Join Log in
Score:0
Medb avatar Server

samba - openLdap authentication issue - Ubuntu 20.04 server

us flag
Medb

i'll try and be concise:

i'm running a Ubuntu server 20.04 VM, i've installed OpenLDAP and Samba (this is an assignment, so i'm not worrying very much that those both are hosted on same server for the time being). I set Samba up and create my shares; then i set LDAP on, and by looking at my LDAP structure, it seems that it's working fine, i installed SSSD to bind the two and allow me to authenticate with my samba credentials, but i'm hitting my head against a brick wall.

I'll explain the passages here:

installed packages:
slapd ldap-utils samba smbldap-tools locate net-tools fusiondirectory-plugin-samba-schema sssd-ldap phpldapadmin

I followed the procedure at these 2 links:

https://ubuntu.com/server/docs/service-ldap

https://ubuntu.com/server/docs/samba-openldap-backend

and yet, whenever i try to log from my guest to the server, using my LDAP credentials, it just yeets me off. It works if i try and log in as a guest tho, so i'm really wondering what's the problem. I've been dealing with it within the past 4 days :(.

I'll post my config files, with all of the sensitive info masked:

smb.conf:

[global]
workgroup = SHELLERATI
netbios name = ldamba
server string = %h server (Samba, Ubuntu)
log file = /var/log/samba/log.%m
max log size = 1000
#ldap idmap suffix = ou=Idmap
idmap config * : range = 10000-199999
#idmap config * : backend = ldapsam:ldapi://server-ip/
logging = syslog@1 /var/log/samba/log.%m
panic action = /usr/share/samba/panic-action %d
server role = standalone server
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
#map to guest = bad password
security = domain
realm = ws-samba.it
# LDAP Settings
passdb backend = ldapsam:ldap://server-hostname
ldap suffix = dc=ws-samba,dc=it
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap admin dn = cn=admin,dc=ws-samba,dc=it
ldap ssl = no
ldap passwd sync = yes

[docs]
   comment = Comment
   browseable = yes
   path = /mnt/docs
   guest ok = yes
   read only = yes
   create mask = 0700

[hr]
   comment = Comment
   path = /mnt/hr
   browseable = no
   read only = no
   guest ok = no
   create mask = 0755

[devel] 
   comment = Comment
   browseable = yes
   path = /mnt/devel
   guest ok = no
   read only = no
   create mask = 0755

[tech]
   comment = Comment
   browseable = yes
   path = /mnt/tech
   guest ok = no
   read only = no
   create mask = 0755

sssd.conf:

[sssd]
config_file_version = 2
domains = ws-samba.it
services = nss, pam, autofs

[nss]
homedir_substring = /home

[pam]

[domain/ws-samba.it]
ldap_autofs_map_object_class   = automountMap
ldap_autofs_map_name           = ou
ldap_autofs_entry_object_class = automount
ldap_autofs_entry_key          = cn
ldap_autofs_entry_value        = automountInformation
id_provider = ldap
#autofs_provider = ldap
auth_provider = ldap
ldap_uri = ldap://server-ip/
#cache credentials= True
ldap_search_base = dc=ws-samba,dc=it

smbldap.conf:

SID="{correct-sid}"
sambaDomain="SHELLERATI"
slaveLDAP="server-hostname"
slavePort="389"
masterLDAP="server-hostname"
masterPort="389"
ldapTLS="0"
verify=""
cafile=""
clientcert=""
clientkey=""
suffix="dc=ws-samba,dc=it"
usersdn="ou=People,${suffix}"
computersdn="ou=,${suffix}"
groupsdn="ou=Groups,${suffix}"
idmapdn="ou=Idmap,${suffix}"
sambaUnixIdPooldn="sambaDomainName=SHELLERATI,${suffix}"
scope="sub"
hash_encrypt="SSHA"
crypt_salt_format=""
userLoginShell="/bin/false"
userHome="/home/%U"
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="45"
userSmbHome="\\ldamba\%U"
userProfile="\\ldamba\profiles\%U"
userHomeDrive=""
userScript=""
mailDomain=""
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"


last, and i don't know if i'm making it any easier for you, my ldap structure:

dn: ou=People,dc=ws-samba,dc=it
objectClass: organizationalUnit
ou: hr

dn: ou=Groups,dc=ws-samba,dc=it
objectClass: organizationalUnit
ou: hr

dn: cn=employees,ou=Groups,dc=ws-samba,dc=it
objectClass: posixGroup
cn: employees
gidNumber: 5000

dn: cn=hr,ou=Groups,dc=ws-samba,dc=it
objectClass: posixGroup
cn: hr
gidNumber: 5001

dn: cn=tech,ou=Groups,dc=ws-samba,dc=it
objectClass: posixGroup
cn: tech
gidNumber: 5002

dn: cn=devel,ou=Groups,dc=ws-samba,dc=it
objectClass: posixGroup
cn: devel
gidNumber: 5003

dn: uid=panna,ou=People,dc=ws-samba,dc=it
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: panna
sn: surname
givenName: name
cn: name-surname
displayName: name-surname
uidNumber: 10001
gidNumber: 5002
userPassword: password
loginShell: /bin/false
homeDirectory: /home/panna

dn: uid=marcoz,ou=People,dc=ws-samba,dc=it
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: marcoz
sn: surname
givenName: name
cn: name surname
displayName: name surname
uidNumber: 10002
gidNumber: 5003
userPassword: password
loginShell: /bin/false
homeDirectory: /home/marcoz

dn: uid=pmarco,ou=People,dc=ws-samba,dc=it
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: pmarco
sn: surname
givenName: name
cn: name surname
displayName: name surname
uidNumber: 10003
gidNumber: 5001
userPassword: password
loginShell: /bin/false
homeDirectory: /home/pmarco

I manually created the home directories for my 3 users, and checking the password, it matches with the one in my possession. If i launch smbldap-useradd -a panna it tells me that it already exists, but when i run a search on my local machine, it doesn't exist. as of now, if i try and run an ldapsearch, it finds any parameter i look for, but by running pdbedit -L it returns blanks, and I really don't know where to look for anymore, Needless to say, whenever I try and reach for my shares, i find them as guest, but when I try to log to any one share which is not the [docs] one, it gives me:

$ smbclient //server-ip/tech -U panna Password for [SHELLERATI\panna]: session setup failed: NT_STATUS_NO_LOGON_SERVERS

I'm sorry for the long post, and i'm grateful in advance for your attention.

Cheers!

169
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.