thr3ads.net - samba - [Samba] trouble with ldap authentication on centos+openldap [Jan 2013]

If this information is useful, please help other people find it:
Share via:

Morgan Toal

2013-Jan-28 17:14 UTC

[Samba] trouble with ldap authentication on centos+openldap

Hi Samba List,

I've been trying to get a samba+ldap working on centos 6.3. I've had 
some troubles adapting to the new slapd.d configuration format for the 
openldap, which seems unnecassarily complicated. Most of the tutorials 
refer to the older style slapd.conf configuration. I was following this 
tutorial:

http://linuxserverathome.com/articles/installing-and-configuring-openldap-2423-centos-63
http://linuxserverathome.com/articles/using-samba-share-files-windows-part-1
http://linuxserverathome.com/articles/using-samba-share-files-windows-part-2

I've got ldap working, I can do a unix login as an ldap user. But I 
cannot browse to the samba server. What seems to be happening is that 
samba is not authenticating with with ldap correctly, I see this in my logs:

Jan 28 09:09:44 city1 net: [2013/01/28 09:09:44.664956,  0] 
lib/smbldap.c:1151(smbldap_connect_system)
Jan 28 09:09:44 city1 net:   failed to bind to server 
ldap://city1.burlingtoniowa.org with 
dn="cn=samba,dc=burlingtoniowa,dc=org" Error: Invalid credentials
Jan 28 09:09:44 city1 net:   #011(unknown)

Looks like the ldap password is set in the following configuration files:

     olcDatabase={0}config.ldif
     olcDatabase={2}bdb.ldif

I am thinking most of this is done in olcDatabase={2}bdb.ldif, here's 
what I think is the relevant part of it:

olcAccess: {0}to attrs=userPassword,shadowLastChange by 
dn="cn=samba,dc=burlin
  gtoniowa,dc=org" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=samba,dc=burlingtoniowa,dc=org"  write by
*
read
olcRootPW: {SSHA}-------------------redacted---------------------
olcSuffix: dc=burlingtoniowa,dc=org

here's the ldap part of my smb.conf:

[global]
workgroup = CITY
server string = city1
passdb backend = ldapsam:ldap://city1.burlingtoniowa.org
log level = 3
log file = /var/log/samba/log.%m
max log size = 50
os level = 65
wins support = Yes
ldap admin dn = cn=samba,dc=burlingtoniowa,dc=org
ldap group suffix = ou=groups
ldap passwd sync = yes
ldap suffix = dc=burlingtoniowa,dc=org
ldap user suffix = ou=people
cups options = raw

Your input and suggestions are appreciated.... Thanks!

Apparently Analagous Threads

Search for more seemingly similar threads

samba - Jan 2013 - trouble with ldap authentication on centos+openldap

[Samba] trouble with ldap authentication on centos+openldap

Apparently Analagous Threads

Wisdom of the Ancients