Server :: Authenticate Samba Share Against LDAP (EDirectory)
May 5, 2010
I'm trying to set up a Samba share that's available over the network to a group of users in our institution. Our infrastructure is based on Novell Netware (slowly migrating to OES), and thus our authentication is managed by eDirectory. All our other shares are managed by Netware, but this one lives on a standalone Ubuntu server.
I've succeeded in setting up the share, and users can access it without a problem. The trouble is that currently it only works by treating all users as guest users and giving them the same privileges over the share. Is it possible to get Samba to authenticate users against eDirectory via LDAP? Would I have to get Ubuntu to authenticate against eDirectory, then Samba against Ubuntu, or can Samba do it directly? I've not really worked with LDAP before so I'm unsure where to start.
View 2 Replies
ADVERTISEMENT
Jan 11, 2011
How to authenticate Samba server with another LDAP Server.
- I would like to set up samba server(CentOS5 samba version 3.0.33)for sharing directory. WindowXP client will can access to samba if username and password match with username and password of another existing LDAP server.
- I only know URL and DN of LDAP server and can not modify anything on LDAP Server.
- Can I config at samba server for requirement above.
View 2 Replies
View Related
Aug 9, 2010
We are testing the possibility to migrate from winXP to SLED 11 SP1. We have solved integration login and single sign on. But now we have the problem that we are not able to authenticate users against eDirectory. The test enviroment is SLED 11 SP1 workstation with authentication method eDirectory LDAP, default software + Novell client from installation disk + yast2-lum + yast2-linux-user-management
[Code]...
View 4 Replies
View Related
Jul 31, 2010
I'm using Ldap to authenticate some services in my company, but from a few days, i finds some errors saying
Quote:
I'm using webmin to manage its servces.
View 4 Replies
View Related
May 13, 2010
How can I make the user in remote LDAP server to be used to authenticate Local Linux server ?
View 5 Replies
View Related
Aug 9, 2011
When ever I have an issue with our LDAP server (which I was able to fix) we see the following errors in /var/log/messages and it causes problems with our services running on that box, e.g. httpd, nrpe, xinetd, etc. Aug 8 17:44:42 hostname httpd: nss_ldap: failed to bind to LDAP server ldap://serveraddress/: Can't contact LDAP server Aug 8 17:44:42 hostname httpd: nss_ldap: reconnecting to LDAP server (sleeping 64 seconds)... I am only wanting to authenticate SSH and Sudo and not services like httpd, nrpe, xinetd etc.
View 2 Replies
View Related
Sep 23, 2010
I'm having some trouble getting samba to work properly. I'm following this tutorial [URL] when I run
Code: sudo smbclient -L localhost I receive the following: Code: Enter root's password: Anonymous login successful Domain=[SAMBA] OS=[Unix] Server=[Samba 3.4.7]
tree connect failed: NT_STATUS_END_OF_FILE I'm lost!
View 3 Replies
View Related
May 3, 2010
We're still using an NT Domain Server, and Samba is already configured properly. But the problem is if the shared folder is configured in samba to be accessed by group and not the domain username, authentication fails even if the user is member of the group.
Example#1: (authentication successful)
[sharedfolder]
valid users = domain+username
Example#2:
[sharedfolder] (authentication fails)
valid users = @domaingroup
Samba version is samba-3.0.33
View 2 Replies
View Related
Feb 17, 2009
Set up a new cluster service for a cifs share. Has these properties:
Service name = cifs_cases
Autostart is checked
name=cases type=GFS Scope=shared
[code]....
View 1 Replies
View Related
Jan 2, 2010
True or False: If you have a user on your Linux/Samba machine with a password, example:
User = Bob
Password = Password0
And Bob is on an XP computer, where his username is also Bob and his password is also Password0, is it normal for Bob to go to:
\SambaServer, double click on Bob's share (valid users = Bob only) and Bob get RIGHT in without being prompted?
On my prior setup, the user HAD to log in. If they wanted auto login next time with their credentials, they had to check "remember password." But now it's as if Samba knows who they are. It's very strange. What's the normal behavior? Must EVERYBODY authenticate with passwords, or if the Windows credentials are the same as Samba does it just somehow auto-detect it and allow them through?
View 3 Replies
View Related
Nov 19, 2009
I had 11.1 for some time, was working fine. decided to upgrade... long story short - did a fresh install with livecd of the 11.2. I use ldap server for authentication, its on the lan. configuration during install goes through fine. fetch dn, etc... then after the bootup - authentication error for any user except root. At the same time automounter works fine, ldap requests are going through for hosts (my local hostnames are also on this ldap server), I can edit users through YAST when logged on this box, but alas! even for "su - user" I get "incorrect password", whereas if I am root, then "su - user" gets me logged in as user. password does not go through!
View 3 Replies
View Related
Jan 3, 2011
Ldapscripts seems to be authenticating oddly but I am not sure why. Running 'ldapadd' works without issue:
<code>root@domainator:~# ldapadd -D cn=root,dc=example,dc=home -W
Enter LDAP Password:
<CTRL-D>
root@domainator:~#
</code>
However:
<code>
root@domainator:~# ldapaddgroup test
>> 01/03/11 - 22:16 : Command : /usr/sbin/ldapaddgroup test
ldap_bind: Invalid credentials (49)
ldap_bind: Invalid credentials (49)
Error adding group test to LDAP
Error adding group test to LDAP
</code>
Here's various parts of my /etc/ldapscripts/ldapscripts.conf:
<code>
SERVER="domainator"
BINDDN="cn=root,dc=example,dc=home"
BINDPWDFILE="/etc/ldapscripts/ldapscripts.passwd"
SUFFIX="dc=example,dc=home" # Global suffix
GSUFFIX="ou=Groups" # Groups ou (just under $SUFFIX)
USUFFIX="ou=Users" # Users ou (just under $SUFFIX)
MSUFFIX="ou=Computers" # Machines ou (just under $SUFFIX)
GIDSTART="10000" # Group ID
UIDSTART="10000" # User ID
MIDSTART="20000" # Machine ID
</code>
/etc/ldapscripts/ldapscripts.passwd permissions are root:root, 0400 a
And I have quadruple checked my password is correct. Is there a way to print out debugging from ldapscripts so I know what commands it is generating?
View 3 Replies
View Related
Aug 3, 2011
I have a query regarding login to roundcube via dovecot ldap. I have installed and set up the openldap on Ubuntu Server 11.04 with the help of the following article [URL]. I have also installed Postfix, Dovecot, Dovecot-ldap and roundcube as the mail client. Then, I went on to test if I can login through roundcube. I received "login failed". I'm sure the dovecot is running fine as well as Postfix and openLDAP server. All I can find from the log was "auth(default) LDAP: Can't connect to server: localhost".
View 1 Replies
View Related
Apr 29, 2011
I manage to get RHEL Authenticate to Active Directory using LDAP and Kerberos. When a user authenticate to the Unix, the Unix system will check (using Kerberos) to the AD. However I just found out that when the RHEL (LDAP) did the authentication to the AD (to ensure that the RHEL has the right permission to query the LDAP database), it uses simple bind which send the username/password unencrypted over the network.
1) Can We use Kerberos as well? for the initial authentication described above?
2) If Not possible, is there a way to encrypt the username/password in the storage (ldap.conf -because it's world readble)? I know that for tranmission I can use SSL.
View 5 Replies
View Related
Sep 26, 2010
I have configured ldap on Debian5 and samba on another machine, all servers are running ok, but when i try to add users, it gives me an errror that "unknown user"
View 4 Replies
View Related
Jul 25, 2010
Install and configure Samba as a primary domain controller with LDAP on Linux.i setup it step by step following article without error until step 10.i want to join windows client when press user name and password for domain then display message:The following error occurred attempting to join the domain BIGTIME:
The network path was not found.
View 3 Replies
View Related
Apr 22, 2009
I would like to setup LDAP (openldap) with Samba. I would like to know what should I setup first? Should I setup LDAP before Samba or Samba before LDAP?
View 1 Replies
View Related
Jun 17, 2011
I've been testing a PDC with samba and LDAP these days with the following unsolved issue. 1. I can add the client PC (Windows XP SP3) with the Domain Admin user (Manager) from the client PC, but when i try to add a user I get this message "The trust relationship between this workstation and primary domain failed", so as it can be added later I ignored this message and choose 'close' and reboot the PC. 2. Since the login screen is showed, the message 'Duplicate name exists on the network' appears. So I try to log on with a valid domain username and password after pressing ctrl+alt+del and get the error message: "System cannot log you on because domain rmprb is not available"
[Code]...
View 1 Replies
View Related
Sep 8, 2009
I installed CentOS 5.2 and then run yum update. I configured this server as LDAP/Samba primary domain controller. LDAP seems to be OK and for testing I am able to create users with:smbldap-tools useradd -am usernameI can ssh into the server as root and also as a Linux user which was locally created in the server. But ssh into the server as LDAP user fails (from a Fedora 11 machine) with "Permission denied, please try again", prompting again for password.Some data:
# rpm -qa | grep ldap
python-ldap-2.2.0-2.1
php-ldap-5.1.6-23.2.el5_3
[code]....
View 1 Replies
View Related
Jun 9, 2011
I've tried to followed exactly the steps in:
[URL]
on how to setup Samba PDC w/ LDAP backend. I've reach far up to page two of the tutorial. However I'm stucked in the middle of the part of page two:
[URL]
in the part of the Start the LDAP Samba installation up and I should type the :
#useradd user1
#smbldap-useradd -a -G 'Domain Users' -m -s /bin/bash -d /home/user2 -F "" -P user1
I get this error:
Error looking for next uid in sambaDomainName=sambaDomain,dc=DOMAINNAME:No such object at /usr/lob/perl5/vendor_perl/5.8.8/smbldap_tools.pm line 1194.why does this appear, Is there any configurations missing?
View 1 Replies
View Related
Feb 5, 2010
I've been busy with configuring Samba with the 389-Directory Server (former Fedora Directory Server) for the past weeks and I almost have everything working. The last thing (I hope) that I haven working are the smbldap-tools which I'd like to use for adding computers and users to the domain. The part where I'm stuck is with the security certificates. I don know how to get the client certificates out of my installation.
My smbldap.conf file contains this:
Code:
# $Source: $
# $Id: smbldap.conf,v 1.18 2005/05/27 14:28:47 jtournier Exp $
#
# smbldap-tools.conf : Q & D configuration file for smbldap-tools
# Purpose :
# . be the configuration file for all smbldap-tools scripts .....
I used the setupssl2.sh script to setup ssl for my 389-ds, which seemed to have worked fine. I however simply have no clou how to get client certificates out of this.
View 1 Replies
View Related
Oct 24, 2010
Making a Samba Server with LDAP authentication. Will post as I go along. Found these sources, anything/hiccups I should know before jumping in? Figure would follow the official documentation then check the others for comparative errors.
https://help.ubuntu.com/10.04/server...ap-server.html
https://help.ubuntu.com/10.04/server...amba-ldap.html
http://tuxnetworks.blogspot.com/2010...cid-short.html
Also Do other computers that want access to server also need samba installed (or just client)?
The server is 10.04 and my proposed client is 10.10, does this create problems?
Do I need to use ACL? I see them only in certain places.
Using xfce after Ubuntu install, not sure if this matters.
View 9 Replies
View Related
Jul 28, 2010
I just tried to build my own samba/ldap server on opensuse 11.3 and i am continuously getting an invalid credentials error when doing the smbpasswd -a command. Below are my smb and ldap files.
smb.conf
# Primary Domain Controller smb.conf
# Global parameters
[global]
unix charset = utf8
workgroup = MERCDOMAIN
netbios name = mercserver
passdb backend =ldapsam:"ldap://mercserver.mercdomain.com"
username map = /etc/samba/smbusers
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 0
#name resolve order = wins bcast hosts
time server = Yes
printcap name = CUPS
add user script = /usr/sbin/smbldap-useradd -m '%u'
delete user script = /usr/sbin/smbldap-userdel '%u'
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%g' '%u'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%g' '%u'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -w '%u'
logon script = logon.bat
logon path = \mercserverprofiles\%u
logon drive = H:
domain logons = Yes
domain master = Yes
wins support = Yes
# peformance optimization all users stored in ldap
ldapsam:trusted = yes
ldap suffix = dc=mercdomain,dc=com
ldap machine suffix = ou=Computers,ou=Users
ldap user suffix = ou=People,ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=Manager,dc=mercserver,dc=com
ldap ssl = off
idmap backend = ldap://127.0.0.1
idmap uid = 10000-20000
idmap gid = 10000-20000
printer admin = root
printing = cups
# = Share Definitions =
[homes]
comment = Home Directories
valid users = %S
browseable = yes
writable = yes
create mask = 0600
directory mask = 0700
[sysvol]
path = /home/data/samba/sysvol
read only = no
[netlogon]
comment = Network Logon Service
path = /home/data/samba/sysvol/vavai.net/scripts
writeable = yes
browseable = yes
read only = no
[profiles]
path = /home/data/samba/profiles
writeable = yes
browseable = no
read only = no
create mode = 0777
directory mode = 0777
[Documents]
comment = share to test samba
path = /home/data/documents
writeable = yes
browseable = yes
read only = no
valid users = "@Domain Users"
slapd.conf
UW PICO 5.04 File: /etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba3.schema
modulepath /usr/lib/openldap/modules/
# moduleload back_bdb.la
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
# Samba Primary Database mercdomain.com
database bdb
suffix "dc=mercdomain,dc=com"
directory /var/lib/ldap
rootdn "cn=Manager,dc=mercdomain,dc=com"
rootpw merc84
index entryCSN eq
index entryUUID eq
#access to attrs=userPassword,sambaLMPassword,sambaNTPassword
# by self write
# by dn="cn=Manager,dc=mercdomain,dc=com" write
# by * auth
#access to *
# by dn="cn=Manager,dc=mercdomain,dc=com" write
# by * read
# Indices to maintain
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
ldap.conf
UW PICO 5.04 File: ldap.conf # LDAP Master
host mercserver.mercdomain.com
base dc=mercdomain,dc=com
binddn cn=Manager,dc=mercdomain,dc=com
bindpw merc84
bind_policy soft
pam_password exop
nss_base_passwd ou=People,ou=Users,dc=mercdomain,dc=com?one
nss_base_shadow ou=People,ou=Users,dc=mercdomain,dc=com?one
nss_base_passwd ou=Computers,ou=Users,dc=mercdomain,dc=com?one
nss_base_shadow ou=Computers,ou=Users,dc=mercdomain,dc=com?one
nss_base_group ou=Groups,dc=mercdomain,dc=com?one
ssl no
View 1 Replies
View Related
Oct 28, 2010
Does winbindd must run on linux box client on network with samba ldap server configured as PDC.
View 5 Replies
View Related
Apr 21, 2010
I setup openldap and samba on 9.10. The ubuntu desktop client gets authenticated successfully with the server.
But when I do a passwd on the client, only the ldap passwd is getting changed but not in the samba and the unix user account.
My smb.conf
Code:
passdb backend = ldapsam:ldap://192.168.3.100
ldap suffix = dc=example,dc=local
ldap user suffix = ou=People
ldap group suffix = ou=Groups
[Code]....
View 4 Replies
View Related
Jun 24, 2011
I`am just trying to connect Samba with ldap to make it simpler for the users to log in. We have already attached squid, so by that we thought it would be easy to do the same with samba. I think we did something wrong with the ldap config for the os with is btw:
Quote:
SUSE Linux Enterprise Server 11 (x86_64)
VERSION = 11
PATCHLEVEL = 1
We added
Quote:
ldap admin dn = cn=xxx,o=xxx
[Code]...
View 1 Replies
View Related
Jan 18, 2010
how to make a new Ubuntu 9.10 box use our LDAP/Samba server for user authentication. Our Red Hat and Windows machines all use it just fine. I've been trying to use the auth-client-config and libnss-ldap packages for this purpose, but I must be missing something. I'm pretty green with LDAP, so this is my first time diving in... Is there a good How-To or step-by-step read on this? All of my searches lead me to setting up Ubuntu as the server, and that isn't what I want. I've also tried the steps listed in [URL] for the LDAP Authentication section.
View 1 Replies
View Related
Dec 8, 2009
I've setup my samba pdc with ldap, and I can see my shared files (public), which i think is an indication that my samba is working. But I can't seems to get my win2k8 machine to join my domain.
My domain admin is : root system admin: root password for both domain admin and system admin are the same The message that I get from Win2k8 when I try to join a domain is "The specified computer account could not be found. Contact an administrator to verify the account is in the domain. If the account has been deleted unjoin, reboot, and rejoin the domain"
[Code]...
View 2 Replies
View Related
May 13, 2010
The company I work for, as usual, is Microsoft-centric. I'm attempting to integrate my Ubuntu server into the domain to allow domain users to authenticate to the server and access file shares using Samba. Here's my current configuration:
[Code].....
View 9 Replies
View Related
May 25, 2010
I have a LAN of about 70 computers that I would like to share media files between. I have gotten to the point with Samba that I can view the files without a username/password from client PC's. I would like to make all the folders read only except for one which will be writable for everyone. The thing that I am having a hard time with is allowing a couple of administrators (on Windows 7 machines) read/write access for all files/folders. I am completely new to Ubuntu and Samba so please make explanations thorough. Here is /etc/samba/smb.conf file:
[Code]...
View 3 Replies
View Related
