Robert.Becker@motoristsgroup.com
2005-Oct-26 12:40 UTC
[Samba] Problems with LDAP authentication backend.
Hello.
I am attempting to integrate Samba into our LDAP authentication and am
running into a few problems. First, here is my current configuration:
[global]
netbios name = SYSLOGSERVER
workgroup=MOTOGROUP
security = user
encrypt passwords = yes
ldap admin dn = cn=Administrator,dc=motogroup,dc=com
passdb backend = ldapsam:ldap://10.100.23.102/
ldap delete dn = no
ldap user suffix = ou=people
ldap group suffix = ou=group
ldap machine suffix = ou=Computers
ldap suffix = dc=motogroup,dc=com
log level = 3
syslog = 2
[eams]
path = /syslog/eams
Either I do not understand how Samba impliments LDAP or there is something
wrong with my setup. My LDAP implimentation is as follows. The main LDAP
suffix is dc=motogroup,dc=com and there are OU's of people and group under
there.
Now, Samba is able to connect to the LDAP server, but it is not looking in
the right place for the user accounts. If I attempt to run pdbedit -L I
get the following:
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SYSLOGSERVER))]
smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SYSLOGSERVER))]
smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
ldapsam_setsampwent: 0 entries in the base!
What I see there is Samba is in SamaDomainName=SYSLOGSERVER for the user
accounts. Since the accounts are not stored under that OU it isn't finding
anything. I attempted to copy the OU=people and the OU=group to
SamaDomainName=SYSLOGSERVER but it still fails.
Anyone have any ideas why Samba is not finding the accounts?
Thanks a bunch.
-Rob Becker
**********************************************************************
The information contained in this message is confidential and is
intended for the addressee(s) only. If you have received this message in error
or there are any problems please notify the originator immediately. The
unauthorized use, disclosure, copying or alteration of this message is strictly
forbidden. Motorists Insurance Group will not be liable for direct, special,
indirect or consequential damages arising from the alteration of the contents of
this message by a third party or as a result of any virus being passed on.
**********************************************************************
Robert.Becker@motoristsgroup.com wrote: Either I do not understand how Samba impliments LDAP or there is something> wrong with my setup. My LDAP implimentation is as follows. The main LDAP > suffix is dc=motogroup,dc=com and there are OU's of people and group under > there. > > Now, Samba is able to connect to the LDAP server, but it is not looking in > the right place for the user accounts. If I attempt to run pdbedit -L I > get the following: > Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SYSLOGSERVER))] > smbldap_open_connection: connection opened > ldap_connect_system: succesful connection to the LDAP server > Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SYSLOGSERVER))] > smbldap_open_connection: connection opened > ldap_connect_system: succesful connection to the LDAP server > ldapsam_setsampwent: 0 entries in the base! > > What I see there is Samba is in SamaDomainName=SYSLOGSERVER for the user > accounts. Since the accounts are not stored under that OU it isn't finding > anything. I attempted to copy the OU=people and the OU=group to > SamaDomainName=SYSLOGSERVER but it still fails.It's not looking for users here but for the entry with domain specific information (domsid, ...). AFAIK you need to give samba write access to "ldap suffix" (temporarily?) to create this entry.> > Anyone have any ideas why Samba is not finding the accounts?Maybe you missed to setup nss_ldap on your server to fetch the unix part from ldap? hth Paul