I've not done it with Samba, but I have with Apache for SVN and DAV
authentication on Ubuntu. If I remember correctly, the admin DN is
the DN of the diradmin user.
(Sorry if anyone receives this message multiple times, Gmail has been
hiccuping.)
--Kyle Sluder
On Nov 16, 2007 5:05 PM, Steve Brown <email@hidden> wrote:
> Currently, we have all our users authenticating against on
> OpenDirectory LDAP server running on Tiger. We have a new Linux file
> server that some of our Windows clients will have access to. I would
> like for Samba on the Linux box to authenticate against OpenDirectory,
> but I have not had any luck. I have other services on the Linux box
> authenticating against the OD server through PAM and NSS without any
> issues, but I can't get Samba to do so.
>
> The main issue seems to be the way Samba tries to bind to the OD
> server. I set the ldap dn in Samba to be the same as it is in the
> PAM/NSS config. From what I can tell, PAM/NSS performs an anonymous
> bind to the OD server, then authenticates that way. Samba doesn't
> support anonymous LDAP binds, so I'm kind of stuck here.
>
> So my questions are:
>
> 1) Is anyone else authenticating Linux Samba against OD? If so, would
> you mind sharing your config? Especially the "ldap admin dn" setting.
>
> 2) Is there a better way to do this? I've spent several days working
> on this and don't seem to be making any headway on this.
>
> At any rate, here are the details right
> now:
>
> Samba 3.0.26a built with ./configure --prefix=/usr/local --enable-fhs
> --with-ldap --with-pam --with-configdir=/etc/samba
> --with-logfilebase=/var/log/samba
>
> $ cat /etc/samba/smb.conf
> [global]
> workgroup = WORKGROUP
> netbios name = Samuel
> security = user
>
> passdb backend = ldapsam:ldap://192.168.19.1/
> ldap suffix = dc=vpn,dc=a3dauto,dc=com
> ldap admin dn = dc=vpn,dc=a3dauto,dc=com
> ldap user suffix = cn=users
> ldap group suffix = cn=groups
>
> [test]
> path = /mnt/smb
> read only = no
> guest ok = no
>
> $ sudo /usr/local/sbin/smbd -iS
> smbd version 3.0.26a started.
> Copyright Andrew Tridgell and the Samba Team 1992-2007
> failed to bind to server ldap://192.168.19.1/ with
> dn="dc=vpn,dc=a3dauto,dc=com" Error: Invalid credentials
> (unknown)
> Connection to LDAP server failed for the 1 try!
> Connection to LDAP server failed for the 2 try!
> ...
>
> I did add my LDAP password using smbpasswd -W.
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Macos-x-server mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
> http://lists.apple.com/mailman/options/macos-x-server/kyle.sluder%email@hidden
>
> This email sent to email@hidden
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
