Archive for category Linux

Network benchmark

So I’m in the process of moving shared files to the new disk server. Over a 5.7GB zip file transfer I benchmarked NFS copy over a 10/100 network to the new RAID @ 7.54MB/s. NFS parameters have been slightly tweaked so the mount entry in fstab looked like this:

dslabfs:/dsl01/projects/tnt/shared /shared2   nfs     tcp,nolock,rsize=8192,wsize=8192      0       0

No samba password expiration with ldap

If you are using LDAP for samba authentication and you don’t want samba to reject the user for expired password, set the sambaPwdLastSet attribute to -1.

If password expiration is the problem then your samba server log should have an error labeled “NT_STATUS_PASSWORD_EXPIRED”.

Samba doesn’t like special characters in ldap password

Ok, So I’m trying to set Linux Samba up as a filserver for Windows clients with Fedora Directory Server (FDS) ldap as the backend for user information. In the process you have to add a directive like this to your smb.conf.

security = user
passdb backend = ldapsam:ldap://ldapserver.com
ldap admin dn = cn=Directory Manager
ldap suffix = dc=ldapserver,dc=com
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
ldap password sync = yes

That tells samba to look in ldap for sambaSamAccounts. Only problem is you have to give samba the password for the administrator ldap account of “cn=Directory Manager”. You do that by running the command

smbpasswd -w my_password_in_clear_text

Only problem is some of us make complex passwords with special characters(!@#$%^&*()) in them. Since this accepts passwords on command line some of those special characters are parsed by the shell. So when I ran

net getlocalsid

I got errors like:

failed to bind to server ldap://ldapserver.com with dn="cn=Directory Manager" Error: Invalid credentials

Like I said, I bet you could fix this by escaping your special characters (ie replace $ with \$). But I needed to change my ldap directory manager password to not be the root linux password so I just removed all special characters and created a long plain-text password. I re-ran smbpasswd -w, and net getlocalsid and poof, it works!

Tags: , , ,