Web lists-archives.com

Re: [Samba] ldapsam cannot find NT password hash




On 26/05/2019 02:04, David Kowis via samba wrote:
Certainly: https://termbin.com/wr68

Thanks again!

OK, you are running Samba as an NT4-style PDC, though you don't seem to think so, because you have 'server role = member server', so I would remove the 'server role' line.

I would change 'server min protocol = SMB2_02' to 'server min protocol = NT1'

I would also change 'ldap ssl = start tls' to 'ldap ssl = off' until you get Samba working, you can turn it on again later.

You have this:

    passdb backend = ldapsam:ldap://pione.dark.kow.is
    ldap admin dn = cn=admin,dc=dark,dc=kow,dc=is
    ldap suffix = dc=dark,dc=kow,dc=is
    ldap user suffix = ou=Users
    ldap group suffix = ou=Groups
    ldap machine suffix = ou=Computers
    ldap ssl = start tls
    ldap password sync = yes
    ldapsam:trusted = yes
    ldapsam:editposix = yes
    idmap config *: backend = tdb
    idmap config *: range = 90000001-100000000
    idmap config NOSGOTH: backend = ldap
    idmap config NOSGOTH: range = 10000-90000000
    idmap config NOSGOTH: ldap_base_dn = ou=idmap,dc=dark,dc=kow,dc=is
    idmap config NOSGOTH: ldap_user_dn = cn=sambaadmin,dc=dark,dc=kow,dc=is
    idmap config NOSGOTH: ldap_url = ldap://pione.dark.kow.is

When I tested creating a PDC some time ago, I could only get it working with this:

    passdb backend = ldapsam
    ldap admin dn = cn=admin,dc=dark,dc=kow,dc=is
    ldap suffix = dc=dark,dc=kow,dc=is
    ldap user suffix = ou=Users
    ldap group suffix = ou=Groups
    ldap machine suffix = ou=Computers
    ldap ssl = off
    ldap password sync = yes
    ldapsam:editposix = yes
    ldapsam:trusted = yes
    idmap config * : backend = ldap
    idmap config * : range = 10000-90000000
    idmap config * : ldap_url = ldap://pione.dark.kow.is
    idmap config * : ldap_base_dn = ou=idmap,dc=dark,dc=kow,dc=is
    idmap config * : ldap_user_dn = cn=admin,dc=dark,dc=kow,dc=is

Rowland




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba