[Samba] ldap configuration oddity

[Patrick W. Riehecky]

Hey, I am totally confused/lost/confused getting this config working.

I am trying to get samba to authenticate against LDAP.  After reading a 
bunch of docs I generated the config at the end.

When I run testparm against it I get:
Load smb config files from /etc/samba/smb.conf
Unknown parameter encountered: "ldap server"
Ignoring unknown parameter "ldap server"
   and then the rest of my config file INCLUDING 
passdb backend = ldapsam:ldaps://accounts.iwu.edu

I would suspect that LDAP support is not compiled in for this binary, 
except then testparm should complain a bit more about all my LDAP 
config settings, not just the ldap server setting.  Furthermore, I am 
using Fedora's rpm, and I think that they would either offer a LDAP 
enabled rpm or enable it themselves - I cannot locate a rpm that states 
that it is LDAP enabled, so my guess is the former.

I am using Samba version 3.0.9-1.fc3 for Fedora Core 3.
Here is my config file.
your thoughts?


[global]
server string = %h (Samba %v)

log file = /var/log/samba/log.%m
log level = 5
max log size = 100

dns proxy = No
socket options = IPTOS_LOWDELAY TCP_NODELAY

security = user
obey pam restrictions = Yes
encrypt passwords = Yes

default = homes
load printers = No
show add printer wizard = No

max disk size = 300

invalid users = root @wheel @root
wide links = No

hide unreadable = Yes
hide special files = Yes
veto files = /,/proc,/dev,/sys,/etc,/boot,/lib,/home
dont descend = /,/proc,/dev,/sys,/etc,/boot,/lib,/home


ldap server = accounts.iwu.edu
ldap admin dn = "cn=foo,ou=bar,dc=iwu,dc=edu"
ldap suffix = dc=iwu,dc=edu
ldap ssl = start tls
ldap delete dn = No

ldap filter = (&(uid=%u)(objectclass=sambaSamAccunt))
idmap backend = ldap:ldap://accounts.iwu.edu
ldap user suffix = ou=foo
ldap group suffix = ou=bar

passdb backend = ldapsam:ldaps://accounts.iwu.edu
ldap passwd sync = Yes

[homes]
comment = %S's Home Directory
valid users = %S
browseable = no
read only = no
--

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Able to read directory as the correct user, but unable to write to the directory even though I have permissions

[Patrick W. Riehecky]

Samba version: 3.0.8-0.pre1.3
Fedora Core 3
Kernel: 2.6.9-1.667

I am able to authenticate as a valid user on the system, mount my home 
directory and look inside of directories that have been set to 700 and 
read files set to 600.  But I am not able to write to ANY folder or 
file on the share.  I have one directory set to 777 and one file set to 
4777 but that does not seem to matter.  I cannot, for example, copy a 
file from my local computer to the mounted share.  I authenticate 
correctly as my user, but the copy still reports permission denied.

my smb.conf looks like:
[global]
server string = Samba test box

log file = /var/log/samba/log.%m
log level = 5
max log size = 50
dns proxy = No

obey pam restrictions = Yes
encrypt passwords = no
security = user

default = homes

[homes]
comment = %S's Home Directory
browseable = no
 end smb.conf
testparm returns no errors


my log reports the following when I attempt to copy the file DRUN.GIF 
into the root of my home directory share.
-- /var/log/samba/log.junkx0r ---
  size=62
  smb_com=0x3
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=0
  smb_flg2=32769
  smb_tid=1
  smb_pid=1
  smb_uid=100
  smb_mid=76
  smt_wct=3
  smb_vwv[ 0]=   32 (0x20)
  smb_vwv[ 1]= 1939 (0x793)
  smb_vwv[ 2]=16811 (0x41AB)
  smb_bcc=21
[2004/11/29 11:27:20, 3] smbd/process.c:switch_message(887)
  switch message SMBcreate (pid 3393) conn 0xb90dac48
[2004/11/29 11:27:20, 4] smbd/uid.c:change_to_user(194)
  change_to_user: Skipping user change - already user
[2004/11/29 11:27:20, 5] smbd/filename.c:unix_convert(108)
  unix_convert called on file "DRUN.GIF"
[2004/11/29 11:27:20, 5] smbd/filename.c:unix_convert(179)
  unix_convert begin: name = DRUN.GIF, dirpath = , start = DRUN.GIF
[2004/11/29 11:27:20, 3] smbd/dosmode.c:unix_mode(111)
  unix_mode(DRUN.GIF) returning 0744
[2004/11/29 11:27:20, 5] smbd/files.c:file_new(122)
  allocated file structure 7859, fnum = 11955 (1 used)
[2004/11/29 11:27:20, 4] smbd/open.c:open_file_shared1(1244)
  calling open_file with flags=0x2 flags2=0x0 mode=0744
[2004/11/29 11:27:20, 3] smbd/open.c:open_file(115)
  Permission denied opening DRUN.GIF
[2004/11/29 11:27:20, 3] smbd/open.c:open_file(178)
  Error opening file DRUN.GIF (No such file or directory) 
(local_flags=0) (flags=0)
[2004/11/29 11:27:20, 5] smbd/files.c:file_free(385)
  freed files structure 11955 (0 used)
[2004/11/29 11:27:20, 3] smbd/error.c:error_packet(105)
  error string = No such file or directory
[2004/11/29 11:27:20, 3] smbd/error.c:error_packet(145)
  error packet at smbd/trans2.c(2229) cmd=3 (SMBcreate) eclass=1 ecode=2
[2004/11/29 11:27:20, 5] lib/util.c:show_msg(461)
[2004/11/29 11:27:20, 5] lib/util.c:show_msg(471)
  size=35
  smb_com=0x3
  smb_rcls=1
  smb_reh=0
  smb_err=2
  smb_flg=128
  smb_flg2=32769
  smb_tid=1
  smb_pid=1
  smb_uid=100
  smb_mid=76
  smt_wct=0
  smb_bcc=0
-- end log file 

as you can see with "change_to_user: Skipping user change - already 
user" it believes that I already am myself, but with the "Permission 
denied opening DRUN.GIF" there is something funky going on as I know 
that my user has persmission to write to my home directory ( chmod 
711).  I get the same result from a directory set to 777.

On a possibly unrelated issue, I can only connect to the server from 
mac os X.  smbclient, windows NT, 2000, and XP report login errors.  
While I am aware that the windows versions listed want encryped 
passwords, smbclient wants plain text ones.  The above generated 
problem did, in fact, come from the mac.  I can use three different 
macs to connect, so I do not believe it to be a localized configuration 
on my test mac.

What have I missed?  I can provide any information you require that I 
have left out.

thank you for your help
pat
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba