Hey, I am totally confused/lost/confused getting this config working. I am trying to get samba to authenticate against LDAP. After reading a bunch of docs I generated the config at the end. When I run testparm against it I get: Load smb config files from /etc/samba/smb.conf Unknown parameter encountered: "ldap server" Ignoring unknown parameter "ldap server" and then the rest of my config file INCLUDING passdb backend = ldapsam:ldaps://accounts.iwu.edu I would suspect that LDAP support is not compiled in for this binary, except then testparm should complain a bit more about all my LDAP config settings, not just the ldap server setting. Furthermore, I am using Fedora's rpm, and I think that they would either offer a LDAP enabled rpm or enable it themselves - I cannot locate a rpm that states that it is LDAP enabled, so my guess is the former. I am using Samba version 3.0.9-1.fc3 for Fedora Core 3. Here is my config file. your thoughts? -------- [global] server string = %h (Samba %v) log file = /var/log/samba/log.%m log level = 5 max log size = 100 dns proxy = No socket options = IPTOS_LOWDELAY TCP_NODELAY security = user obey pam restrictions = Yes encrypt passwords = Yes default = homes load printers = No show add printer wizard = No max disk size = 300 invalid users = root @wheel @root wide links = No hide unreadable = Yes hide special files = Yes veto files = /,/proc,/dev,/sys,/etc,/boot,/lib,/home dont descend = /,/proc,/dev,/sys,/etc,/boot,/lib,/home ldap server = accounts.iwu.edu ldap admin dn = "cn=foo,ou=bar,dc=iwu,dc=edu" ldap suffix = dc=iwu,dc=edu ldap ssl = start tls ldap delete dn = No ldap filter = (&(uid=%u)(objectclass=sambaSamAccunt)) idmap backend = ldap:ldap://accounts.iwu.edu ldap user suffix = ou=foo ldap group suffix = ou=bar passdb backend = ldapsam:ldaps://accounts.iwu.edu ldap passwd sync = Yes [homes] comment = %S's Home Directory valid users = %S browseable = no read only = no ----------------------
>When I run testparm against it I get: >Load smb config files from /etc/samba/smb.conf >Unknown parameter encountered: "ldap server" >Ignoring unknown parameter "ldap server" > and then the rest of my config file INCLUDING >passdb backend = ldapsam:ldaps://accounts.iwu.edu > >Where exactly did you read that you needed an ldap server = directive? Make sure that your docs aren't for an old version of samba. I never used ldap with 2.2, but there may have been an option like that there. You can always use SWAT, naturally it will only give you directives that are valid for this version, of course the syntax is up to you, but there's help for that. The proper syntax for 3.0.x should be something like this for a non-SSL server: passdb backend = ldapsam:ldap://your.servers.fqdn To find out what your server was compiled with, use the following command: smbd -b grep for LDAP in that and you will get a good idea of what came in it. Fedora packages are LDAP ready by default. -- -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Systems Architect Fax: 701-281-1322 URL: www.ae-solutions.com mailto: pgienger@ae-solutions.com
Mathias.Wohlfarth@mw-eb.de
2004-Dec-03 22:05 UTC
Antwort: [Samba] ldap configuration oddity
1. try without ssl (tls) 2. the ldap structure must match the structure defined in smb.conf I loaded the following ldif file into the ldap server (ldapadd) to build the structure: --------------------- dn: o=smb,dc=wohlfarth,dc=home objectClass: organization o: smb dn: ou=groups,o=smb,dc=wohlfarth,dc=home objectClass: organizationalUnit ou: groups dn: ou=users,o=smb,dc=wohlfarth,dc=home objectClass: organizationalUnit ou: users dn: ou=machines,o=smb,dc=wohlfarth,dc=home objectClass: organizationalUnit ou: machines dn: ou=idmaps,o=smb,dc=wohlfarth,dc=home objectClass: organizationalUnit ou: idmaps ------------------------- The coresponding smb.conf definitions are: ------------------------- ldap suffix = o=smb,dc=wohlfarth,dc=com ldap group suffix = ou=groups ldap machine suffix = ou=machines ldap user suffix = ou=users ldap idmap suffix = ou=idmaps -------------------------- 3. You can use smbpasswd -a -D 256 <user> to add a user. samba must not be up and the debuging information is a good help. 4. I am using phpldapadmin (from sourceforge.net) to look into ldap - good tool! hope you get a step further regards Mathias Mathias Wohlfarth EDV-Beratung Thomas-Mann-Str.1 53111 Bonn Tel. 0172 / 53 45 591 01801 / 777 555 33 01 Fax 0228 / 9469181 Email mathias.wohlfarth@mw-eb.de "Patrick W. Riehecky" <prieheck@iwu.edu> Gesendet von: samba-bounces+mathias.wohlfarth=mw-eb.de@lists.samba.org 03.12.2004 18:14 An: samba@lists.samba.org Kopie: Thema: [Samba] ldap configuration oddity Hey, I am totally confused/lost/confused getting this config working. I am trying to get samba to authenticate against LDAP. After reading a bunch of docs I generated the config at the end. When I run testparm against it I get: Load smb config files from /etc/samba/smb.conf Unknown parameter encountered: "ldap server" Ignoring unknown parameter "ldap server" and then the rest of my config file INCLUDING passdb backend = ldapsam:ldaps://accounts.iwu.edu I would suspect that LDAP support is not compiled in for this binary, except then testparm should complain a bit more about all my LDAP config settings, not just the ldap server setting. Furthermore, I am using Fedora's rpm, and I think that they would either offer a LDAP enabled rpm or enable it themselves - I cannot locate a rpm that states that it is LDAP enabled, so my guess is the former. I am using Samba version 3.0.9-1.fc3 for Fedora Core 3. Here is my config file. your thoughts? -------- [global] server string = %h (Samba %v) log file = /var/log/samba/log.%m log level = 5 max log size = 100 dns proxy = No socket options = IPTOS_LOWDELAY TCP_NODELAY security = user obey pam restrictions = Yes encrypt passwords = Yes default = homes load printers = No show add printer wizard = No max disk size = 300 invalid users = root @wheel @root wide links = No hide unreadable = Yes hide special files = Yes veto files = /,/proc,/dev,/sys,/etc,/boot,/lib,/home dont descend = /,/proc,/dev,/sys,/etc,/boot,/lib,/home ldap server = accounts.iwu.edu ldap admin dn = "cn=foo,ou=bar,dc=iwu,dc=edu" ldap suffix = dc=iwu,dc=edu ldap ssl = start tls ldap delete dn = No ldap filter = (&(uid=%u)(objectclass=sambaSamAccunt)) idmap backend = ldap:ldap://accounts.iwu.edu ldap user suffix = ou=foo ldap group suffix = ou=bar passdb backend = ldapsam:ldaps://accounts.iwu.edu ldap passwd sync = Yes [homes] comment = %S's Home Directory valid users = %S browseable = no read only = no ---------------------- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba