thr3ads.net - samba - [Samba] LDAP with Samba Server [Nov 2012]

If this information is useful, please help other people find it:
Share via:

rodrigo tavares

2012-Nov-12 13:23 UTC

[Samba] LDAP with Samba Server

Hello !

Today I have a ldap server, it replicate the database from another machine
SMB-LDAP.
See the result:

dn: cn=informatica,ou=defensoria,dc=defensoria,dc=br
cn: informatica
description: Informatica
gidNumber: 2451
phpgwAccountExpires: -1
phpgwAccountType: g
userPassword:
mail: informatica at defensoria.br
memberUid: diego.santos
memberUid: alan.murta
memberUid: bruce.borba
memberUid: william.mor
memberUid: manuel.neto
memberUid: eli.set
memberUid: rodrigo.tavares
memberUid: faria.tavares
structuralObjectClass: posixGroup
entryUUID: e0cf40fa-b0af-1031-9098-b773bfdd8a70
creatorsName: cn=admin,dc=defensoria,dc=br
createTimestamp: 20121022161837Z
objectClass: top
objectClass: posixGroup
objectClass: phpgwAccount
objectClass: sambaGroupMapping
sambaGroupType: 2
displayName: informatica
sambaSID::
IFMtMS01LTIxLTM2OTQ4MTM4NjctMjE3NjUzNTQ2Ny0xMzMzMDcxNTk2LTU5MDMentryCSN:
20121112130102.988770Z#000000#000#000000
modifiersName: cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br
modifyTimestamp: 20121112130102Z

I my smb.conf

[system]
??????? 
??????? comment = system
??????? path = /home/system
??????? public = yes
??????? printable = no
??????? browseable = no
??????? guest ok = yes
??????? read only = yes
??????? write list = @informatica

?domain logons = yes
?? add user script = /usr/sbin/smbldap-useradd -a -m "%u"
?? add group script = /usr/sbin/smbldap-groupadd -p "%g"
?? add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
?? delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
?? set primary group script = /usr/sbin/smbldap-usermod -g "%g"
"%u"
?? add machine script = /usr/sbin/smbldap-useradd -w "%u"


?ldap user suffix = ou=defensoria
?? ldap group suffix = ou=grupos
?? ldap machine suffix = ou=computadores
?? ldap passwd sync = yes
?? ldap admin dn = cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br
?? ldap suffix = dc=defensoria,dc=mg,dc=gov,dc=br
?? ldap ssl = no
?? passdb backend = ldapsam:ldap://10.26.7.249


http://rodrigofariat.files.wordpress.com/2012/11/ldap-smb.png



When I try mapping the folder, come a screen with login/password, then i type
password but
is not login is not access. Why is not access ?

Rodrigo Faria

Harry Jede

2012-Nov-12 20:11 UTC

head link

[Samba] LDAP with Samba Server

On 19:43:51 wrote rodrigo tavares:> Hello !
> 
> Today I have a ldap server, it replicate the database from another
> machine SMB-LDAP. See the result:
> 
> dn: cn=informatica,ou=defensoria,dc=defensoria,dc=br
> cn: informatica
> description: Informatica
> gidNumber: 2451
> phpgwAccountExpires: -1
> phpgwAccountType: g
> userPassword:
> mail: informatica at defensoria.br
> memberUid: diego.santos
> memberUid: alan.murta
> memberUid: bruce.borba
> memberUid: william.mor
> memberUid: manuel.neto
> memberUid: eli.set
> memberUid: rodrigo.tavares
> memberUid: faria.tavares
> structuralObjectClass: posixGroup
> entryUUID: e0cf40fa-b0af-1031-9098-b773bfdd8a70
> creatorsName: cn=admin,dc=defensoria,dc=br
> createTimestamp: 20121022161837Z
> objectClass: top
> objectClass: posixGroup
> objectClass: phpgwAccount
> objectClass: sambaGroupMapping
> sambaGroupType: 2
> displayName: informatica
> sambaSID::
> IFMtMS01LTIxLTM2OTQ4MTM4NjctMjE3NjUzNTQ2Ny0xMzMzMDcxNTk2LTU5MDMThe field
"sambaSID" should never be base64 encoded!There is a space before "S-1-5", but should not ;-)

$ echo IFMtMS01LTIxLTM2OTQ4MTM4NjctMjE3NjUzNTQ2Ny0xMzMzMDcxNTk2LTU5MDM=|
base64 -d
 S-1-5-21-3694813867-2176535467-1333071596-5903

check your smbldap config file.

Maybe that all or most sambaSid attributes are wrong.
> entryCSN: 20121112130102.988770Z#000000#000#000000
> modifiersName: cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br
> modifyTimestamp: 20121112130102Z
> 
> I my smb.conf
> 
> [system]
>        
>         comment = system
>         path = /home/system
>         public = yes
>         printable = no
>         browseable = no
>         guest ok = yes
>         read only = yes
>         write list = @informatica
> 
>  domain logons = yes
>    add user script = /usr/sbin/smbldap-useradd -a -m "%u"
>    add group script = /usr/sbin/smbldap-groupadd -p "%g"
>    add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
>    delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u"
> "%g" set primary group script = /usr/sbin/smbldap-usermod -g
"%g"
> "%u" add machine script = /usr/sbin/smbldap-useradd -w
"%u"
> 
> 
>  ldap user suffix = ou=defensoria
>    ldap group suffix = ou=grupos
>    ldap machine suffix = ou=computadores
>    ldap passwd sync = yes
>    ldap admin dn = cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br
>    ldap suffix = dc=defensoria,dc=mg,dc=gov,dc=br
>    ldap ssl = no
>    passdb backend = ldapsam:ldap://10.26.7.249
> 
> 
> http://rodrigofariat.files.wordpress.com/2012/11/ldap-smb.png
> 
> 
> 
> When I try mapping the folder, come a screen with login/password,
> then i type password but is not login is not access. Why is not
> access ?
> 
> Rodrigo Faria

-- 

Gruss
	Harry Jede

samba - Nov 2012 - LDAP with Samba Server

[Samba] LDAP with Samba Server

[Samba] LDAP with Samba Server