I think I'm almost there getting Samba (3.4.9-60) to authenticate against
FDS (1.2.6.1) but I'm at a loss to get over this last hurdle.? Total LDAP
newbie here so nothing about any of this is obvious to me right now.
I've been using http://directory.fedoraproject.org/wiki/Howto:Samba as a
guide.? I've configured FDS and put in groups and users.? AFAIK I've
configured Samba to use FDS to authenticate users.? After some bumps with DHCP
and DNS and other nitpicky issues I got my WinXP Pro to talk to Samba, but
it's not not authenticating users.
WinXP is spitting out the following: "The network path was not found."
When I try to add an existing local user I get the following:
$ sudo smbpasswd homeadmin
Failed to issue the StartTLS instruction: Can't contact LDAP server
Connection to LDAP server failed for the 1 try!
Failed to issue the StartTLS instruction: Can't contact LDAP server
Connection to LDAP server failed for the 2 try!
Failed to issue the StartTLS instruction: Can't contact LDAP server
Connection to LDAP server failed for the 3 try!
<snip>
I created a self-signed cert for FDS, registered it and restarted the service
but it doesn't seem like it's had any effect.
My global section is as follows:
[global]
??????? large readwrite = yes
??????? display charset = LOCALE
??????? time server = yes
??????? veto files = /*.nws/riched20.dll/*.{*}/
??????? netbios name = home
??????? cups options = raw
??????? printing = cups
??????? dos charset = CP850
??????? local master = yes
??????? workgroup = HOME
??????? os level = 33
??????? auto services = global netlogon
??????? ldap admin dn = "cn=admin,dc=home"
??????? printcap name = cups
??????? security = user
??????? max log size = 150
??????? log level = 0
??????? log file = /var/log/samba/%m.log
??????? load printers = yes
??????? guest account = nobody
??????? ldap user suffix = ou=People
??????? socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
??????? logon drive = H:
??????? domain master = yes
??????? map to guest = Bad User
??????? encrypt passwords = yes
??????? winbind use default domain = no
??????? printer admin = root, @ntadmin, administrator
??????? template shell = /bin/bash
??????? wins support = true
??????? unix extensions = no
??????? username map script = /usr/share/hda-platform/hda-usermap
??????? ldapsam:trusted = yes
??????? ldap group suffix = ou=Groups
??????? server string = home
??????? wide links = yes
??????? ldap machine suffix = ou=Computers
??????? ldap suffix = dc=home
??????? ldap idmap suffix = ou=Idmap
??????? ldap admin dn = cn=admin,dc=home
??????? idmap backend = ldap://127.0.0.1
??????? idmap uid = 10000-20000
??????? idmap gid = 10000-20000
??????? logon path = \\%L\profiles\%U
??????? unix charset = UTF8
??????? domain logons = yes
??????? passdb backend = ldapsam:ldap://home
??????? ldap ssl = start_tls
??????? add user script = /usr/sbin/smbldap-useradd -m '%U'
??????? delete user script = /usr/sbin/smbldap-userdel '%U'
??????? add group script = /usr/sbin/smbldap-groupadd -p '%G'
??????? delete group script = /usr/sbin/smbldap-groupdel '%G'
??????? add user to group script = /usr/sbin/smbldap-groupmod -m '%G'
'%U'
??????? delete user from group script = /usr/sbin/smbldap-groupmod -x
'%G' '%U'
??????? set primary group script = /usr/sbin/smbldap-usermod -g '%G'
'%U'
??????? add machine script = /usr/sbin/smbldap-useradd -w '%U'
Thanks in advance for any useful help...
If you type "Google" into Google, you can break the Internet. -- Jen
Barber
