Centos 6 Samba 3 smbldap-tools installed. LDAP directory not on local host. Example user LDIF: dn: uid=testuser at mydomain.com,ou=mydomain,o=ndtc mailHost: mailserver.mydomain.com loginShell: /bin/bash gidNumber: 500 uidNumber: 53112 uid: testuser at mydomain.com sn: user cn: test user mail: testuser at mydomain.com homeDirectory: /cust/mydomain/users/testuser gecos: test user,,662-6123 objectClass: mirapointmailuser objectClass: inetorgperson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSAMAccount sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaSID: S-1-5-21-3311107553-3899660464-2674327009-107224 sambaAcctFlags: [UX] sambaHomeDrive: F: sambaHomePath: \\ndtc-fs\cust\mydomain\users sambaPwdLastSet: 1327615956 sambaPwdMustChange: 2147483647 getent passwd shows: testuser at mydomain.com:x:53112:500:test user,,662-6123:/cust/mydomain/ users/testuser:/bin/bash I can ssh to the server with this account. So, the linux/ldap stuff seems to work properly. However, I cannot connect with the smb proto. Continue to get a username/password prompt. My suspicion is the "@" in the uid, which as I understand it, in the windoze world signifies a group... I think I am confusing something in the process. My question is: can Samba be configured to append the "@mydomain.com" to the username, then authenticate the user? So the user could use the testuser login via the windoze login and drive mapping processes, but Samba would actually use testuser at mydomain.com to actually authenticate? All these accounts are already in use in the LDAP directory, and so the uid cannot be changed. lmk if there's anything else needed here... I'm willing to share configs, command outputs, etc. to get this solved. TIA! ---------------- Alex Moen Network Services Technician II North Dakota Telephone Company 701-662-6481
Forgot to add... If I create a Unix account, and add it to the local smbpasswd subsystem, it works fine. I can log in using the credentials that I create. So, samba is working, and linux/ldap is working, but samba/ldap has issues... ---------------- Alex Moen Network Services Technician II North Dakota Telephone Company 701-662-6481 On Jan 26, 2012, at 9:54 AM, Alex Moen wrote:> Centos 6 > Samba 3 > smbldap-tools installed. > > LDAP directory not on local host. > > Example user LDIF: > > dn: uid=testuser at mydomain.com,ou=mydomain,o=ndtc > mailHost: mailserver.mydomain.com > loginShell: /bin/bash > gidNumber: 500 > uidNumber: 53112 > uid: testuser at mydomain.com > sn: user > cn: test user > mail: testuser at mydomain.com > homeDirectory: /cust/mydomain/users/testuser > gecos: test user,,662-6123 > objectClass: mirapointmailuser > objectClass: inetorgperson > objectClass: posixAccount > objectClass: shadowAccount > objectClass: sambaSAMAccount > sambaLogonTime: 0 > sambaLogoffTime: 2147483647 > sambaKickoffTime: 2147483647 > sambaPwdCanChange: 0 > sambaSID: S-1-5-21-3311107553-3899660464-2674327009-107224 > sambaAcctFlags: [UX] > sambaHomeDrive: F: > sambaHomePath: \\ndtc-fs\cust\mydomain\users > sambaPwdLastSet: 1327615956 > sambaPwdMustChange: 2147483647 > > getent passwd shows: > > testuser at mydomain.com:x:53112:500:test user,,662-6123:/cust/mydomain/ > users/testuser:/bin/bash > > I can ssh to the server with this account. So, the linux/ldap stuff > seems to work properly. > > However, I cannot connect with the smb proto. Continue to get a > username/password prompt. > > My suspicion is the "@" in the uid, which as I understand it, in the > windoze world signifies a group... I think I am confusing something > in the process. > > My question is: can Samba be configured to append the > "@mydomain.com" to the username, then authenticate the user? So the > user could use the testuser login via the windoze login and drive > mapping processes, but Samba would actually use > testuser at mydomain.com to actually authenticate? > > All these accounts are already in use in the LDAP directory, and so > the uid cannot be changed. > > lmk if there's anything else needed here... I'm willing to share > configs, command outputs, etc. to get this solved. > > TIA! > > ---------------- > Alex Moen > Network Services Technician II > North Dakota Telephone Company > 701-662-6481 > > -- > To unsubscribe from this list go to the following URL and read the > instructions: lists.samba.org/mailman/options/samba
> >> I didn't go too deeply on your issue, but it seems to me that since >> you have: >> >> ldap user suffix = ou=People >> >> You cannot simply have: >> >>> dn: uid=testuser at mydomain.com,ou=mydomain,o=ndtc >> >> But should have instead: >> >> dn: uid=testuser at mydomain.com,ou=People,ou=mydomain,o=ndtc >> >> Am I wrong? >> > > Nope. You're right. I have removed the "ou=People" line. Still no joy. >I suppose that you cannot simply remove it. You have to tell Samba where the user's container resides. Judging from your LDIF, your users seem to reside directly on ou=mydomain? Maybe you should look at the whole ldap arrangement... The structure just doesn't seem right...