Re: [Samba] LDAP with Samba Server

Tue, 13 Nov 2012 07:01:04 -0800 

Rodrigo,
It's not hard to fix your LDAP data, but you must find why it sambaSID values were stored the wrong way. Maybe your LDAP config files (/etc/slapd.conf?) on the slave point to the wrong schema definitions? 


As for the space it may be there because of phpLdapAdmin. Try another 
LDAP browser, like the GUI (Windows) Ldap Admin or GC (for Gnome) to 
check the values.



[]s, Fernando Lozano


On 19:43:51 wrote rodrigo tavares:

Hello !

Today I have a ldap server, it replicate the database from another
machine SMB-LDAP. See the result:

dn: cn=informatica,ou=defensoria,dc=defensoria,dc=br
cn: informatica
description: Informatica
gidNumber: 2451
phpgwAccountExpires: -1
phpgwAccountType: g
userPassword:
mail: informat...@defensoria.br
memberUid: diego.santos
memberUid: alan.murta
memberUid: bruce.borba
memberUid: william.mor
memberUid: manuel.neto
memberUid: eli.set
memberUid: rodrigo.tavares
memberUid: faria.tavares
structuralObjectClass: posixGroup
entryUUID: e0cf40fa-b0af-1031-9098-b773bfdd8a70
creatorsName: cn=admin,dc=defensoria,dc=br
createTimestamp: 20121022161837Z
objectClass: top
objectClass: posixGroup
objectClass: phpgwAccount
objectClass: sambaGroupMapping
sambaGroupType: 2
displayName: informatica
sambaSID::
IFMtMS01LTIxLTM2OTQ4MTM4NjctMjE3NjUzNTQ2Ny0xMzMzMDcxNTk2LTU5MDM=

The field "sambaSID" should never be base64 encoded!
There is a space before "S-1-5", but should not ;-)

$ echo IFMtMS01LTIxLTM2OTQ4MTM4NjctMjE3NjUzNTQ2Ny0xMzMzMDcxNTk2LTU5MDM=|
base64 -d
  S-1-5-21-3694813867-2176535467-1333071596-5903

check your smbldap config file.

Maybe that all or most sambaSid attributes are wrong.


entryCSN: 20121112130102.988770Z#000000#000#000000
modifiersName: cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br
modifyTimestamp: 20121112130102Z

I my smb.conf

[system]

        
         comment = system

         path = /home/system
         public = yes
         printable = no
         browseable = no
         guest ok = yes
         read only = yes
         write list = @informatica

  domain logons = yes
    add user script = /usr/sbin/smbldap-useradd -a -m "%u"
    add group script = /usr/sbin/smbldap-groupadd -p "%g"
    add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
    delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g"
"%u" add machine script = /usr/sbin/smbldap-useradd -w "%u"


  ldap user suffix = ou=defensoria
    ldap group suffix = ou=grupos
    ldap machine suffix = ou=computadores
    ldap passwd sync = yes
    ldap admin dn = cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br
    ldap suffix = dc=defensoria,dc=mg,dc=gov,dc=br
    ldap ssl = no
    passdb backend = ldapsam:ldap://10.26.7.249


http://rodrigofariat.files.wordpress.com/2012/11/ldap-smb.png



When I try mapping the folder, come a screen with login/password,
then i type password but is not login is not access. Why is not
access ?

Rodrigo Faria




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba






















					Reply via email to