RE: [Samba] LDAP Filter Problem
Title: RE: [Samba] LDAP Filter Problem Brad, Thanks for the suggestions. I got rid of the realm and changed back the LDAP filter to what you suggested to no avail. I assume that Samba is directly responsible for sending the LDAP search query to slapd. Is this correct? With the slapd debugging turned on I see that LDAP gets the same query twice to retrieve an account when I try to connect as a Samba client (see details below). Is the filter defined in smb.conf the same filter that is supposed to be used in this query because if so it doesn't seem to work. Also, is it correct for Samba to prefix the domain name to the userid before querying the LDAP database? If I query my LDAP database using this filter it obviously returns nothing, but if I remove the ELUCIDATION\ domain prefix it does return the user record. It's frustrating because I feel like I know what the problem is, but don't know how to fix it. Any other ideas would be greatly appreciated! John Samba Client Connection == smbclient -d 4 -L boo -U root%password -W ELUCIDATION debug.log: === Jan 27 07:37:14 boo slapd[8038]: connection_get(25) Jan 27 07:39:40 boo slapd[8038]: connection_get(25) Jan 27 07:39:40 boo slapd[14586]: send_ldap_result: 0:: Jan 27 07:39:40 boo slapd[8038]: connection_get(25) Jan 27 07:39:40 boo slapd[14719]: SRCH ou=Users,dc=ELUCIDATION 1 0 Jan 27 07:39:40 boo slapd[14719]: 1 0 0 Jan 27 07:39:40 boo slapd[14719]: filter: ((objectClass=posixAccount)(uid=elucidation\5Croot)) Jan 27 07:39:40 boo slapd[14719]: attrs: Jan 27 07:39:40 boo slapd[14719]: uid Jan 27 07:39:40 boo slapd[14719]: userPassword Jan 27 07:39:40 boo slapd[14719]: uidNumber Jan 27 07:39:40 boo slapd[14719]: gidNumber Jan 27 07:39:40 boo slapd[14719]: cn Jan 27 07:39:40 boo slapd[14719]: homeDirectory Jan 27 07:39:40 boo slapd[14719]: loginShell Jan 27 07:39:40 boo slapd[14719]: gecos Jan 27 07:39:40 boo slapd[14719]: description Jan 27 07:39:40 boo slapd[14719]: objectClass Jan 27 07:39:40 boo slapd[14719]: Jan 27 07:39:40 boo slapd[8038]: connection_get(25) Jan 27 07:39:40 boo slapd[9285]: SRCH ou=Users,dc=ELUCIDATION 1 0 Jan 27 07:39:40 boo slapd[9285]: 1 0 0 Jan 27 07:39:40 boo slapd[9285]: filter: ((objectClass=posixAccount)(uid=ELUCIDATION\5CROOT)) Jan 27 07:39:40 boo slapd[9285]: attrs: Jan 27 07:39:40 boo slapd[9285]: uid Jan 27 07:39:40 boo slapd[9285]: userPassword Jan 27 07:39:40 boo slapd[9285]: uidNumber Jan 27 07:39:40 boo slapd[9285]: gidNumber Jan 27 07:39:40 boo slapd[9285]: cn Jan 27 07:39:40 boo slapd[9285]: homeDirectory Jan 27 07:39:40 boo slapd[9285]: loginShell Jan 27 07:39:40 boo slapd[9285]: gecos Jan 27 07:39:40 boo slapd[9285]: description Jan 27 07:39:40 boo slapd[9285]: objectClass Jan 27 07:39:40 boo slapd[9285]: Jan 27 07:39:41 boo slapd[8038]: connection_get(25) ~-~-~-~-~-~-~-~-~-~-~-~-~-~ John Peak Revenue Cycle Solutions McKesson Corp. [EMAIL PROTECTED] 404.338.2701 -Original Message- From: Bradley W. Langhorst [mailto:[EMAIL PROTECTED]] Sent: Friday, January 24, 2003 4:52 PM To: Peak, John Cc: [EMAIL PROTECTED] Subject: RE: [Samba] LDAP Filter Problem On Fri, 2003-01-24 at 16:32, Peak, John wrote: I am sure there are some extraneous parameters in it from all the things I've tried, but here it is ... # Global parameters [global] realm = ELUCIDATION what's this doing here? ldap filter = ((uid=%u)(objectclass=ixAccount)) i think this should be ldap filter = ((uid=%u)(objectclass=sambaAccount)) unless you've done something unusual brad -- Bradley W. Langhorst [EMAIL PROTECTED]
RE: [Samba] LDAP Filter Problem
Title: RE: [Samba] LDAP Filter Problem I am sure there are some extraneous parameters in it from all the things I've tried, but here it is # Samba config file created using SWAT # from 192.168.1.8 (192.168.1.8) # Date: 2003/01/20 21:34:50 # Global parameters [global] realm = ELUCIDATION workgroup = ELUCIDATION netbios name = Boo server string = %h server (Samba %v) security = USER obey pam restrictions = Yes guest account = guest passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u passwd chat = *new*password* %n\n *new*password* %n\n *successfully* unix password sync = Yes encrypt passwords = Yes log level = 5 log file = /var/log/samba/%m.log max log size = 1000 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain logons = No logon script = startup.bat os level = 80 preferred master = Yes domain master = Yes local master = Yes dns proxy = No wins support = Yes ldap suffix = dc=ELUCIDATION ldap machine suffix = dc=ELUCIDATION ldap user suffix = dc=ELUCIDATION ldap admin dn = cn=Manager,dc=ELUCIDATION ldap ssl = Yes ldap filter = ((uid=%u)(objectclass=ixAccount)) printing = lprng add user script = /usr/local/sbin/smbldap-useradd.pl -w %u panic action = "" %d invalid users = root hosts allow = 192.168.1.0/255.255.255.0 logon drive = H: logon home = \\boo\%u domain admin group = @Domain Admins [homes] comment = Home Directories valid users = %S read only = No create mask = 0664 directory mask = 0775 browseable = No [netlogon] comment = Network Logon Service path = /opt/samba/netlogon guest ok = Yes [doc] path=/usr/share/doc public=yes writable=no read only=no create mask = 0750 guest ok = Yes [profiles] path = /opt/samba/profiles read only = Yes create mask = 0644 directory mask = 0775 guest ok = Yes browseable = No [printers] comment = All Printers path = /tmp create mask = 0700 printable = Yes browseable = No [tmp] comment = Temporary file space path = /tmp read only = No guest ok = Yes ~-~-~-~-~-~-~-~-~-~-~-~-~-~ John Peak Revenue Cycle Solutions McKesson Corp. [EMAIL PROTECTED] 404.338.2701 -Original Message- From: Bradley W. Langhorst [mailto:[EMAIL PROTECTED]] Sent: Friday, January 24, 2003 4:16 PM To: Peak, John Cc: [EMAIL PROTECTED] Subject: Re: [Samba] LDAP Filter Problem On Fri, 2003-01-24 at 13:15, Samba Newsgroups wrote: I was wondering if anyone could help me with this one. I am having trouble getting LDAP and samba working properly on my Debian Woody box. I am using OpenLDAP 2.0.27-3 and the unsable packaged Samba version 2.999+3.0 and am using the samba.schema for my LDAP database. Whenever I try to join the network using either W2K or smbclient the LDAP debug log shows that the following filter is being used: Jan 24 12:32:01 boo slapd[14586]: filter: ((objectClass=posixAccount)(uid=ELUCIDATION\5CROOT)) you'd better show your smb.conf... brad -- Bradley W. Langhorst [EMAIL PROTECTED]
RE: [Samba] LDAP Filter Problem
On Fri, 2003-01-24 at 16:32, Peak, John wrote: I am sure there are some extraneous parameters in it from all the things I've tried, but here it is ... # Global parameters [global] realm = ELUCIDATION what's this doing here? ldap filter = ((uid=%u)(objectclass=ixAccount)) i think this should be ldap filter = ((uid=%u)(objectclass=sambaAccount)) unless you've done something unusual brad -- Bradley W. Langhorst [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
