ldap users with users samba - openldap-technical

18 Jan 2013


      Hello !
I trying sync ldap users with users samba.
I´m using a interface, by create ldap users.
So, when ldap user be created, i want account e password samba be created.
No my smb.conf I put the follow lines:
ldap admin dn = cn=admin,dc=def,dc=mg,dc=gov,dc=br
        ldap group suffix = ou = groups
        ldap machine suffix = ou = computers
        ldap passwd sync = yes
        encrypt passwords = Yes
        ldap suffix = dc=def,dc=mg,dc=gov,dc=br
        ldap ssl = no
        ldap user suffix = ou = defensory
        smb ports = 445 139
add user script = /usr/sbin/smbldap-useradd -a -m "%u"
        add group script = /usr/sbin/smbldap-groupadd -p "%g"
        add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
        delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
        set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
        add machine script = /usr/sbin/smbldap-useradd -w "%u"
        passwd program = /usr/sbin/smbldap-passwd -s "%u"
        passdb backend = ldapsam:ldap://10.65.8.95
        passdb backend = tdbsam
        hosts allow = 127.0.0.1, 10.65.8.0/255.255.252.0
        pam password change = yes
        passwd program = /usr/bin/passwd %u
I configure in  sladp.conf:
include        /etc/ldap/schema/ppolicy.schema
moduleload  ppolicy.so
overlay ppolicy
access to attrs=userPassword,shadowLastChange,sambaPwdMustChange,sambaLMPassword,sambaPwdLastSet,sambaNTPassword
        by dn="cn=admin,dc=def,dc=mg,dc=gov,dc=br" write
        by anonymous auth
        by self write
        by * none
The user ldap is done, but samba user is not created.
See some logs:
Jan 18 16:09:01 defensoria slapd[6210]: conn=2455 fd=50 ACCEPT from IP=10.65.8.95:54507 (IP=0.0.0.0:389)
So its bad.
root@replica:/etc/ldap# smbclient -L 10.65.8.95 -U xbox
Enter xbox's password:
session setup failed: NT_STATUS_LOGON_FAILURE
Thanks !
Rodrigo Faria Tavares