Subscribe

CIFS authentication with LDAP

I *think* this is a supposedly supported and possible configuration, however it does not work in my tests.

Where To: Get a mac client to mount a SAMBA share from a NetApp Filer, which is using LDAP for user authentication

Configuration Steps

  1. Setup a LDAP server with at least 1 posixAccount user object. -- DONE

  2. Setup the Simulator with LDAP using options.ldap settings and editing /etc/nsswitch.conf -- DONE

  3. Perform cifs setup and configure to use LDAP (#4 in the cifs setup) -- DONE

  4. Verify on the console that LDAP lookups can be performed (using the getXXbyYY getpwbyname_r <username>) command. -- DONE

  5. Verify CIFS authentication from a CIFS client -- NOT DONE. NO WORK.

I am stuck at #5. Even with cifs trace logins on and ldap server logs revved up, when I attempt a CIFS authentication from my mac, nothing happens. No log entries in the LDAP server and no message on the filer console.

Any thoughts ?

Re: CIFS authentication with LDAP

Just to confirm - What method are you attempting to connect from your mac client?

As a way to test this, I could fire up my filer at home (or my simulator just as well) and connect it to my mbp.

Ideally, I'd like to replicate your scenario as closely as possible in order to watch it fail or succeed respectively.

Thanks!

Christopher

Re: CIFS authentication with LDAP

Hi Christopher

I am using CIFS connection (Apple + K, cifs://<filername>/<share>)

cheers

- rajeev

Re: CIFS authentication with LDAP

what does the output of wcc and cifs security -s show?

Also check your security style on the volume/qtree you're trying to access. (qtree status)

-n

Re: CIFS authentication with LDAP

Well..with LDAP authentication, wcc does not put out any output since it is not joined into any domain. There is no windows domain to join.

The qtree security style is mixed. (I even tried ntfs).

Re: CIFS authentication with LDAP

This appears to be a Apple-NTAP specific issue. Because I got this setup to work with a Windows system.

In Mac OS X case, the LDAP request is never made. The communication breakdown occurs (looks like) between mac os x and NTAP.

(I tested this with the new version of simulator 7.3 and still the same result)

It would be wonderful if some of the CIFS folks can chime in here..

Re: CIFS authentication with LDAP

I will try this one in a simulator..

hope I'm successfulllll

Re: CIFS authentication with LDAP

Re: CIFS authentication with LDAP

Hello.

I am having trouble implementing the mapping windows user when the storage system is integrated with a UNIX LDAP.

Could you send me your configuration file usermap.cfg?.

Thanks in advance.

Re: CIFS authentication with LDAP

I am having exactly the same problem stuck at #5, except that I do get a password rejected message on

the filer console:

auth: login from xxxxxxxx is rejected because the filer encountered an error while processing the password provided

by the user: user password rejected.

One other thing I have read is that the filer doesn't support md5 hashing. How can this get disabled in the ldap

configuration.

Does the command getXXbyYY returns the type of hasing being used in the ldap server?

I mean is if the line pw_passwd returned by the command.