Hi, I have succesfully setup a Samba server with OpenLDAP authentication. I also managed to authenticate against groups in my LDAP tree, so far so good. The only problem is that whenever I add or remove an entry from the LDAP group, samba doesn't see that immediately. When I restart the samba daemon, it does pick up the change in the LDAP group. Can anybody tell me how I can refresh the authentication, without restarting the daemon? I am using samba version 3.0.28-1.el5_2.1 on CentOS release 5.2 (Final) and OpenLDAP version 2.3.27. My samba config: [global] netbios name = SAMBA server string = %h workgroup = DOMAIN.TLD security = user encrypt passwords = true ldap passwd sync = yes passdb backend = ldapsam:ldap://ldap.domain.tld ldap admin dn = cn=root,ou=hasselt.be,o=hasselt,c=be ldap suffix = o=hasselt,c=be ldap group suffix = ou=groups ldap user suffix = ou=hasselt.be enable privileges = yes domain logons = yes domain master = yes local master = yes preferred master = yes os level = 65 socket options = TCP_NODELAY case sensitive = no default case = lower preserve case = yes short preserve case = yes dns proxy = no printcap name = /etc/printcap log level = 2 log file = /var/log/samba/%m.log max log size = 50 nt acl support = Yes create mask = 0644 directory mask = 0755 level2 oplocks = True ... My slapd.conf: include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/qmail.schema include /etc/openldap/schema/samba.schema allow bind_v2 pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt TLSCertificateFile /etc/pki/tls/certs/slapd.pem TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem database bdb ... directory /var/lib/ldap index objectClass eq index uid eq index cn eq,pres index sn eq,pres,sub index mail eq,pres index mailAlternateAddress eq,pres index memberUid eq,pres index displayName eq,pres lastmod on ... sizelimit 2000 timelimit 2000 my DB_CONFIG: set_cachesize 0 268435456 1 set_lg_regionmax 262144 set_lg_bsize 2097152 Thanks Arthur
On Mon, 2009-03-09 at 19:32 +0100, Arthur Odekerken wrote:> I have succesfully setup a Samba server with OpenLDAP authentication. > I also managed to authenticate against groups in my LDAP tree, so far so > good. > The only problem is that whenever I add or remove an entry from the LDAP > group, samba doesn't see that immediately. When I restart the samba daemon, > it does pick up the change in the LDAP group. > Can anybody tell me how I can refresh the authentication, without restarting > the daemon? > I am using samba version 3.0.28-1.el5_2.1 on CentOS release 5.2 (Final) and > OpenLDAP version 2.3.27.Try - (a) enable ldapsam trusted = yes if you meet the requirements [see documentation] (b) disable the nscd service -- OpenGroupware developer: awilliam@whitemice.org <http://whitemiceconsulting.blogspot.com/>
Hi, nscd wasn't running on my machine. After setting the option ldapsam:trusted = yes smbd doesn"t start any longer I get the following error in /var/log/smbd.log: [2009/03/09 22:01:31, 0] smbd/server.c:main(1063) ERROR: failed to setup guest info. I did add a nobody account & group to my LDAP database with the following DN's: cn: nobody uid: nobody uidNumber: 999 gidNumber: 65533 homeDirectory: /dev/null loginShell: /bin/false gecos: samba guest domain account description: samba guest domain account objectClass: posixAccount objectClass: sambaSamAccount objectClass: inetOrgPerson objectClass: shadowAccount objectClass: organizationalPerson objectClass: top objectClass: person sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaAcctFlags: [NU ] sambaPrimaryGroupSID: S-1-0-0 sn: nobody sambaSID: S-1-5-21-2084689211-3812089025-2812341184-501 sambaDomainName: DOMAIN.TLD objectClass: posixGroup objectClass: sambaGroupMapping cn: nobody sambaGroupType: 2 displayName: nobody gidNumber: 65533 sambaSID: S-1-0-0 memberUid: nobody description: Domain Unix group What am I doing wrong? Thanks, Arthur
> After setting the option ldapsam:trusted = yes smbd doesn"t start any > longer > I get the following error in /var/log/smbd.log: > > [2009/03/09 22:01:31, 0] smbd/server.c:main(1063) > ERROR: failed to setup guest info. >Group mapping? "Domain Guests" is a required group, along with "Domain Users" and "Domain Administrators".