Authenticating to Samba with Fedora Directory Server backend

rogalewski · 02-24-2009, 04:20 PM

Hi everyone,

I'm trying to setup a Samba network share with a Fedora Directory Server backend. This will be used primarily for Windows users to authenticate before accessing the share. I am using Fedora Core 10 and have all of the latest updates installed.

When I try to connect from a Windows machine, I am prompted for a username and password. I enter the username and password of the account I created in Fedora Directory Server in OU=People. The credentials are rejected. At the same time in the log file I see this:

[2009/02/24 16:50:16, 3] auth/auth_sam.c:check_sam_security(282)
check_sam_security: Couldn't find user 'Administrator' in passdb.
[2009/02/24 16:50:16, 2] auth/auth.c:check_ntlm_password(318)
check_ntlm_password: Authentication for user [Administrator] -> [Administrator] FAILED with error NT_STATUS_NO_SUCH_USER

Administrator is the user I created in Fedora Directory Server. If I perform an ldapsearch it will find the user as uid: Administrator so I know it is able to be looked up in FDS. But I'm guessing that's not the problem.

Is their something I am missing?

Here is my smb.conf file:

[global]
workgroup = wrkgrp
netbios name = smbserver
security = user
load printers = No
default service = global
path = /home
available = No
encrypt passwords = yes
passdb backend = ldapsam:ldap://localhost
passwd program = /usr/bin/passwd
unix password sync = yes
log file = /var/log/samba/log.%m
log level = 3
max log size = 50
ldap suffix = dc=cv, dc=office
ldap user suffix = ou=people
ldap admin dn = cn=directory manager

[share]
#writeable = yes
#admin users = smbuser
path = /raid/share
#force user = root
#valid users = smbuser
public = no
guest ok = no
#available = yes

Any help would be greatly appreciated!! I've been working on this for a few weeks and it is starting to drive me crazy!

zinovsky · 02-25-2009, 09:18 AM

I think you have to create samba users /etc/samba/smbusers and then to setup a password for every user please see this documentation

rogalewski · 02-25-2009, 11:28 AM

Quote:

Originally Posted by zinovsky

I think you have to create samba users /etc/samba/smbusers and then to setup a password for every user please see this documentation

I'm not sure I understand.

The share is going to be used by 75-100 people. I want to add each user to Fedora Directory Server so that if an employee is fired I can easily suspend their access.

If I'm already adding them to FDS, why would I have to again add them to a Valid Users list in Samba? Isn't their a way I can just tell Samba to check FDS for the user before letting them in?

It appears the issue right now (to me atleast) is that Samba cannot authenticate the NT user through FDS.

Thanks for your help.