAMBAuser,ou=SRV100,ou=Resources,o=USS" in secrets.tdb
>
> the sambauser is in the tree OU=SRV100,OU=Resources,O=USS
> and the users have to be searched in the whole o=USS
> ... the problem is this time that, he wants always to search for a user of
an objectclass SambaAccount, which in the LDAP server doesn;t exist.
>
> please help , to solve this
> Alexander
> -----------------------------------
> at last here is the smaba.schema:
>
> attributetype ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword'
> DESC 'LanManager Password'
> EQUALITY caseIgnoreIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
> attributetype ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword'
> DESC 'MD4 hash of the unicode password'
> EQUALITY caseIgnoreIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
> attributetype ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags'
> DESC 'Account Flags'
> EQUALITY caseIgnoreIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
> attributetype ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet'
> DESC 'Timestamp of the last password update'
> EQUALITY integerMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
> attributetype ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange'
> DESC 'Timestamp of when the user is allowed to update the
password'
> EQUALITY integerMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
> attributetype ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange'
> DESC 'Timestamp of when the password will expire'
> EQUALITY integerMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
> attributetype ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime'
> DESC 'Timestamp of last logon'
> EQUALITY integerMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
> attributetype ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime'
> DESC 'Timestamp of last logoff'
> EQUALITY integerMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
> attributetype ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime'
> DESC 'Timestamp of when the user will be logged off
automatically'
> EQUALITY integerMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
> attributetype ( 1.3.6.1.4.1.7165.2.1.48 NAME
'sambaBadPasswordCount'
> DESC 'Bad password attempt count'
> EQUALITY integerMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
> attributetype ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime'
> DESC 'Time of the last bad password attempt'
> EQUALITY integerMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
> attributetype ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive'
> DESC 'Driver letter of home directory mapping'
> EQUALITY caseIgnoreIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
> attributetype ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript'
> DESC 'Logon script path'
> EQUALITY caseIgnoreMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
> attributetype ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath'
> DESC 'Roaming profile path'
> EQUALITY caseIgnoreMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
> attributetype ( 1.3.6.1.4.1.7165.2.1.36 NAME
'sambaUserWorkstations'
> DESC 'List of user workstations the user is allowed to logon
to'
> EQUALITY caseIgnoreMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
> attributetype ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath'
> DESC 'Home directory UNC path'
> EQUALITY caseIgnoreMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
> attributetype ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName'
> DESC 'Windows NT domain to which the user belongs'
> EQUALITY caseIgnoreMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
> attributetype ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial'
> DESC ''
> EQUALITY caseExactMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
> attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID'
> DESC 'Security ID'
> EQUALITY caseIgnoreIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
> attributetype ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID'
> DESC 'Primary Group Security ID'
> EQUALITY caseIgnoreIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
> attributetype ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList'
> DESC 'Security ID List'
> EQUALITY caseIgnoreIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
> attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType'
> DESC 'NT Group Type'
> EQUALITY integerMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
> attributetype ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid'
> DESC 'Next NT rid to give our for users'
> EQUALITY integerMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
> attributetype ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid'
> DESC 'Next NT rid to give out for groups'
> EQUALITY integerMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
> attributetype ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid'
> DESC 'Next NT rid to give out for anything'
> EQUALITY integerMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
> attributetype ( 1.3.6.1.4.1.7165.2.1.40 NAME
'sambaAlgorithmicRidBase'
> DESC 'Base at which the samba RID generation algorithm should
operate'
> EQUALITY integerMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
> objectclass ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top
AUXILIARY
> DESC 'Samba 3.0 Auxilary SAM Account'
> MUST ( uid $ sambaSID )
> MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $
> sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $
> sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $
> displayName $ sambaHomePath $ sambaHomeDrive $
sambaLogonScript $
> sambaProfilePath $ description $ sambaUserWorkstations $
> sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $
> sambaBadPasswordCount $ sambaBadPasswordTime))
> objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP
top AUXILIARY
> DESC 'Samba Group Mapping'
> MUST ( gidNumber $ sambaSID $ sambaGroupType )
> MAY ( displayName $ description $ sambaSIDList ))
> objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top
STRUCTURAL
> DESC 'Samba Domain Information'
> MUST ( sambaDomainName $
> sambaSID )
> MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $
> sambaAlgorithmicRidBase ) )
> objectclass ( 1.3.6.1.4.1.7165.1.2.2.7 NAME 'sambaUnixIdPool' SUP
top AUXILIARY
> DESC 'Pool for allocating UNIX uids/gids'
> MUST ( uidNumber $ gidNumber ) )
> objectclass ( 1.3.6.1.4.1.7165.1.2.2.8 NAME 'sambaIdmapEntry' SUP
top AUXILIARY
> DESC 'Mapping from a SID to an ID'
> MUST ( sambaSID )
> MAY ( uidNumber $ gidNumber ) )
> objectclass ( 1.3.6.1.4.1.7165.1.2.2.9 NAME 'sambaSidEntry' SUP top
STRUCTURAL
> DESC 'Structural Class for a SID'
> MUST ( sambaSID ) )