samba - Jan 2008 - ldap interface authentication

What specific ldap config files are used by samba when it's used as the
backend db?

I have followed the FDC Howto and setup the ldap data on a dedicated FDC
server. From the samba machine I have been able to do 'ldapsearch -x  -D
"cn=dirmng" -W *' for all the sambaSam information. I have added
the
ldap data to smb.conf and set the passwd for the admin account.

What appears to happen to me is that my ldap server is setup for simple
authentication only while it looks like smb is not. How can I specify
smb use simple authentication?

Which version of Samba?

As I understand it, Samba doesn't use ldap   :-)

At compile time, support for nss_ldap can be specified - samba talks
to that for looking up users (and machines) - this requires
/etc/ldap.conf to be correct.

There are some add-on perl scripts bundled as smbldap-tools which can
be used to talk to ldap in order to create users and allow machines to
join domains.

Istr reading that SaMBa 4 will be doing things differently.

Q

On Wed, 2008-01-09 at 06:26 -0800, Deas, Jim wrote:
> What specific ldap config files are used by samba when it's used as the
> backend db?
> 
> I have followed the FDC Howto and setup the ldap data on a dedicated FDC
> server. From the samba machine I have been able to do 'ldapsearch -x 
-D
> "cn=dirmng" -W *' for all the sambaSam information. I have
added the
> ldap data to smb.conf and set the passwd for the admin account.
> 
> What appears to happen to me is that my ldap server is setup for simple
> authentication only while it looks like smb is not. How can I specify
> smb use simple authentication?
> 
>  
Try using 'ldap ssl = off' in your smb.conf.  According to the man page
(man smb.conf)
        "The ldap ssl can be set to one of three values:
        
                     ?  Off = Never use SSL when querying the directory.
        
                     ?  Start_tls  =  Use  the  LDAPv3  StartTLS
        extended   operation
                        (RFC2830) for communicating with the directory
        server.
        
                     ?  On  =  Use  SSL  on  the  ldaps  port when
        contacting the ldap
                        server. Only available when the
        backwards-compatiblity --with-
                        ldapsam  option  is specified to configure. See
        passdb backend
                                  .RE
        
                        Default: ldap ssl = start_tls"

Hope that helps.

Regards,
Frank