LDAP with Samba Server - mailing.unix.samba

The old Google Groups will be going away soon, but your browser is incompatible with the new version.

« Groups Home

mailing.unix.samba

Discussions

+ new post

About this group

Subscribe to this group

This is a Usenet group - learn more

LDAP with Samba Server

Options

3 messages - Collapse all

rodrigo tavares

View profile

More options Nov 12 2012, 8:24 am

Newsgroups: mailing.unix.samba

From: rodrigofar...@yahoo.com.br (rodrigo tavares)

Date: Mon, 12 Nov 2012 05:23:42 -0800 (PST)

Local: Mon, Nov 12 2012 8:23 am

Subject: [Samba] LDAP with Samba Server

Print | Individual message | Show original | Report this message | Find messages by this author

Hello !

Today I have a ldap server, it replicate the database from another machine SMB-LDAP.
See the result:

dn: cn=informatica,ou=defensoria,dc=defensoria,dc=br
cn: informatica
description: Informatica
gidNumber: 2451
phpgwAccountExpires: -1
phpgwAccountType: g
userPassword:
mail: informat...@defensoria.br
memberUid: diego.santos
memberUid: alan.murta
memberUid: bruce.borba
memberUid: william.mor
memberUid: manuel.neto
memberUid: eli.set
memberUid: rodrigo.tavares
memberUid: faria.tavares
structuralObjectClass: posixGroup
entryUUID: e0cf40fa-b0af-1031-9098-b773bfdd8a70
creatorsName: cn=admin,dc=defensoria,dc=br
createTimestamp: 20121022161837Z
objectClass: top
objectClass: posixGroup
objectClass: phpgwAccount
objectClass: sambaGroupMapping
sambaGroupType: 2
displayName: informatica
sambaSID:: IFMtMS01LTIxLTM2OTQ4MTM4NjctMjE3NjUzNTQ2Ny0xMzMzMDcxNTk2LTU5MDM=
entryCSN: 20121112130102.988770Z#000000#000#000000
modifiersName: cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br
modifyTimestamp: 20121112130102Z

I my smb.conf

[system]

        comment = system
        path = /home/system
        public = yes
        printable = no
        browseable = no
        guest ok = yes
        read only = yes
        write list = @informatica

domain logons = yes
   add user script = /usr/sbin/smbldap-useradd -a -m "%u"
   add group script = /usr/sbin/smbldap-groupadd -p "%g"
   add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
   delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
   set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
   add machine script = /usr/sbin/smbldap-useradd -w "%u"

ldap user suffix = ou=defensoria
   ldap group suffix = ou=grupos
   ldap machine suffix = ou=computadores
   ldap passwd sync = yes
   ldap admin dn = cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br
   ldap suffix = dc=defensoria,dc=mg,dc=gov,dc=br
   ldap ssl = no
   passdb backend = ldapsam:ldap://10.26.7.249

http://rodrigofariat.files.wordpress.com/2012/11/ldap-smb.png

When I try mapping the folder, come a screen with login/password, then i type password but
is not login is not access. Why is not access ?

Rodrigo Faria
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Harry Jede

View profile

More options Nov 12 2012, 3:12 pm

Newsgroups: mailing.unix.samba

From: walk2...@arcor.de (Harry Jede)

Date: Mon, 12 Nov 2012 21:11:48 +0100

Local: Mon, Nov 12 2012 3:11 pm

Subject: Re: [Samba] LDAP with Samba Server

Print | Individual message | Show original | Report this message | Find messages by this author

On 19:43:51 wrote rodrigo tavares:

- Show quoted text -

The field "sambaSID" should never be base64 encoded!
There is a space before "S-1-5", but should not ;-)

$ echo IFMtMS01LTIxLTM2OTQ4MTM4NjctMjE3NjUzNTQ2Ny0xMzMzMDcxNTk2LTU5MDM=|
base64 -d
S-1-5-21-3694813867-2176535467-1333071596-5903

check your smbldap config file.

Maybe that all or most sambaSid attributes are wrong.

- Show quoted text -

Gruss
Harry Jede
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Fernando Lozano

View profile

More options Nov 13 2012, 10:01 am

Newsgroups: mailing.unix.samba

From: ferna...@lozano.eti.br (Fernando Lozano)

Date: Tue, 13 Nov 2012 12:45:17 -0200

Local: Tues, Nov 13 2012 9:45 am

Subject: Re: [Samba] LDAP with Samba Server

Print | Individual message | Show original | Report this message | Find messages by this author

Rodrigo,

It's not hard to fix your LDAP data, but you must find why it sambaSID
values were stored the wrong way. Maybe your LDAP config files
(/etc/slapd.conf?) on the slave point to the wrong schema definitions?

As for the space it may be there because of phpLdapAdmin. Try another
LDAP browser, like the GUI (Windows) Ldap Admin or GC (for Gnome) to
check the values.

[]s, Fernando Lozano

- Show quoted text -

> On 19:43:51 wrote rodrigo tavares:
>> Hello !

>> Today I have a ldap server, it replicate the database from another
>> machine SMB-LDAP. See the result:

>> dn: cn=informatica,ou=defensoria,dc=defensoria,dc=br
>> cn: informatica
>> description: Informatica
>> gidNumber: 2451
>> phpgwAccountExpires: -1
>> phpgwAccountType: g
>> userPassword:
>> mail: informat...@defensoria.br
>> memberUid: diego.santos
>> memberUid: alan.murta
>> memberUid: bruce.borba
>> memberUid: william.mor
>> memberUid: manuel.neto
>> memberUid: eli.set
>> memberUid: rodrigo.tavares
>> memberUid: faria.tavares
>> structuralObjectClass: posixGroup
>> entryUUID: e0cf40fa-b0af-1031-9098-b773bfdd8a70
>> creatorsName: cn=admin,dc=defensoria,dc=br
>> createTimestamp: 20121022161837Z
>> objectClass: top
>> objectClass: posixGroup
>> objectClass: phpgwAccount
>> objectClass: sambaGroupMapping
>> sambaGroupType: 2
>> displayName: informatica
>> sambaSID::
>> IFMtMS01LTIxLTM2OTQ4MTM4NjctMjE3NjUzNTQ2Ny0xMzMzMDcxNTk2LTU5MDM=
> The field "sambaSID" should never be base64 encoded!
> There is a space before "S-1-5", but should not ;-)

> $ echo IFMtMS01LTIxLTM2OTQ4MTM4NjctMjE3NjUzNTQ2Ny0xMzMzMDcxNTk2LTU5MDM=|
> base64 -d
> S-1-5-21-3694813867-2176535467-1333071596-5903

> check your smbldap config file.

> Maybe that all or most sambaSid attributes are wrong.

>> entryCSN: 20121112130102.988770Z#000000#000#000000
>> modifiersName: cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br
>> modifyTimestamp: 20121112130102Z

>> I my smb.conf

>> [system]

>> comment = system
>> path = /home/system
>> public = yes
>> printable = no
>> browseable = no
>> guest ok = yes
>> read only = yes
>> write list = @informatica

>> domain logons = yes
>> add user script = /usr/sbin/smbldap-useradd -a -m "%u"
>> add group script = /usr/sbin/smbldap-groupadd -p "%g"
>> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
>> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
>> "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g"
>> "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u"

>> ldap user suffix = ou=defensoria
>> ldap group suffix = ou=grupos
>> ldap machine suffix = ou=computadores
>> ldap passwd sync = yes
>> ldap admin dn = cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br
>> ldap suffix = dc=defensoria,dc=mg,dc=gov,dc=br
>> ldap ssl = no
>> passdb backend = ldapsam:ldap://10.26.7.249

>> http://rodrigofariat.files.wordpress.com/2012/11/ldap-smb.png

>> When I try mapping the folder, come a screen with login/password,
>> then i type password but is not login is not access. Why is not
>> access ?

>> Rodrigo Faria

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

End of messages

« Back to Discussions

« Newer topic

Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy

Account Options