[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Samba authenticate against OpenDirectory?

Subject: Samba authenticate against OpenDirectory?
From: "Steve Brown" <email@hidden>
Date: Fri, 16 Nov 2007 11:05:13 -0600
Delivered-to: email@hidden
Delivered-to: email@hidden
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=wTqCVI41Q8sFXynXRvn/XkEtlef5j0q1650taJ6QBS8=; b=VRPpqVwWDSbxcf+xuot5yRypj9zpg4MFGQtlN4WoGgHCy30FGpf1sq+IDNGDsNKtZZd71WkTK3aBokdRpscH9EyYutm9bDqw8Pcw/UCpoEq1HMitXFK405zqFVe4y04FjEYSNanqyDWY0eDyicbBpxmEZiYDTvXvYlkixdfCEAI=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=XAkmHw1u6/GAyEX0/YXwuRKXioLmWJl45Ir4XgX4SjDthVkUvi+Xgxq4g328nbW/9PGNvsVs8VWVhH8z4Fvg/GEP1svbOQbWr/A2nsoWXA1KWSOgys/ofiEZwN/3rSLTNL4D7ho4YeItMlbY/5woWfa+b3xJn5pe/kva1CtkoFk=

Currently, we have all our users authenticating against on
OpenDirectory LDAP server running on Tiger.  We have a new Linux file
server that some of our Windows clients will have access to.  I would
like for Samba on the Linux box to authenticate against OpenDirectory,
but I have not had any luck.  I have other services on the Linux box
authenticating against the OD server through PAM and NSS without any
issues, but I can't get Samba to do so.

The main issue seems to be the way Samba tries to bind to the OD
server.  I set the ldap dn in Samba to be the same as it is in the
PAM/NSS config.  From what I can tell, PAM/NSS performs an anonymous
bind to the OD server, then authenticates that way.  Samba doesn't
support anonymous LDAP binds, so I'm kind of stuck here.

So my questions are:

1) Is anyone else authenticating Linux Samba against OD?  If so, would
you mind sharing your config?  Especially the "ldap admin dn" setting.

2) Is there a better way to do this?  I've spent several days working
on this and don't seem to be making any headway on this.

At any rate, here are the details right
now:

Samba 3.0.26a built with ./configure --prefix=/usr/local --enable-fhs
--with-ldap --with-pam --with-configdir=/etc/samba
--with-logfilebase=/var/log/samba

$ cat /etc/samba/smb.conf
[global]
       workgroup =     WORKGROUP
       netbios name =  Samuel
       security =      user

       passdb backend =        ldapsam:ldap://192.168.19.1/
       ldap suffix =           dc=vpn,dc=a3dauto,dc=com
       ldap admin dn =         dc=vpn,dc=a3dauto,dc=com
       ldap user suffix =      cn=users
       ldap group suffix =     cn=groups

[test]
       path =          /mnt/smb
       read only =     no
       guest ok =      no

$ sudo /usr/local/sbin/smbd -iS
smbd version 3.0.26a started.
Copyright Andrew Tridgell and the Samba Team 1992-2007
failed to bind to server ldap://192.168.19.1/ with
dn="dc=vpn,dc=a3dauto,dc=com" Error: Invalid credentials
       (unknown)
Connection to LDAP server failed for the 1 try!
Connection to LDAP server failed for the 2 try!
...

I did add my LDAP password using smbpasswd -W.
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden

Follow-Ups:
- Re: Samba authenticate against OpenDirectory?
  - From: "Kyle Sluder" <email@hidden>

Prev by Date: Re: Installing Leopard on xServe G5 2GHz
Next by Date: Address Book, Directory & LDAP (Mac OS X Server 10.5.1)
Previous by thread: Issues: Samba based PDC via Leopard
Next by thread: Re: Samba authenticate against OpenDirectory?
Index(es):
- Date
- Thread

Home