Solved

Samba + LDAP on RHEL Server 6.4

Posted on 2014-04-14
6
1,015 Views
Last Modified: 2014-04-29
I am trying to set-up SAMBA with LDAP authentication on Red Hat Enterprise Linux Server release 6.4 (Santiago).
I can see the shares from another machine, but when I enter my LDAP credentials I cannot connect.
I need to set up the shares so that everyone from ldap can browse them.
Here is my smb.conf (I have altered sensitive information):

[global]
	workgroup = SERVERS
	
	interfaces = 1.1.1.2
	bind interfaces only = yes
	hosts allow = 127. 1.1.1.
        max connections = 20
        lock directory = /var/lock/samba
	
	syslog = 3 passdb:5 auth:10 winbind:2
	syslog only = yes

	security = domain
	password server = 1.1.1.1
	#security = user
	#enable privileges = yes

	#passdb backend = ldapsam:"ldap://1.1.1.1"
	#username map = /etc/samba/smbusers

	encrypt passwords = yes

	printing = bsd	
	load printers = no

[tools]
	path = /exports/development/tools
	printable = no
	force group = grp2
	write list = @grp2
	browseable = yes
	writeable = yes
	#create mask = 0774
	create mask = 0664
        #directory mask = 2775
	directory mask = 0775	

[workspace]
	path = /exports/development/workspace
        printable = no
        force group = grp
        write list = @grp
        browseable = yes
	writeable = yes
        create mask = 0774
        directory mask = 2775
[installations]
	path = /exports/installations
        browseable=yes
        writable=yes
        create mode = 0664
        directory mode = 0775

I am also using NFS eo export these folders under /exports.
Here is my ldap.conf:

TLS_CACERTDIR /etc/openldap/cacerts
URI ldap://server10.domain.com/
BASE dc=domain,dc=com

How can I set up the SAMBA shares to be able for LDAP users to connect to and browse?
0
Comment
Question by:proteus-IV
6 Comments
 

Author Comment

by:proteus-IV
ID: 40001349
I have turned on logging in the meantime and am seeing a lot of this error in the logs for all the clients trying to access the shares:

[2014/04/14 13:50:51.924967,  1] smbd/process.c:457(receive_smb_talloc)
  receive_smb_raw_talloc failed for client 192.168.1.2 read error = NT_STATUS_CONNECTION_RESET.
0
 
LVL 40

Accepted Solution

by:
jlevie earned 500 total points
ID: 40028569
Are you using smbldap-tools for the schema? I don't know how you'd get this to work otherwise.  And there are some changes needed on the Microsoft clients (XP or later) to have this work. I'm not at work now, so I can't reference my notes on setting this up.
0
 
LVL 61

Expert Comment

by:gheist
ID: 40028828
Is LDAP OpenLDAP or something else?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows storage spaces - raid10 14 137
server plus 2 84
Perc 6/I Drives all Failed When Creating RAID 9 72
aws pricing 2 20
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now