Problem with SMB and LDAP

[ednt]

Hi,

I installed TrueNAS with LDAP and SMB shares.
SMBitself works with a local user.

getent passwd works with LDAP.

But when I start nslcd by hand with -d as parameter,
I see only at the start of samba_server a short request with user nobody.
This fails, because at the LDAP server is no user nobody.
After this I never see any output again from samba.
I tried this with smbclient, I get always NT_STATUS_NO_SUCH_USER
and I see no output at the nslcd console.

In my opinion samba stops using LDAP because the first request fails.
So my first question is ...

how can I set the user which is used for this?

At the moment it is the 'netbios name' \nobody
So I'm able to change the domain part, but where can I change 'nobody' to an other username?

Or am I totally wrong and SMB is not working with LDAP authentication against a foreign LDAP server in TrueNAS 12-U5.1?

Best regards,

ednt

 

[anodos]

It works. You have to enable samba schema in the LDAP config. For this you have to use the Samba LDAP schema extensions. Generally speaking though, it's better to use either Windows AD or Samba AD.

 

[JimLeu]

Is there a hotwo for SMB auth via LDAP and SMB ACL via LDAP?

 

[JimLeu]

It works. You have to enable samba schema in the LDAP config. For this you have to use the Samba LDAP schema extensions. Generally speaking though, it's better to use either Windows AD or Samba AD.

I'm interested in the above statement windows AD samba AD are prefered over LDAP cn you expand? I have all 3 available and I'm just trying to get SMB to authenticate

 

[anodos]

I'm interested in the above statement windows AD samba AD are prefered over LDAP cn you expand? I have all 3 available and I'm just trying to get SMB to authenticate

OpenLDAP with a samba schema is a legacy configuration (classic NT domain controller). It _will_ be deprecated at some point. Among the reasons for this is that it exposes NT hashes for every user to every member server.

 

[anodos]

An NT hash is an unsalted MD4.