Hi,
I'm setting up Samba to authenticate against an LDAP Server. I have the basic setup running but authentication fails. I'm 95% sure that the LDAP config is still wrong but the guy I'm setting this up for doesn't really come up with the proper info.
I have set log level = 5 and get tons of irrelevant info. What I'd like to see is the LDAP queries that the samba server issues. But I have no idea which magic switch will make this happen.
My google-fu seems to be bad today, too as I cannot find any relevant info either.
Help!
-dirk
On 01/30/2014 05:36 PM, Dirk Olmes wrote:
Hi,
I'm setting up Samba to authenticate against an LDAP Server. I have the basic setup running but authentication fails. I'm 95% sure that the LDAP config is still wrong but the guy I'm setting this up for doesn't really come up with the proper info.
I have set log level = 5 and get tons of irrelevant info. What I'd like to see is the LDAP queries that the samba server issues. But I have no idea which magic switch will make this happen.
My google-fu seems to be bad today, too as I cannot find any relevant info either.
It should be in /var/log/messages, look for slapd:
https://sites.google.com/site/guenterbartsch/blog/tamingslapdoncentosrhel6
On 01/30/2014 08:12 PM, Ljubomir Ljubojevic wrote:
On 01/30/2014 05:36 PM, Dirk Olmes wrote:
Hi,
I'm setting up Samba to authenticate against an LDAP Server. I have the basic setup running but authentication fails. I'm 95% sure that the LDAP config is still wrong but the guy I'm setting this up for doesn't really come up with the proper info.
I have set log level = 5 and get tons of irrelevant info. What I'd like to see is the LDAP queries that the samba server issues. But I have no idea which magic switch will make this happen.
My google-fu seems to be bad today, too as I cannot find any relevant info either.
It should be in /var/log/messages, look for slapd:
https://sites.google.com/site/guenterbartsch/blog/tamingslapdoncentosrhel6
Thanks for your help. Unfortunately, the LDAP server does not run on the same machine - hence no slapd debugging as described in the blog post :-(
Since samba issues LDAP queries itself I was hoping to make samba itself log those queries ...
-dirk
On 1/30/2014 10:44 PM, Dirk Olmes wrote:
Thanks for your help. Unfortunately, the LDAP server does not run on the same machine - hence no slapd debugging as described in the blog post:-(
Since samba issues LDAP queries itself I was hoping to make samba itself log those queries ...
can you ask the LDAP server admin if they will kick on some detail logging while you're testing, and forward you the filtered logs ?
or, albeit a bit more work, use Wireshark to sniff the LDAP protocol and analyze it. this will require you to learn something about how LDAP works at the lowest level, but should be about as enlightening as it gets :)
On 30/01/2014 06:36 PM, Dirk Olmes wrote:
Hi,
I'm setting up Samba to authenticate against an LDAP Server. I have the basic setup running but authentication fails. I'm 95% sure that the LDAP config is still wrong but the guy I'm setting this up for doesn't really come up with the proper info.
I have set log level = 5 and get tons of irrelevant info. What I'd like to see is the LDAP queries that the samba server issues. But I have no idea which magic switch will make this happen.
My google-fu seems to be bad today, too as I cannot find any relevant info either.
Help!
-dirk
Hello,
what kind of LDAP server (389-DS, OpenLDAP)? Few months ago I tried to configure Samba to authenticate against 389-DS. I found out, that Samba does not read the 'password' value, but 'sambaNTPassword'.
It was Samba 3, maybe it's changed in Samba 4.
Regards,
On 1/30/2014 11:57 PM, Todor Petkov wrote:
what kind of LDAP server (389-DS, OpenLDAP)? Few months ago I tried to configure Samba to authenticate against 389-DS. I found out, that Samba does not read the 'password' value, but 'sambaNTPassword'.
its certainly true that Windows passwords are hashed completely differently than most sha5 /etc/shadow sort of passwords, such that you couldn't use one for the other, you had to set them both.
-
Dirk Olmes -
John R Pierce -
Ljubomir Ljubojevic -
Todor Petkov