FreeBSD + LDAP + SAMBA + WINDOWS

Israel Lehnen Silva israsilva at gmail.com
Wed May 28 22:11:08 UTC 2008 

Friends,

I have the following scenario:

Server FreeBSD 7.0 Stable authenticating in one basis LDAP through of the
PAM (pam_ldap and nss_ldap)
In same server, have running the SAMBA 3.0.28 authenticating too in
basis LDAP and using the scripts smbldap-tools.
Tool LDAPAdmin for administration of basis LDAP.

THE PROBLEM:

When chang the pass of user in basis LDAP trhough of LDAPAdmin,
select th cryptograpy "MD5 Crypt" for the atribuct userPassword
This way, I achieve log in the Windows and FreeBSD by terminal, ssh...
but when chang pass of user by Windows, the cryptograpy of password in
atribuct userPassword
is chanded for SSHA and so not conect in FreeBSD, also just conect in
windows.

FreeBSD and SAMBA authenticating in LDAP,
and changing the password by own user, not interfering in auth of ssh in
FreeBSD...
Someone implemented???

The configuration of Samba:

# Samba config file created using SWAT
# from 0.0.0.0 (0.0.0.0)
# Date: 2008/05/05 16:13:37

[global]
      dos charset = CP850
      unix charset = ISO8859-1
      workgroup = NOVOARQ
      netbios name = NARQ
      server string = LDAP Teste
      # update encrypted = Yes
      # unix password sync = Yes
      passwd program = /usr/local/sbin/smbldap-passwd -u "%u"
      encrypt passwords = Yes
      # obey pam restrictions = Yes
      socket options = TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT
SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192
      log level = 1
      log file = /var/log/samba/samba.log
      max log size = 0
      time server = Yes
      machine password timeout = 0
      logon script = %G.bat
      logon drive = H:
      logon home = \\NARQ\%U

      os level = 255
      preferred master = Yes
      domain master = yes
      domain logons = yes
      local master = yes

      passdb backend = ldapsam:ldap://ldap.dominio.com.br
      ldap passwd sync = Yes
      ldap delete dn = Yes
      ldap ssl = no
      ldap admin dn = cn=admin,dc=unilasalle,dc=edu,dc=br
      ldap suffix = dc=unilasalle,dc=edu,dc=br
      ldap machine suffix = ou=computadores
      ldap user suffix = ou=usuarios
      ldap group suffix = ou=grupos
      ldap idmap suffix = sambaDomainName=NOVOARQ
      idmap backend = ldap:ldap://ldap.dominio.com.br
      idmap uid = 10000-65000
      idmap gid = 10000-65000
      enable privileges = yes
      add user script = /usr/local/sbin/smbldap-useradd -m "%u"
      # delete user script = /usr/local/sbin/smbldap-userdel "%u"
      add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
      # delete group script = /usr/local/sbin/smbldap-groupdel "%g"
      add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u"
"%g"
      delete user from group script =
/usr/local/sbin/smbldap-groupmod -x "%u" "%g"
      set primary group script = /usr/local/sbin/smbldap-usermod -g "%g"
"%u"
      add machine script = /usr/local/sbin/smbldap-useradd -w "%u"

      utmp = Yes
      smb ports = 445 139
      name resolve order = wins bcast hosts
      time server = Yes
      template shell = /bin/false
      winbind use default domain = no
      map acl inherit = Yes
      strict locking = Yes
      wins support = Yes
      interfaces = bce0
      bind interfaces only = Yes

      dns proxy = No
      create mask = 0770
      force create mode = 0770
      directory mask = 0770
      force directory mode = 0770


Best regards,
Israel Lehnen Silva.

More information about the freebsd-hackers mailing list