[CALUG] Setting up Samba with FDS

[Joe Tseng]

I think I'm almost there getting Samba (3.4.9-60) to authenticate against FDS (1.2.6.1) but I'm at a loss to get over this last hurdle.  Total LDAP newbie here so nothing about any of this is obvious to me right now.

I've been using http://directory.fedoraproject.org/wiki/Howto:Samba as a guide.  I've configured FDS and put in groups and users.  AFAIK I've configured Samba to use FDS to authenticate users.  After some bumps with DHCP and DNS and other nitpicky issues I got my WinXP Pro to talk to Samba, but it's not not authenticating users.

WinXP is spitting out the following: "The network path was not found."

When I try to add an existing local user I get the following:

$ sudo smbpasswd homeadmin
Failed to issue the StartTLS instruction: Can't contact LDAP server
Connection to LDAP server failed for the 1 try!
Failed to issue the StartTLS instruction: Can't contact LDAP server
Connection to LDAP server failed for the 2 try!
Failed to issue the StartTLS instruction: Can't contact LDAP server
Connection to LDAP server failed for the 3 try!


I created a self-signed cert for FDS, registered it and restarted the service but it doesn't seem like it's had any effect.

My global section is as follows:

[global]
        large readwrite = yes
        display charset = LOCALE
        time server = yes
        veto files = /*.nws/riched20.dll/*.{*}/
        netbios name = home
        cups options = raw
        printing = cups
        dos charset = CP850
        local master = yes
        workgroup = HOME
        os level = 33
        auto services = global netlogon
        ldap admin dn = "cn=admin,dc=home"
        printcap name = cups
        security = user
        max log size = 150
        log level = 0
        log file = /var/log/samba/%m.log
        load printers = yes
        guest account = nobody
        ldap user suffix = ou=People
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        logon drive = H:
        domain master = yes
        map to guest = Bad User
        encrypt passwords = yes
        winbind use default domain = no
        printer admin = root, @ntadmin, administrator
        template shell = /bin/bash
        wins support = true
        unix extensions = no
        username map script = /usr/share/hda-platform/hda-usermap
        ldapsam:trusted = yes
        ldap group suffix = ou=Groups
        server string = home
        wide links = yes
        ldap machine suffix = ou=Computers
        ldap suffix = dc=home
        ldap idmap suffix = ou=Idmap
        ldap admin dn = cn=admin,dc=home
        idmap backend = ldap://127.0.0.1
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        logon path = \\%L\profiles\%U
        unix charset = UTF8
        domain logons = yes
        passdb backend = ldapsam:ldap://home
        ldap ssl = start_tls
        add user script = /usr/sbin/smbldap-useradd -m '%U'
        delete user script = /usr/sbin/smbldap-userdel '%U'
        add group script = /usr/sbin/smbldap-groupadd -p '%G'
        delete group script = /usr/sbin/smbldap-groupdel '%G'
        add user to group script = /usr/sbin/smbldap-groupmod -m '%G' '%U'
        delete user from group script = /usr/sbin/smbldap-groupmod -x '%G' '%U'
        set primary group script = /usr/sbin/smbldap-usermod -g '%G' '%U'
        add machine script = /usr/sbin/smbldap-useradd -w '%U'



Thanks in advance for any useful help...


If you type "Google" into Google, you can break the Internet.  -- Jen Barber