raphael gommeaux
2011-Mar-03 07:41 UTC
[Samba] How to use another attribute than the uid ?
Hi, I use Samba 3.5.4 PDC with ldap backend on a sles10 server with kernel smp 2.6.16.60-0.21. On the ldap, the uid attribute can't be used for reasons beyond my control. So i must use another attribute for the authentication (uidAuth). In order to achieve this, i edited 3 files : => ldap.conf => smb.conf => nsswitch.conf ===========================================================================I have added these parameters to my ldap.conf : pam_login_attribute uidAuth pam_template_login_attribute uidAuth pam_password exop nss_base_passwd ou=users,ou=ent,ou=box,c=fr?one?objectClass=posixAccount nss_base_shadow ou=users,ou=ent,ou=box,c=fr?one?objectClass=shadowAccount nss_base_group ou=groups,ou=ent,ou=box,c=fr nss_map_attribute uid uidAuth ======================================================== smb.conf : [global] admin users = @admins, root dns proxy = No domain logons = Yes domain master = Yes dos filetime resolution = Yes ldap admin dn = cn=admin,ou=adms,ou=box,c=fr ldap ssl = No ldap suffix = ou=ent,ou=box,c=fr ldap timeout = 25 ldap user suffix = ou=users ldap machine suffix = ou=computers ldap group suffix = ou=groups obey pam restrictions = yes log file = /var/log/samba/%m.log log level = 10 logon drive = I: logon path logon script = %U.bat max log size = 5000 name resolve order = wins host bcast lmhosts os level = 255 passdb backend = ldapsam:ldap://192.168.1.50 preferred master = Yes socket options = SO_KEEPALIVE TCP_NODELAY IPTOS_LOWDELAY time server = Yes update encrypted = Yes username map = /etc/samba/smbusers wins proxy = Yes wins support = Yes workgroup = DOMTEST ==================================================================nsswitch.conf : passwd: files ldap shadow: files ldap group: files ldap ========================================================= Results : 1) Getent ok : When i tested it with getent, i got the correct answer from the ldap. 2) I can't login with samba : When i try to login with samba, the log indicates that samba does not use these parameters. It search on the uid. In the samba log of the station i have found "filter=>[(&(uid=john.doe)(objectClass=sambaSamAccount))]" and "couldn't find user 'john.doe' in passdb". -------------- Question : Anybody know how to force samba to use another attribute than the uid ?
TAKAHASHI Motonobu
2011-Mar-03 10:51 UTC
[Samba] How to use another attribute than the uid ?
2011/3/3 raphael gommeaux <raphael.gommeaux at gmail.com>:> -------------- > Question : > Anybody know how to force samba to use another attribute than the uid ?To use Samba 3.0.14a or earlier version and "ldap filter" parameter is the only way, I think. --- TAKAHASHI Motonobu <monyo at samba.gr.jp>