[Samba] trouble with ldap authentication on centos+openldap

Mon, 28 Jan 2013 09:15:06 -0800 

Hi Samba List,
I've been trying to get a samba+ldap working on centos 6.3. I've had some troubles adapting to the new slapd.d configuration format for the openldap, which seems unnecassarily complicated. Most of the tutorials refer to the older style slapd.conf configuration. I was following this tutorial: 

http://linuxserverathome.com/articles/installing-and-configuring-openldap-2423-centos-63
http://linuxserverathome.com/articles/using-samba-share-files-windows-part-1
http://linuxserverathome.com/articles/using-samba-share-files-windows-part-2


I've got ldap working, I can do a unix login as an ldap user. But I 
cannot browse to the samba server. What seems to be happening is that 
samba is not authenticating with with ldap correctly, I see this in my logs:



Jan 28 09:09:44 city1 net: [2013/01/28 09:09:44.664956,  0] 
lib/smbldap.c:1151(smbldap_connect_system)
Jan 28 09:09:44 city1 net:   failed to bind to server 
ldap://city1.burlingtoniowa.org with 
dn="cn=samba,dc=burlingtoniowa,dc=org" Error: Invalid credentials

Jan 28 09:09:44 city1 net:   #011(unknown)

Looks like the ldap password is set in the following configuration files:

    olcDatabase={0}config.ldif
    olcDatabase={2}bdb.ldif


I am thinking most of this is done in olcDatabase={2}bdb.ldif, here's 
what I think is the relevant part of it:



olcAccess: {0}to attrs=userPassword,shadowLastChange by 
dn="cn=samba,dc=burlin

 gtoniowa,dc=org" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read

olcAccess: {2}to * by dn="cn=samba,dc=burlingtoniowa,dc=org"  write by * 
read

olcRootPW: {SSHA}-------------------redacted---------------------
olcSuffix: dc=burlingtoniowa,dc=org

here's the ldap part of my smb.conf:

[global]
workgroup = CITY
server string = city1
passdb backend = ldapsam:ldap://city1.burlingtoniowa.org
log level = 3
log file = /var/log/samba/log.%m
max log size = 50
os level = 65
wins support = Yes
ldap admin dn = cn=samba,dc=burlingtoniowa,dc=org
ldap group suffix = ou=groups
ldap passwd sync = yes
ldap suffix = dc=burlingtoniowa,dc=org
ldap user suffix = ou=people
cups options = raw

Your input and suggestions are appreciated.... Thanks!


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba














    











					Reply via email to