LinuxQuestions.org - Samba Server w/ LDAP Users

Hi all

I have a Samba server set up to share files within a small network (with 2 clients) and I use OpenLDAP to store user accounts.

I have pretty much got everything working except I can't get the Vista client to connect to Samba, as it won't even prompt for a username and password it simply pops up the error "The account is not authorized to log in from this station".

The issue is resolvable by setting encrypt passwords = yes in smb.conf, but because I have OpenLDAP configured incorrectly, the Samba encrypted passwords are not being found against LDAP user accounts.

I have included my testparm output, slapd.conf and ldap.conf files for review as I'm sure I have something in slapd.conf incorrectly configured.

testparm

Code:

[global]

        workgroup = BUSHWOOD.LOCAL

        server string = Samba Server

        passdb backend = ldapsam:ldap://127.0.0.1

        passwd program = /usr/bin/passwd %u

        passwd chat = *New*password* %n\n *Retype*new*password %n\n *all*authentication*tokens*updated*

        log level = 3

        log file = /var/log/samba/smbd.log

        max log size = 50

        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

        printcap name = /etc/printcap

        dns proxy = No

        ldap admin dn = cn=Manager,dc=bushwood,dc=local

        ldap group suffix = ou=Groups

        ldap idmap suffix = ou=Idmap

        ldap machine suffix = ou=Hosts

        ldap passwd sync = Yes

        ldap suffix = dc=bushwood,dc=local

        ldap ssl = no

        ldap user suffix = ou=People

        idmap uid = 16777216-33554431

        idmap gid = 16777216-33554431

        hosts allow = 192.168.5., 127.

        cups options = raw



[homes]

        comment = Home Directories

        read only = No

        browseable = No



[printers]

        comment = All Printers

        path = /var/spool/samba

        printable = Yes

        browseable = No



[shared]

        comment = Users share

        path = /home/shared

        valid users = S-1-5-21-2252255531-4061614174-2474224977-513

        read only = No

        create mask = 0770

slapd.conf

Code:

include        /etc/openldap/schema/core.schema

include        /etc/openldap/schema/cosine.schema

include        /etc/openldap/schema/inetorgperson.schema

include        /etc/openldap/schema/nis.schema

include        /etc/openldap/schema/samba.schema



allow bind_v2



pidfile        /var/run/slapd.pid

argsfile        /var/run/slapd.args



access to attrs=userPassword,sambaLMPassword,sambaNTPassword

      by self write

      by anonymous auth

      by * none

access to *

      by * read



#######################################################################

# ldbm and/or bdb database definitions

#######################################################################



database        bdb

suffix          "dc=bushwood,dc=local"

rootdn          "cn=Manager,dc=bushwood,dc=local"

rootpw          {SSHA}wflS3RmzdjXVxYDF1zX9kRh3IHT8nza9



hash_encrypt="SSHA"



directory      /var/lib/ldap/bushwood.local



index objectClass                      eq,pres

index ou,cn,mail,surname,givenname      eq,pres,sub

index uidNumber,gidNumber,loginShell    eq,pres

index uid,memberUid                    eq,pres,sub

index nisMapName,nisMapEntry            eq,pres,sub

index sambaSID,sambaPrimaryGroupSID,sambaDomainName    eq

ldap.conf

Code:

HOST 192.168.5.1

BASE dc=bushwood,dc=local



TLS_CACERTDIR /etc/openldap/cacerts

Any help would be much appreciated.