I have a Sun (Oracle) Directory Server directory server backend. I also use it for unix level authentication.
Are you configuring samba as a domain controller or standalone server? I have uid and uidNumber attributes- you want to make sure that the samba account maps to a unix account somehow. "pdbedit -Lv username" will verify this. I think with an LDAP backend it will expect "ldap admin dn" entry. This is not usually a regular user in your company LDAP branch but is instead an administrator. Samba will need to write to LDAP if you add or remove a samba user using smbpasswd or pdbedit, or if you change a user's samba password with samba command line tools or from windows, or if you join or remove a Windows PC the domain, and if you join the samba server to the domain. (this will create domain object.s) You can of course use LDAP tools to create the user's samba attributes. I don't know how you would easily set the user's samba password. You could probably have a dummy samba machine with a local backend, set a password, then use "smbpasswd -e" to extract the hashed value. Maybe there are additional tools for creating an NT password hash. Machines will also have accounts with passwords. the passwords may automatically change. On 08/07/12 17:37, Frans Lanting - IT Admin wrote: > Hi Folks, > > A couple of questions about making SMB (3 or 4) authenticate to an > external (anonymous) LDAP server: > > 1) A typical LDAP user record is below. Is there anything lacking in > this record that would prevent Samba from authenticating against our > LDAP server? Note the sambaSID is as is, gobblygook info: > > > dsAttrTypeNative:eduPersonAffiliation: Employee Member > dsAttrTypeNative:givenName: David > dsAttrTypeNative:homeDirectory: /afs/cats.csux.edu/users/t/dsixpack > dsAttrTypeNative:mail: dsixp...@csux.edu > dsAttrTypeNative:objectClass: posixAccount organizationalPerson > csuxPerson top sambaSamAccount person inetOrgPerson csuxMain eduPerson > dsAttrTypeNative:sambaSID: S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX > dsAttrTypeNative:sn: Sixpack > dsAttrTypeNative:csuxPersonGuID: G000242316 > AppleMetaNodeLocation: /LDAPv3/ldap-99.soe.csux.edu > AppleMetaRecordName: uid=dsixpack,ou=People,dc=crm,dc=csux,dc=edu > NFSHomeDirectory: /Users/dsixpack > Password: ******** > PrimaryGroupID: 100002 > RealName: > David Sixpack > RecordName: dsixpack > RecordType: dsRecTypeStandard:Users > UniqueID: 9239 > UserShell: /bin/bash > > 2) Regarding the "sudo smbpasswd -w secret" step, does this smb user > need to exist in our LDAP or that local to the machine running the SMB > daemon? I wasn't clear on how this step in the process is supposed to > work. > > 3) Is the "ldap admin dn =" also required? > > Note we have read-only access to our LDAP server, though a record > could be created for us if absolutely needed. > > Any help or ideas MUCH appreciated! Thanks! > > David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba