Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] LDAP with Samba Server
8 views
Skip to first unread message
rodrigo tavares
Nov 12, 2012, 8:23:42 AM11/12/12
to
Hello !
Today I have a ldap server, it replicate the database from another machine SMB-LDAP.
See the result:
dn: cn=informatica,ou=defensoria,dc=defensoria,dc=br
cn: informatica
description: Informatica
gidNumber: 2451
phpgwAccountExpires: -1
phpgwAccountType: g
userPassword:
mail: infor...@defensoria.br
memberUid: diego.santos
memberUid: alan.murta
memberUid: bruce.borba
memberUid: william.mor
memberUid: manuel.neto
memberUid: eli.set
memberUid: rodrigo.tavares
memberUid: faria.tavares
structuralObjectClass: posixGroup
entryUUID: e0cf40fa-b0af-1031-9098-b773bfdd8a70
creatorsName: cn=admin,dc=defensoria,dc=br
createTimestamp: 20121022161837Z
objectClass: top
objectClass: posixGroup
objectClass: phpgwAccount
objectClass: sambaGroupMapping
sambaGroupType: 2
displayName: informatica
sambaSID:: IFMtMS01LTIxLTM2OTQ4MTM4NjctMjE3NjUzNTQ2Ny0xMzMzMDcxNTk2LTU5MDM=
entryCSN: 20121112130102.988770Z#000000#000#000000
modifiersName: cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br
modifyTimestamp: 20121112130102Z
I my smb.conf
[system]
comment = system
path = /home/system
public = yes
printable = no
browseable = no
guest ok = yes
read only = yes
write list = @informatica
domain logons = yes
add user script = /usr/sbin/smbldap-useradd -a -m "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
ldap user suffix = ou=defensoria
ldap group suffix = ou=grupos
ldap machine suffix = ou=computadores
ldap passwd sync = yes
ldap admin dn = cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br
ldap suffix = dc=defensoria,dc=mg,dc=gov,dc=br
ldap ssl = no
passdb backend = ldapsam:ldap://10.26.7.249
http://rodrigofariat.files.wordpress.com/2012/11/ldap-smb.png
When I try mapping the folder, come a screen with login/password, then i type password but
is not login is not access. Why is not access ?
Rodrigo Faria
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Today I have a ldap server, it replicate the database from another machine SMB-LDAP.
See the result:
dn: cn=informatica,ou=defensoria,dc=defensoria,dc=br
cn: informatica
description: Informatica
gidNumber: 2451
phpgwAccountExpires: -1
phpgwAccountType: g
userPassword:
mail: infor...@defensoria.br
memberUid: diego.santos
memberUid: alan.murta
memberUid: bruce.borba
memberUid: william.mor
memberUid: manuel.neto
memberUid: eli.set
memberUid: rodrigo.tavares
memberUid: faria.tavares
structuralObjectClass: posixGroup
entryUUID: e0cf40fa-b0af-1031-9098-b773bfdd8a70
creatorsName: cn=admin,dc=defensoria,dc=br
createTimestamp: 20121022161837Z
objectClass: top
objectClass: posixGroup
objectClass: phpgwAccount
objectClass: sambaGroupMapping
sambaGroupType: 2
displayName: informatica
sambaSID:: IFMtMS01LTIxLTM2OTQ4MTM4NjctMjE3NjUzNTQ2Ny0xMzMzMDcxNTk2LTU5MDM=
entryCSN: 20121112130102.988770Z#000000#000#000000
modifiersName: cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br
modifyTimestamp: 20121112130102Z
I my smb.conf
[system]
comment = system
path = /home/system
public = yes
printable = no
browseable = no
guest ok = yes
read only = yes
write list = @informatica
domain logons = yes
add user script = /usr/sbin/smbldap-useradd -a -m "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
ldap user suffix = ou=defensoria
ldap group suffix = ou=grupos
ldap machine suffix = ou=computadores
ldap passwd sync = yes
ldap admin dn = cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br
ldap suffix = dc=defensoria,dc=mg,dc=gov,dc=br
ldap ssl = no
passdb backend = ldapsam:ldap://10.26.7.249
http://rodrigofariat.files.wordpress.com/2012/11/ldap-smb.png
When I try mapping the folder, come a screen with login/password, then i type password but
is not login is not access. Why is not access ?
Rodrigo Faria
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Harry Jede
Nov 12, 2012, 3:11:48 PM11/12/12
to
On 19:43:51 wrote rodrigo tavares:
The field "sambaSID" should never be base64 encoded!
There is a space before "S-1-5", but should not ;-)
$ echo IFMtMS01LTIxLTM2OTQ4MTM4NjctMjE3NjUzNTQ2Ny0xMzMzMDcxNTk2LTU5MDM=|
base64 -d
S-1-5-21-3694813867-2176535467-1333071596-5903
check your smbldap config file.
Maybe that all or most sambaSid attributes are wrong.
Gruss
Harry Jede
There is a space before "S-1-5", but should not ;-)
$ echo IFMtMS01LTIxLTM2OTQ4MTM4NjctMjE3NjUzNTQ2Ny0xMzMzMDcxNTk2LTU5MDM=|
base64 -d
S-1-5-21-3694813867-2176535467-1333071596-5903
check your smbldap config file.
Maybe that all or most sambaSid attributes are wrong.
Harry Jede
Fernando Lozano
Nov 13, 2012, 9:45:17 AM11/13/12
to
Rodrigo,
It's not hard to fix your LDAP data, but you must find why it sambaSID
values were stored the wrong way. Maybe your LDAP config files
(/etc/slapd.conf?) on the slave point to the wrong schema definitions?
As for the space it may be there because of phpLdapAdmin. Try another
LDAP browser, like the GUI (Windows) Ldap Admin or GC (for Gnome) to
check the values.
[]s, Fernando Lozano
It's not hard to fix your LDAP data, but you must find why it sambaSID
values were stored the wrong way. Maybe your LDAP config files
(/etc/slapd.conf?) on the slave point to the wrong schema definitions?
As for the space it may be there because of phpLdapAdmin. Try another
LDAP browser, like the GUI (Windows) Ldap Admin or GC (for Gnome) to
check the values.
[]s, Fernando Lozano
0 new messages