Hi there.
I had configured OpenLDAP, NSS and PAM over RedHat 7.3
for Linux authentication, and they work pretty well.
Recently, I downloaded Samba 2.2.7a source code and
configured it for LDAP access (--with-ldapsam). I also
configured it as a domain logon for Win98
authentication and file server. It had looked to be
working well, but after some tests, I noticed Samba is
ignoring LDAP data. Please, take a look on the
following for an example. That is a fragment of samba
debug (smbd -i -d 5):
ldap_open_connection: starting...
StartTLS issued: using a TLS connection
ldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP
server
ldap_search_one_user: searching
for:[(&(uid=lfogel)(objectclass=sambaAccount))]
get_single_attribute: [uid] = [lfogel]
Entry found for user: lfogel
get_single_attribute: [pwdLastSet] = [1043443975]
get_single_attribute: [logonTime] = [0]
get_single_attribute: [logoffTime] = [2147483647]
get_single_attribute: [kickoffTime] = [2147483647]
get_single_attribute: [pwdCanChange] = [0]
get_single_attribute: [pwdMustChange] = [2147483647]
get_single_attribute: [cn] = [lfogel]
get_single_attribute: [homeDrive] = [<does not exist>]
get_single_attribute: [smbHome] = [<does not exist>]
get_single_attribute: [scriptPath] = [lfogel.bat]
get_single_attribute: [profilePath] = [<does not
exist>]
get_single_attribute: [description] = [Leonardo Fogel]
...
As one can see, Samba is connecting to LDAP and
loading the user information. However, Win98 was not
running the script "lfogel.bat". If I set the smb.conf
parameter "logon script = %U.bat", Win98 will load and
run "lfogel.bat". But, if I set "logon script %U1.bat" (or
comment it), Win98 will NOT run
anything. (Of course, "lfogel1.bat" does not exist.)
I also look at the Samba source code in order to find
out what could be my mistake. It looks that the
function "pass_check_smb" in "smbd/password.c" manages
the access to LDAP. The function declares "SAM_ACCOUNT
*sampass = NULL", initializes it
(pdb_init_sam(&sampass)), loads LDAP attributes
(pdb_getsampwnam(sampass, user)), checks the passwords
(smb_password_ok(sampass, ...)) and finally discards
everything (pdb_free_sam(sampass)).
So, it looks like Samba 2.2.7a ignores all LDAP
attributes after authentication succeeds.
Please, if someone can figure out what the problem is,
let me know.
Thanks and regards.
_______________________________________________________________________
Busca Yahoo!
O servi?o de busca mais completo da Internet. O que voc? pensar o Yahoo!
encontra.
http://br.busca.yahoo.com/