Hi all
I have a Samba server set up to share files within a small network (with 2 clients) and I use OpenLDAP to store user accounts.
I have pretty much got everything working except I can't get the Vista client to connect to Samba, as it won't even prompt for a username and password it simply pops up the error "The account is not authorized to log in from this station".
The issue is resolvable by setting encrypt passwords = yes in smb.conf, but because I have OpenLDAP configured incorrectly, the Samba encrypted passwords are not being found against LDAP user accounts.
I have included my testparm output, slapd.conf and ldap.conf files for review as I'm sure I have something in slapd.conf incorrectly configured.
testparm
Code:
[global]
workgroup = BUSHWOOD.LOCAL
server string = Samba Server
passdb backend = ldapsam:ldap://127.0.0.1
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password %n\n *all*authentication*tokens*updated*
log level = 3
log file = /var/log/samba/smbd.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = /etc/printcap
dns proxy = No
ldap admin dn = cn=Manager,dc=bushwood,dc=local
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Hosts
ldap passwd sync = Yes
ldap suffix = dc=bushwood,dc=local
ldap ssl = no
ldap user suffix = ou=People
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
hosts allow = 192.168.5., 127.
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[shared]
comment = Users share
path = /home/shared
valid users = S-1-5-21-2252255531-4061614174-2474224977-513
read only = No
create mask = 0770
slapd.conf
Code:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
allow bind_v2
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by anonymous auth
by * none
access to *
by * read
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
database bdb
suffix "dc=bushwood,dc=local"
rootdn "cn=Manager,dc=bushwood,dc=local"
rootpw {SSHA}wflS3RmzdjXVxYDF1zX9kRh3IHT8nza9
hash_encrypt="SSHA"
directory /var/lib/ldap/bushwood.local
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
ldap.conf
Code:
HOST 192.168.5.1
BASE dc=bushwood,dc=local
TLS_CACERTDIR /etc/openldap/cacerts
Any help would be much appreciated.