[Samba] How to use another attribute than the uid ?

Wed, 02 Mar 2011 23:51:45 -0800 

Hi,

I use Samba 3.5.4 PDC with ldap backend on a sles10 server with kernel smp
2.6.16.60-0.21.

 On the ldap, the uid attribute can't be used for reasons beyond my control.
So i must use another attribute for the authentication (uidAuth).

In order to achieve this, i edited 3 files :
=> ldap.conf
=> smb.conf
=> nsswitch.conf

============================================================================
I have added these parameters to my ldap.conf :


pam_login_attribute uidAuth
pam_template_login_attribute uidAuth
pam_password exop

nss_base_passwd ou=users,ou=ent,ou=box,c=fr?one?objectClass=posixAccount
nss_base_shadow ou=users,ou=ent,ou=box,c=fr?one?objectClass=shadowAccount
nss_base_group  ou=groups,ou=ent,ou=box,c=fr
nss_map_attribute uid uidAuth

=========================================================
 smb.conf :

[global]
        admin users = @admins, root
        dns proxy = No
        domain logons = Yes
        domain master = Yes
        dos filetime resolution = Yes
        ldap admin dn = cn=admin,ou=adms,ou=box,c=fr
        ldap ssl = No
        ldap suffix = ou=ent,ou=box,c=fr
        ldap timeout = 25
        ldap user suffix = ou=users
        ldap machine suffix = ou=computers
        ldap group suffix = ou=groups
        obey pam restrictions = yes
        log file = /var/log/samba/%m.log
        log level = 10
        logon drive = I:
        logon path =
        logon script = %U.bat
        max log size = 5000
        name resolve order = wins host bcast lmhosts
        os level = 255
        passdb backend = ldapsam:ldap://192.168.1.50
        preferred master = Yes
        socket options = SO_KEEPALIVE TCP_NODELAY IPTOS_LOWDELAY
        time server = Yes
        update encrypted = Yes
        username map = /etc/samba/smbusers
        wins proxy = Yes
        wins support = Yes
        workgroup = DOMTEST

===================================================================
nsswitch.conf :
passwd: files ldap
shadow: files ldap
group: files ldap

==========================================================

Results :

1) Getent ok :
When i tested it with getent, i got the correct answer from the ldap.

2) I can't login with samba :
When i try to login with samba, the log indicates that samba does not use
these parameters. It search on the uid.
In the samba log of the station i have found
"filter=>[(&(uid=john.doe)(objectClass=sambaSamAccount))]" and "couldn't
find user 'john.doe' in passdb".

--------------
Question :
Anybody know how to force samba to use another attribute than the uid ?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to