I just did an initial Samba/LDAP configuration on a Debian Squeeze system. I added a single user to an ldap directory and installed libnss-ldap. I can now successfully login to the system using the newly created user, so it seems that Debian itself has no problem authenticating with LDAP.
I configured Samba based on a number of tutorials, but I haven't been able to connect to a share since I've configured LDAP. Here is the smb.conf:
[global]
workgroup = ANDROCS
passdb backend = ldapsam:ldap://127.0.0.1/
log level = 5
log file = /var/log/samba/log.%m
max log size = 100
time server = Yes
domain logons = Yes
preferred master = Yes
domain master = Yes
wins support = No
# LDAP
ldap admin dn = cn=admin,dc=androcs,dc=com
ldap group suffix = ou=group
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap suffix = dc=androcs,dc=com
ldap user suffix = ou=Users
ldap ssl = off
idmap backend = ldap:ldap://127.0.0.1
idmap uid = 10000-20000
idmap gid = 10000-20000
# now define some shares
[technical]
comment = Common Engineering and Technical Material
path = /export/technical
force group = technical
read only = No
create mask = 0770
directory mask = 0770
browseable = No
[development]
comment = Software Development Repositories
path = /export/development
force group = development
read only = No
create mask = 0770
directory mask = 0770
browseable = No
[business]
comment = Common Business Material
path = /export/business
force group = business
read only = No
create mask = 0770
directory mask = 0770
browseable = No
So I try logging onto the share from another Debian system using the gnome 'Connect to server' function. Simultaneously I tail the output of the syslog, and here is the result:
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 fd=13 ACCEPT from IP=127.0.0.1:53334 (IP=0.0.0.0:389)
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=0 BIND dn="cn=admin,dc=androcs,dc=com" method=128
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=0 BIND dn="cn=admin,dc=androcs,dc=com" mech=SIMPLE ssf=0
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=0 RESULT tag=97 err=0 text=
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=1 SRCH attr=supportedControl
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=2 SRCH base="dc=androcs,dc=com" scope=2 deref=0 filter="(&(uid=tarcuri)(?objectClass=sambaSamAccount))"
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 fd=13 closed (connection lost)
The line the immediately sticks out to me is:
conn=1004 op=2 SRCH base="dc=androcs,dc=com" scope=2 deref=0 filter="(&(uid=tarcuri)(?objectClass=sambaSamAccount))"
In particular the objectClass. I am new to LDAP, but I configured the user as person, inetOrgPerson, posixAccount, and shadowAccount.
Does anyone know where I should start? Can I increase the logging level to get a better clue as to what is wrong?
Thanks!
The search filter looks suspect because of the
'?'before the textobjectClassbut that might be a translation or pasting error. The search returned zero entries (nentries=0) because as you said, no entries had auidoftarcuriand an objectClass ofsambaSamAccount.