Ok, So I’m trying to set Linux Samba up as a filserver for Windows clients with Fedora Directory Server (FDS) ldap as the backend for user information. In the process you have to add a directive like this to your smb.conf.
security = user passdb backend = ldapsam:ldap://ldapserver.com ldap admin dn = cn=Directory Manager ldap suffix = dc=ldapserver,dc=com ldap user suffix = ou=People ldap machine suffix = ou=Computers ldap group suffix = ou=Groups socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 ldap password sync = yes
That tells samba to look in ldap for sambaSamAccounts. Only problem is you have to give samba the password for the administrator ldap account of “cn=Directory Manager”. You do that by running the command
smbpasswd -w my_password_in_clear_text
Only problem is some of us make complex passwords with special characters(!@#$%^&*()) in them. Since this accepts passwords on command line some of those special characters are parsed by the shell. So when I ran
net getlocalsid
I got errors like:
failed to bind to server ldap://ldapserver.com with dn="cn=Directory Manager" Error: Invalid credentials
Like I said, I bet you could fix this by escaping your special characters (ie replace $ with \$). But I needed to change my ldap directory manager password to not be the root linux password so I just removed all special characters and created a long plain-text password. I re-ran smbpasswd -w, and net getlocalsid and poof, it works!