ldap-authentication without sambaSamAccount on linux smb/cifs server (e.g. samba)

ldap authentication samba cifs debian-wheezy
6,984

You need to set an ldap password in samba. (E.G. if your admindn is for the user admin)

smbpasswd -w admin
Share:
6,984

Related videos on Youtube

umläute
Author by

umläute

media-artist, open-source developer, system administrator and phd-student (phew!)

Updated on September 18, 2022

Comments

  • umläute
    umläute almost 2 years

    i'm currently running samba-3.5.6 on a debian/wheezy host to act as the fileserver for our department's w32-clients. authentication is done via OpenLDAP, where each user-dn has an objectclass:sambaSamAccount that holds the smb-credentials and an objectclass:shadowAccount/posixAccount for "ordinary" authentication (e.g. pam, apache,...)

    now we would like to dump our department's user-db, and instead use authenticate against the user-db of our upstream-organisation. these user-accounts are managed in a novell-edirectory, which i can already use to authenticate using pam (e.g. for ssh-logins; on another host). our upstream organisation provides smb/cifs based access (via some novell service) to some directories, which i can access from my linux client via smbclient.

    what i currently don't manage to do is to use the upstream-ldap (the eDirectory) to authenticate our institution's samba:

    i configured my samba-server to auth against the upstream ldap server:

    passdb backend = ldapsam:ldaps://ldap.example.com

    but when i try to authenticate a user, i get:

    $ smbclient -U USER \\\\SMBSERVER\\test
Enter USER's password: 
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.6]
tree connect failed: NT_STATUS_ACCESS_DENIED

    the logfiles show:

    [2012/10/02 09:53:47.692987,  0] passdb/secrets.c:350(fetch_ldap_pw)
  fetch_ldap_pw: neither ldap secret retrieved!
[2012/10/02 09:53:47.693131,  0] lib/smbldap.c:1180(smbldap_connect_system)
  ldap_connect_system: Failed to retrieve password from secrets.tdb

    i see two problems i'm having:

    • i don't have any administrator password for the upstream ldap (and most likely, they won't give me one). i only want to authenticate my users, write-access is not needed at all. can i go away with that?

    • the upstream ldap does not have any samba-related attributes in the db. i was under the impression, that for samba to authenticate, those attributes are required, as smb/cifs uses some trivial hashing which is not compatible with the usual posixAccount hashes.

    is there a way for my department's samba server to authenticate against such an ldap server?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Why won't the CIFS service start?
How do I connect my FreeNAS File Server to my Mac OS X Directory Server?
Samba standalone server using LDAP for authentication: SID mismatch
Could not authenticate you from Ldapmain because "Invalid credentials for user.name"
LDAP authentication failed:data 52e
User authentication over LDAP in asp
LDAP Authentication on Windows
Accessing Samba Share with authentication, No Drive Mapping - C#
Uncategorized exception for using correct credentials in LDAP authentication
How to Deactivate a LDAP User?