Solved

Samba + LDAP on RHEL Server 6.4

Posted on 2014-04-14
6
1,009 Views
Last Modified: 2014-04-29
I am trying to set-up SAMBA with LDAP authentication on Red Hat Enterprise Linux Server release 6.4 (Santiago).
I can see the shares from another machine, but when I enter my LDAP credentials I cannot connect.
I need to set up the shares so that everyone from ldap can browse them.
Here is my smb.conf (I have altered sensitive information):

[global]
	workgroup = SERVERS
	
	interfaces = 1.1.1.2
	bind interfaces only = yes
	hosts allow = 127. 1.1.1.
        max connections = 20
        lock directory = /var/lock/samba
	
	syslog = 3 passdb:5 auth:10 winbind:2
	syslog only = yes

	security = domain
	password server = 1.1.1.1
	#security = user
	#enable privileges = yes

	#passdb backend = ldapsam:"ldap://1.1.1.1"
	#username map = /etc/samba/smbusers

	encrypt passwords = yes

	printing = bsd	
	load printers = no

[tools]
	path = /exports/development/tools
	printable = no
	force group = grp2
	write list = @grp2
	browseable = yes
	writeable = yes
	#create mask = 0774
	create mask = 0664
        #directory mask = 2775
	directory mask = 0775	

[workspace]
	path = /exports/development/workspace
        printable = no
        force group = grp
        write list = @grp
        browseable = yes
	writeable = yes
        create mask = 0774
        directory mask = 2775
[installations]
	path = /exports/installations
        browseable=yes
        writable=yes
        create mode = 0664
        directory mode = 0775

I am also using NFS eo export these folders under /exports.
Here is my ldap.conf:

TLS_CACERTDIR /etc/openldap/cacerts
URI ldap://server10.domain.com/
BASE dc=domain,dc=com

How can I set up the SAMBA shares to be able for LDAP users to connect to and browse?
0
Comment
Question by:proteus-IV
6 Comments
 

Author Comment

by:proteus-IV
Comment Utility
I have turned on logging in the meantime and am seeing a lot of this error in the logs for all the clients trying to access the shares:

[2014/04/14 13:50:51.924967,  1] smbd/process.c:457(receive_smb_talloc)
  receive_smb_raw_talloc failed for client 192.168.1.2 read error = NT_STATUS_CONNECTION_RESET.
0
 
LVL 40

Accepted Solution

by:
jlevie earned 500 total points
Comment Utility
Are you using smbldap-tools for the schema? I don't know how you'd get this to work otherwise.  And there are some changes needed on the Microsoft clients (XP or later) to have this work. I'm not at work now, so I can't reference my notes on setting this up.
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
Is LDAP OpenLDAP or something else?
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
new to networking configuration 6 30
HPE Server SAS connector part 11 55
cisco nexus experiance 2 27
Raid 6 or Raid 10? 19 45
Is your computer hacked? learn how to detect and delete malware in your PC
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now