[ale] Samba - external LDAP

John Heim john at johnheim.com
Tue Jul 1 20:24:01 EDT 2014


You can bind to the ldap server as a regular user. That's how you use an 
ldap server for authentication. For example, if your domain is 
example.com and you wish to bind as user "nemo"

ldapsearch -x -ZZ -H ldap://ldap.example.com -D 
"uid=nemo,ou=people,dc=example,dc=com" -W "uid=nemo"

It will ask for the password for user nemo. So theoretically, I think 
what you are asking should be possible. I have only a vague recollection 
of configuring samba to authenticate vs ldap. I think if you do not give 
it the ldap manager password with smbpass, it doesn't work. But I don't 
know why.

On 6/30/2014 3:40 PM, Hendry, Chris wrote:
> Thanks for responding.....
>
> As I was alluding, it is an external LDAP server and I do not know the password.
> Isn't there a way to set this up with READ-ONLY?
> Examples on the internet only talk about where you have admin rights.
>
> Chris
>
>
>
>   > Message: 3
>> Date: Sun, 29 Jun 2014 20:36:23 +0000
>> From: Shawn <taaj.shawn at gmail.com>
>> To: Atlanta Linux Enthusiasts <ale at ale.org>
>> Subject: Re: [ale] Samba - external LDAP
>> Message-ID:
>> 	<CADSjncRXA+eymaki-29TMkRjbckFuGCOyWfJ5-
>> SW3jJLkfphow at mail.gmail.com>
>> Content-Type: text/plain; charset="utf-8"
>>
>> ldapsearch -x -H ldap://fqdn -D cn=Manager,dc=xxx,dc=xxx,dc=com  -W
>>
>> sorry forgot the password prompt thingy
>>
>>
>> On Sun, Jun 29, 2014 at 8:35 PM, Shawn <taaj.shawn at gmail.com> wrote:
>>
>>> Looks like your bind dn creds are wrong
>>>
>>> ldapsearch -x -H ldap://fqdn -D cn=Manager,dc=xxx,dc=xxx,dc=com
>>>
>>> is that successful?
>>>
>>>
>>> On Sat, Jun 28, 2014 at 8:48 PM, Hendry, Chris
>>> <Chris.Hendry at turner.com>
>>> wrote:
>>>
>>>>
>>>>
>>>> I'm trying to set up a SAMBA share using an external LDAP server for
>>>> authentication that I have no control over.
>>>>
>>>> I do not have any admin abilities on the LDAP server, only need read
>>>> ability.
>>>>
>>>>
>>>>
>>>> Cannot set smbpasswd -w <admin password>, thus get in log:
>>>>
>>>> failed to bind to server ldap://xxx-xxx.xxx.com/ with
>>>> dn="cn=Manager,dc=xxx,dc=xxx,dc=com" Error: Invalid credentials
>>>>
>>>>          (unknown)
>>>>
>>>>
>>>>
>>>> Isn't there a way to set this up with READ-ONLY?
>>>> Examples on the internet only talk about where you have admin rights.
>>>>
>>>> Thanks for any advise
>>>>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo



More information about the Ale mailing list