samba - Oct 2016 - samba with customized ldap backend

2016-10-12 12:17 GMT+02:00 L.P.H. van Belle via samba <samba at
lists.samba.org
>:
> Your error.
>
> > >             dn: uid=102220,ou=User,dc=example,dc=com
> > >             uid: 102220
> > >             username: test1
>
> Samba normaly set uid=Username and not the uidNumber
> First find why you have uid=Number and not uid=Username.
>
>
> Greetz,
>
> Louis
>
>
>
I'm puzzled by what you wrote as I'm currently using Samba to get AD
domain
and some of our users are set with "uid" LDAP attribute containing
numbers
(some others are containing string equal to sAMAccountName) and all users
[seem to] work correctly.


>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Arun Gupta
via
> > samba
> > Verzonden: woensdag 12 oktober 2016 11:56
> > Aan: mathias dufresne
> > CC: samba
> > Onderwerp: Re: [Samba] samba with customized ldap backend
> >
> >
> > Sir,
> >
> >
> >   No AD, that's some NT4 domain.
> > Yes, it has no AD
> >
> > - No Winbind because Winbind is using samacccountname as user login
and
> > not UID.
> > --> Not configured
> >
> > > - Issue happens on Linux or UNIX clients.
> > On both client
> >
> >
> > I am using sssd and pam_ldap for user retrival and modified
> > pam_login_attribute (pam_ldap.conf file) to username instead of uid
(by
> > default value) so I am very well able to authenticate with many
services
> > like ssh, smtp
> > auth etc but in sabma case it is trying to contact uid='numeric
value'
> > instead of username=test1.
> >
> > I think somewhere in configuration, we may define username attribute
> > instead of uid which is samba configured.
> >
> > Regards,
> > Arun
> >
> >
> >
> >
> > On Wed, 12 Oct 2016, mathias dufresne wrote:
> >
> > > I have to assume much, I'll try. So...
> > > - No AD, that's some NT4 domain.
> > > - No Winbind because Winbind is using samacccountname as user
login and
> > not UID.
> > > - Issue happens on Linux or UNIX clients.
> > >
> > >
> > > The question is what tool (SSSD, pam_ldap / nss_ldap, nslcd...)
are you
> > using to retrieve information from LDAP to forge users on system side.
> > >
> > > Once you get an answer to this previous question check how to
configure
> > that tool to tell it that uid is uid and login. Most of them can do
that.
> > >
> > > 2016-10-12 7:30 GMT+02:00 Arun Gupta via samba <samba at
lists.samba.org
> >:
> > >       Sir,
> > >
> > >       Please help me out
> > >
> > >       Regards,
> > >       Arun
> > >
> > >       On Tue, 4 Oct 2016, Arun Gupta wrote:
> > >
> > >             Dear All,
> > >
> > >             I have configured ldap with uid='some
numeric' instead of
> > uid=username
> > >
> > >             like that;
> > >
> > >             dn: uid=102220,ou=User,dc=example,dc=com
> > >             uid: 102220
> > >             username: test1
> > >             cn: Test Account
> > >             objectClass: inetOrgPerson
> > >             objectClass: posixAccount
> > >             objectClass: top
> > >             objectClass: shadowAccount
> > >             objectClass: sambaSamAccount
> > >             mail: test1 at cdac.in
> > >             shadowLastChange: 15587
> > >             loginShell: /bin/bash
> > >             uidNumber: 5345
> > >             gidNumber: 5345
> > >             homeDirectory: /home/test1
> > >             userPassword:
{SSHA256}v7vlA8YYjJ27IbPQQa8eaChdHFcnw=> > >            
sambaPwdLastSet: 1473165911
> > >             sambaLMPassword: 7e58f6a33f8b3ef68ef354180a3a1da7
> > >             sambaSID:
S-1-5-21-4079184197-2446238136-3299756537-1008
> > >             sambaAcctFlags: [UX         ]
> > >             sambaNTPassword: 0242A7FEC5CD294F916925766089E573
> > >
> > >
> > >             when I configured samba with ldap backend then samba
is not
> > able to get user information (because samba always search attribute
> > >             uid=numeric), but when I replace uid=username
(uid=test1
> > instead of uid=102220) it works and authenticate successful.
> > >
> > >             As I have 3000+ users in ldap and it is not possible
to
> > change to all user settings, request to you kindly give me some clue
to
> > find out
> > >             the solution, I will highly obliged for the same.
> > >
> > >
> > >
> > >
> > > ------------------------------------------------------------
> ------------
> > -------------------------------------------------------
> > > [ C-DAC is on Social-Media too. Kindly follow us at:
> > > Facebook: https://www.facebook.com/CDACINDIA & Twitter:
@cdacindia ]
> > >
> > > This e-mail is for the sole use of the intended recipient(s) and
may
> > > contain confidential and privileged information. If you are not
the
> > > intended recipient, please contact the sender by reply e-mail and
> > destroy
> > > all copies and the original message. Any unauthorized review,
use,
> > > disclosure, dissemination, forwarding, printing or copying of
this
> email
> > > is strictly prohibited and appropriate legal action will be
taken.
> > > ------------------------------------------------------------
> ------------
> > -------------------------------------------------------
> > >
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read
the
> > > instructions:  https://lists.samba.org/mailman/options/samba
> > >
> > >
> > >
> > >
> >
> > --
> >
> > Thanks & Regards,
> >
> > Arun Kumar Gupta
> > Mail Administrator
> > HPC Infrastructure and Ecosystem Group
> > Centre for Development of Advanced Computing
> > Savitribai Phule Pune University Campus
> > PUNE-Maharastra
> > Phone :       +91-20-25704347
> > WEB   : http://www.cdac.in/
> >
> > ------------------------------------------------------------
> --------------
> > -----------------------------------------------------
> > [ C-DAC is on Social-Media too. Kindly follow us at:
> > Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia
]
> >
> > This e-mail is for the sole use of the intended recipient(s) and may
> > contain confidential and privileged information. If you are not the
> > intended recipient, please contact the sender by reply e-mail and
destroy
> > all copies and the original message. Any unauthorized review, use,
> > disclosure, dissemination, forwarding, printing or copying of this
email
> > is strictly prohibited and appropriate legal action will be taken.
> > ------------------------------------------------------------
> --------------
> > -----------------------------------------------------
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

On Wed, 12 Oct 2016 12:31:51 +0200
mathias dufresne via samba <samba at lists.samba.org> wrote:
> 2016-10-12 12:17 GMT+02:00 L.P.H. van Belle via samba
> <samba at lists.samba.org
> >:
> 
> > Your error.
> >
> > > >             dn: uid=102220,ou=User,dc=example,dc=com
> > > >             uid: 102220
> > > >             username: test1
> >
> > Samba normaly set uid=Username and not the uidNumber
> > First find why you have uid=Number and not uid=Username.
> >
> >
> > Greetz,
> >
> > Louis
> >
> >
> >
> I'm puzzled by what you wrote as I'm currently using Samba to get
AD
> domain and some of our users are set with "uid" LDAP attribute
> containing numbers (some others are containing string equal to
> sAMAccountName) and all users [seem to] work correctly.
> 
I think he means on an NT4-style domain, but as I pointed out, this has
NOTHING to do with Samba. It is probably a mis-configuration of sssd
and as such, the OP should ask their question on sssd-users.

Rowland

As he wrote that SSH and SMTP auth and others stuffs are working, I would
say SSSD should work.
As he wrote there is an issue with Samba, I'd like to understand how he is
using Samba, what is the exact error and what he's doing to get that error.

Samba should be able to live with other tools. We should be able to able to
speak here about Samba working with other tools. But that certainly is
because I'm sometimes radical in what represent open source world to me.

2016-10-12 12:39 GMT+02:00 Rowland Penny via samba <samba at
lists.samba.org>:
> On Wed, 12 Oct 2016 12:31:51 +0200
> mathias dufresne via samba <samba at lists.samba.org> wrote:
>
> > 2016-10-12 12:17 GMT+02:00 L.P.H. van Belle via samba
> > <samba at lists.samba.org
> > >:
> >
> > > Your error.
> > >
> > > > >             dn: uid=102220,ou=User,dc=example,dc=com
> > > > >             uid: 102220
> > > > >             username: test1
> > >
> > > Samba normaly set uid=Username and not the uidNumber
> > > First find why you have uid=Number and not uid=Username.
> > >
> > >
> > > Greetz,
> > >
> > > Louis
> > >
> > >
> > >
> > I'm puzzled by what you wrote as I'm currently using Samba to
get AD
> > domain and some of our users are set with "uid" LDAP
attribute
> > containing numbers (some others are containing string equal to
> > sAMAccountName) and all users [seem to] work correctly.
> >
>
> I think he means on an NT4-style domain, but as I pointed out, this has
> NOTHING to do with Samba. It is probably a mis-configuration of sssd
> and as such, the OP should ask their question on sssd-users.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>