FreeBSD + LDAP + SAMBA + WINDOWS
Israel Lehnen Silva
israsilva at gmail.com
Wed May 28 22:11:08 UTC 2008
Friends,
I have the following scenario:
Server FreeBSD 7.0 Stable authenticating in one basis LDAP through of the
PAM (pam_ldap and nss_ldap)
In same server, have running the SAMBA 3.0.28 authenticating too in
basis LDAP and using the scripts smbldap-tools.
Tool LDAPAdmin for administration of basis LDAP.
THE PROBLEM:
When chang the pass of user in basis LDAP trhough of LDAPAdmin,
select th cryptograpy "MD5 Crypt" for the atribuct userPassword
This way, I achieve log in the Windows and FreeBSD by terminal, ssh...
but when chang pass of user by Windows, the cryptograpy of password in
atribuct userPassword
is chanded for SSHA and so not conect in FreeBSD, also just conect in
windows.
FreeBSD and SAMBA authenticating in LDAP,
and changing the password by own user, not interfering in auth of ssh in
FreeBSD...
Someone implemented???
The configuration of Samba:
# Samba config file created using SWAT
# from 0.0.0.0 (0.0.0.0)
# Date: 2008/05/05 16:13:37
[global]
dos charset = CP850
unix charset = ISO8859-1
workgroup = NOVOARQ
netbios name = NARQ
server string = LDAP Teste
# update encrypted = Yes
# unix password sync = Yes
passwd program = /usr/local/sbin/smbldap-passwd -u "%u"
encrypt passwords = Yes
# obey pam restrictions = Yes
socket options = TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT
SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192
log level = 1
log file = /var/log/samba/samba.log
max log size = 0
time server = Yes
machine password timeout = 0
logon script = %G.bat
logon drive = H:
logon home = \\NARQ\%U
os level = 255
preferred master = Yes
domain master = yes
domain logons = yes
local master = yes
passdb backend = ldapsam:ldap://ldap.dominio.com.br
ldap passwd sync = Yes
ldap delete dn = Yes
ldap ssl = no
ldap admin dn = cn=admin,dc=unilasalle,dc=edu,dc=br
ldap suffix = dc=unilasalle,dc=edu,dc=br
ldap machine suffix = ou=computadores
ldap user suffix = ou=usuarios
ldap group suffix = ou=grupos
ldap idmap suffix = sambaDomainName=NOVOARQ
idmap backend = ldap:ldap://ldap.dominio.com.br
idmap uid = 10000-65000
idmap gid = 10000-65000
enable privileges = yes
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
# delete user script = /usr/local/sbin/smbldap-userdel "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
# delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script =
/usr/local/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g"
"%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
utmp = Yes
smb ports = 445 139
name resolve order = wins bcast hosts
time server = Yes
template shell = /bin/false
winbind use default domain = no
map acl inherit = Yes
strict locking = Yes
wins support = Yes
interfaces = bce0
bind interfaces only = Yes
dns proxy = No
create mask = 0770
force create mode = 0770
directory mask = 0770
force directory mode = 0770
Best regards,
Israel Lehnen Silva.
More information about the freebsd-hackers
mailing list