samba - Mar 2000 - samba and ldap

I have successfully setup samba (2.0.6 on redhat 6.1) to authenticate
users and get all user account information (home dir etc) from an ldap
server (openldap 1.2.7 on freebsd3.4) with win95/98 clients using
nss_ldap/pam_ldap and plaintext passwords.
I would like to use the same setup with client-side encryption ie.
between client (win98) and samba server, but have been unable to.
My question is can it be done (I wish to have all user information on
the ldap server) and if so can someone point me in the right direction.

Thanks
foster

Please let me know if someone else tells you otherwise...

But, AFAIK, it can't be done.  I believe LDAP won't be able to
authenticate using an encryption scheme...  Same goes for using any
other password db (ie, /etc/shadow).

My .02...

foster hayward wrote:
> 
> I have successfully setup samba (2.0.6 on redhat 6.1) to authenticate
> users and get all user account information (home dir etc) from an ldap
> server (openldap 1.2.7 on freebsd3.4) with win95/98 clients using
> nss_ldap/pam_ldap and plaintext passwords.
> I would like to use the same setup with client-side encryption ie.
> between client (win98) and samba server, but have been unable to.
> My question is can it be done (I wish to have all user information on
> the ldap server) and if so can someone point me in the right direction.
> 
> Thanks
> foster
-------------- next part --------------
A non-text attachment was scrubbed...
Name: stella.vcf
Type: text/x-vcard
Size: 325 bytes
Desc: Card for Ricardo Stella
Url :
http://lists.samba.org/archive/samba/attachments/20000314/9d309359/stella.vcf

Hello,

I was wondering whether there's any support for LDAP in Samba.
I know that you can compile your Samba-server with (-- with-ldap) but
what exactly does this mean. 
For example, is it possible to save Samba-information in an LDAP-database?

If someone has any idea or information, 
feel free to let me know

Werner Maes
KULeuven

Hi there,

First off, great work with Samba - I've been using it for a few years now,
and I think it's absolutely fantastic :)

Now, onto the purpose of this mail..

I'm currently working on a project to integrate (to a degree) OpenLDAP,
OpenSSL, Kerberos, Exim and Samba in order to provide a free alternative
to Microsoft's Active Directory. While on the face of it, this may appear
to be a massive project, it's not nearly as tricky as one would think
(thank goodness!).

My question concerns Samba's user authentication.

While it's quite possible to have a script (or something equivalent) that
generates /etc/smbusers, /etc/smbpasswd, and so forth, from an LDAP
database, I was wondering if there were any patches that you guys know of
that allow the Samba server to interface directly with the LDAP server,
grabbing the appropriate information from the "account" object
directly?

If not, I'll probably have to sit and write all this stuff myself, but if
something along those lines already exists, it'd make my life a helluva
lot easier :)

Thanks in advance for any help/pointers/etc.

Regards,

Mo.

-- 
Mo McKinlay             Chief Software Architect         inter/open Labs
mmckinlay (at) gnu.org                                http://www.gnu.org

Please do keep us posted.  I am very interested in this as well.  I am
anxious to see the outcome of the TNG branche's LDAP code.

Dan
----- Original Message -----
From: Mo McKinlay <mmckinlay@gnu.org>
To: Daniell Freed <dxf@dewittross.com>
Cc: Multiple recipients of list SAMBA <samba@samba.org>
Sent: Sunday, June 18, 2000 12:22 PM
Subject: Re: Samba and LDAP

>
> # You should take a look at this link:
> # http://www.unav.es/cti/ldap-smb-howto.html
> #
> # It goes into sufficient detail on how to use the integrated ldap stuff
with
> # samba.
>
> Excellent! Thank you very much - this makes my life considerably easier :)
>
> Now I all I need to worry about is the unified build and configuration
> scripts *urgh*.
>
> I'll keep you guys posted if I get anywhere with this - as a free
> alternative to MS Active Directory, it's starting to look extremely
> promising.
>
> Thanks again,
>
> Mo.
>
> --
> Mo McKinlay             Chief Software Architect         inter/open Labs
> mmckinlay (at) gnu.org                                http://www.gnu.org
>
>
>

> While it's quite possible to have a script (or 
> something equivalent) that generates /etc/smbusers, 
> /etc/smbpasswd, and so forth, from an LDAP database, I 
> was wondering if there were any patches that you guys know of
> that allow the Samba server to interface directly with the 
> LDAP server, grabbing the appropriate information from 
> the "account" object directly?
I'm working on it for 2.2.0.  Stay in touch with me directly
if you want details.  Hopefully will get back on it later 
this week.







jerry
----------------------------------------------------------------------
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com  VA Linux Systems    gcarter@valinux.com
       http://www.samba.org       SAMBA Team           jerry@samba.org
       http://www.eng.auburn.edu/~cartegw

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )

Hello,

I wanted to compile samba 2.0.7 with ldap on RH6.2 but this seems not to
work. Does Samba 2.0.7 support LDAP ? If not, does an older version of
samba support LDAP ?

Compiling Samba with the --with-pam option works fine. How do you then
configure the smb.conf and the samba file in the pam.d directory ?
(pam_ldap is installed).

If anybody could help.

Fabrice.

The 2.0.7 code does not support ldap.

The alpha versions do....

-- Jody

fabrice.garcin@vendome.com [fabrice.garcin@vendome.com]
wrote:
> Hello,
> 
> I wanted to compile samba 2.0.7 with ldap on RH6.2 but this seems not to
> work. Does Samba 2.0.7 support LDAP ? If not, does an older version of
> samba support LDAP ?
> 
> Compiling Samba with the --with-pam option works fine. How do you then
> configure the smb.conf and the samba file in the pam.d directory ?
> (pam_ldap is installed).
> 
> If anybody could help.
> 
> Fabrice.
> 
-- 
          Jody Haynes
----------------------------------------
iSun Networks, Inc.
Email:    Jody.Haynes@isunnetworks.com
Website:  www.isunnetworks.com
----------------------------------------

Hello;

I'm using openLDAP 1.2.11 and Samba 2.1.0-prealpha on RedHat 6.1.

I have had the following problems with getting things off the ground:

When I run smbclient -U% -L localhost

I get the following preamble to the status report (which seems ok by all 
accounts, well except for the preamble):

Unknown parameter encountered: "ldap suffix"
Ignoring unknown parameter "ldap suffix"
Unknown parameter encountered: "ldap bind as"
Ignoring unknown parameter "ldap bind as"
Unknown parameter encountered: "ldap passwd file"
Ignoring unknown parameter "ldap passwd file"
Unknown parameter encountered: "ldap server"
Ignoring unknown parameter "ldap server"
Unknown parameter encountered: "ldap port"
Ignoring unknown parameter "ldap port"

The next problem I get is with smbpasswd, when I try and run it I get:

cli_connect_serverlist: Domain password server not available.
Segmentation fault (core dumped)

I have compiled samba with the --with-ldap option and I setup openLDAP and 
the smb.conf file using the document:
Samba-PDC LDAP howto from Ignacio Coupeau

Anyone have any ideas where I could have gone wrong?

Many Thanks
  Chris

_____________________________________________________________________________________
Get more from the Web.  FREE MSN Explorer download : http://explorer.msn.com

Hi,

I've configured Samba to use LDAP.
It works with openldap but not with a microsoft active directory.

When looking at debugging information, i can see that the connection to
AD
is ok but then, at the first research, it blocks during about 30s and 
finishes with the error : Can't contact the ldap server ( although the
connection was
ok ).

I have tried with Samba 2.2.2, Samba 2.2.2_HEAD and with the last Samba
3.0_HEAD.
It does the same thing.

Any idea what it can't do a research in Active Directory ?

On my system, i use nss_ldap and pam_ldap and there is no problem with
communication with the active directory server.





Michenaud Laurent
- Adeuza -
[ D?veloppeur Web - Administrateur R?seau ]

Jethran,

Re your msg to samba groups.

I have just completed the exercise you mention. I have used samba 2.2.5
(latest) and openldap 2.0.23.

The software is running on a RedHat Linux 7.3 box and it all works v.
nicely. I have configured LDAP for local authentication for ssh, pop, imap
and samba. I initially used the migration scripts from padl.com - but only
for an initial understanding. I have since designed a schema that better
suits authentication of above.

With regard to installation, I used rpm's but had to recompile the samba rpm
to build in ldap support.

I have made documentation notes as I've gone along and would be happy to
share, but to be honest, most of the information is already out there. The
only thing I struggled with was deciding upon an ldap schema - ensuring the
system would be future proof in terms of software upgrades and real-world
company changes.

Regards,
Chris

Chris Andrew
Oxspring Network Solutions Limited
Tel: +44 (0)1226 761188
Fax: +44 (0)1226 761199

Email: candrew@oxspring.com
Web: www.oxspring.com

Hello.

I'm running samba-suse 2.2.5-64 on SuSe Linux 8.0 with OpenLDAP2-2.0.23-53.
I have a samba PDC storing its password information in LDAP. I'm also using
the following pam modules: pam_ldap and nss_ldap. As long as I run Samba and
LDAP on the same server, I can authenticate fine from a Nt workstation. The
problem comes when I bring up another samba member server or samba PDC on
another Linux box, I can't seem to authenticate. The smb.conf file has the
required parameters pointing to ldap server. The log show that smb_pass_check
failed to authenticate on the ldap server. Could someone please help.

Thank you

Seema

in your smb.conf file on the member server you should have

security = server
password server = PDC
encrypted passwords = yes

You shouldn't have any ldap stuff in your member server smb.conf file

You will need nss_ldap and config nsswitch.conf on the member server if you want
users to access files

Cheers

-------------
Kristyan Osborne IT Technician
Longhill High School
01273 391672

------
Computers are like airconditioners: They stop working properly if you open
windows.
Win95:       A 32-bit patch for a 16-bit GUI shell running on top of an
             8-bit operating system written for a 4-bit processor by a
             2-bit company who cannot stand 1 bit of competition.


-----Original Message-----
From: Seema Verma [mailto:Seema.Verma@pwgsc.gc.ca]
Sent: 10 September 2002 17:08
To: samba@lists.samba.org
Subject: [Samba] Samba and LDAP


Hello.

I'm running samba-suse 2.2.5-64 on SuSe Linux 8.0 with OpenLDAP2-2.0.23-53.
I have a samba PDC storing its password information in LDAP. I'm also using
the following pam modules: pam_ldap and nss_ldap. As long as I run Samba and
LDAP on the same server, I can authenticate fine from a Nt workstation. The
problem comes when I bring up another samba member server or samba PDC on
another Linux box, I can't seem to authenticate. The smb.conf file has the
required parameters pointing to ldap server. The log show that smb_pass_check
failed to authenticate on the ldap server. Could someone please help.

Thank you

Seema 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.384 / Virus Database: 216 - Release Date: 21/08/2002
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.384 / Virus Database: 216 - Release Date: 21/08/2002

Following is my setup :

Samba server 1 is configured as a PDC and is running ldap, from a nt wkst I can
login to my shares fine. Following are the config files :

[global]
	workgroup = mydomain
	netbios name = Xena
	server string = Xena Samba Server
	unix extensions = yes
	encrypt passwords = Yes
	null passwords = Yes
	socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
allow trusted domains = Yes
os level = 255
domain master = Yes
preferred master = Yes
unix password sync = Yes
domain logons = Yes
local master = Yes
security = user
dns proxy = No

# Samba - LDAP

ldap suffix = dc=PWGSC,dc=GC
ldap admin dn = cn=root,ou=Users,dc=PWGSC,dc=GC
ldap port = 389
ldap server = 127.0.0.1
ldap ssl = No

Have the usual commands in slapd.conf and ldap.conf. Till now everything works
fine. I want to have another samba server as a say member server. I joined the
above domain and had the following smb.conf file.

[global]
 ldap suffix = dc=PWGSC,dc=GC
 ldap admin dn = cn=root,ou=Users,dc=PWGSC,dc=GC
 ldap port = 389
 ldap server = 172.16.140.190
 ldap ssl = No

	workgroup = mydomain
	netbios name = andromeda
	server string = Andromeda Samba Server
      security = user
      password server = 172.16.140.190
      encrypt passwords = Yes
      null passwords = Yes

Hello everyone.

Well, I have a couple of questions regardind samba and LDAP. 
I am currently working on a project to setup a PDC running Samba and LDAP.

What I am trying to understand is the best way to go about installing this.
(The server will be running RH 7.3).

I could go the route via RPM, but I like using the source as it gives me
more flexability in what I can compile. However, there are a few things
that I do like about RPM's when they are installed. For instance, making
the /etc/samba directory as well as a start/stop script in /etc/init.d/smb.

First question: Obviously, I can put the config files in /etc/samba by
specifincg during compile: sysconfdir=/etc
Now, how can I use a init script to stop and start samba this way? (Or is
this off subject here)

Moving along. Does anyone have suggestions on how to implement this? For
example, should I use LDAP for authentication? Or should I use samba for
authentication, but use LDAP to hold the information? Like I said, i'm
fairly new to this.

Please feel free to share any comments. I do appreciate it.

VanGogh

--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .

Hey guys,

After having got ACL and Samba working I'm now onto getting LDAP support 
running as well. I've compiled my Samba 3 with --with-ldap, (I'm
actually
compiling it as an RPM as it needs to go on a RedHat machine this time)

The include/config.h shows that LDAP successfully compiled but when I come to 
setting up LDAP in smb.conf testparm gives the following:

	Unknown parameter encountered: "ldap bind as"
	Ignoring unknown parameter "ldap bind as"
	Unknown parameter encountered: "ldap passwd file"
	Ignoring unknown parameter "ldap passwd file"
	Unknown parameter encountered: "ldap server"
	Ignoring unknown parameter "ldap server"
	Unknown parameter encountered: "ldap scope"
	Ignoring unknown parameter "ldap scope"

Which is odd considering that they are in the smb.conf man page as part of the 
new experimental LDAP. So I ran "testparm -s /dev/null -v | grep ldap"
and
got hte follow:

	ldap suffix         ldap machine suffix         ldap user suffix         ldap
filter = (uid=%u)
        ldap admin dn         ldap ssl         ldap passwd sync = no
        ldap trust ids = No
        ldap delete dn = No

So there is some LDAP stuff in the samba compile I did just not the main stuff 
like what server I'm going to use and the password etc etc.

Any ideas people, or have I forgotten a compile switch??

Regards,

Matt