Solved

Samba + LDAP on RHEL Server 6.4

Posted on 2014-04-14
6
1,050 Views
Last Modified: 2014-04-29
I am trying to set-up SAMBA with LDAP authentication on Red Hat Enterprise Linux Server release 6.4 (Santiago).
I can see the shares from another machine, but when I enter my LDAP credentials I cannot connect.
I need to set up the shares so that everyone from ldap can browse them.
Here is my smb.conf (I have altered sensitive information):

[global]
	workgroup = SERVERS
	
	interfaces = 1.1.1.2
	bind interfaces only = yes
	hosts allow = 127. 1.1.1.
        max connections = 20
        lock directory = /var/lock/samba
	
	syslog = 3 passdb:5 auth:10 winbind:2
	syslog only = yes

	security = domain
	password server = 1.1.1.1
	#security = user
	#enable privileges = yes

	#passdb backend = ldapsam:"ldap://1.1.1.1"
	#username map = /etc/samba/smbusers

	encrypt passwords = yes

	printing = bsd	
	load printers = no

[tools]
	path = /exports/development/tools
	printable = no
	force group = grp2
	write list = @grp2
	browseable = yes
	writeable = yes
	#create mask = 0774
	create mask = 0664
        #directory mask = 2775
	directory mask = 0775	

[workspace]
	path = /exports/development/workspace
        printable = no
        force group = grp
        write list = @grp
        browseable = yes
	writeable = yes
        create mask = 0774
        directory mask = 2775
[installations]
	path = /exports/installations
        browseable=yes
        writable=yes
        create mode = 0664
        directory mode = 0775

I am also using NFS eo export these folders under /exports.
Here is my ldap.conf:

TLS_CACERTDIR /etc/openldap/cacerts
URI ldap://server10.domain.com/
BASE dc=domain,dc=com

How can I set up the SAMBA shares to be able for LDAP users to connect to and browse?
0
Comment
Question by:proteus-IV
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 

Author Comment

by:proteus-IV
ID: 40001349
I have turned on logging in the meantime and am seeing a lot of this error in the logs for all the clients trying to access the shares:

[2014/04/14 13:50:51.924967,  1] smbd/process.c:457(receive_smb_talloc)
  receive_smb_raw_talloc failed for client 192.168.1.2 read error = NT_STATUS_CONNECTION_RESET.
0
 
LVL 40

Accepted Solution

by:
jlevie earned 500 total points
ID: 40028569
Are you using smbldap-tools for the schema? I don't know how you'd get this to work otherwise.  And there are some changes needed on the Microsoft clients (XP or later) to have this work. I'm not at work now, so I can't reference my notes on setting this up.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40028828
Is LDAP OpenLDAP or something else?
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question