我已经尝试了很长一段时间来让 Samba 服务器使用 Jumpcloud LDAP 进行身份验证。我让它工作了,但只能使用本地 tdbsam 后端。
类似命令
id <user>还有
getent passwd <user>返回正确的用户和组等。
但是在我的
passdb backend = ldapsam:ldap://ldap.jumpcloud.comsmb.comfJan 15 18:07:11 ip-172-31-83-114 (smbd)[1746]: smbd.service: Referenced but unset environment variable evaluates to an empty string: SMBDOPTIONS
Jan 15 18:07:11 ip-172-31-83-114 smbd[1746]: [2025/01/15 18:07:11.517117, 0] source3/smbd/server.c:1746(main)
Jan 15 18:07:11 ip-172-31-83-114 smbd[1746]: smbd version 4.19.5-Ubuntu started.
Jan 15 18:07:11 ip-172-31-83-114 smbd[1746]: Copyright Andrew Tridgell and the Samba Team 1992-2023
Jan 15 18:07:11 ip-172-31-83-114 smbd[1746]: [2025/01/15 18:07:11.576746, 0] source3/passdb/pdb_ldap_util.c:313(smbldap_search_domain_info)
Jan 15 18:07:11 ip-172-31-83-114 smbd[1746]: smbldap_search_domain_info: Adding domain info for IP-172-31-83-114 failed with NT_STATUS_UNSUCCESSFUL
Jan 15 18:07:11 ip-172-31-83-114 smbd[1746]: [2025/01/15 18:07:11.576780, 0] source3/passdb/pdb_ldap.c:6716(pdb_ldapsam_init_common)
Jan 15 18:07:11 ip-172-31-83-114 smbd[1746]: pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain. We cannot work reliably without it.
Jan 15 18:07:11 ip-172-31-83-114 smbd[1746]: [2025/01/15 18:07:11.576791, 0] source3/passdb/pdb_interface.c:182(make_pdb_method_name)
Jan 15 18:07:11 ip-172-31-83-114 smbd[1746]: pdb backend ldapsam:ldap://ldap.jumpcloud.com did not correctly init (error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
Jan 15 18:07:11 ip-172-31-83-114 systemd[1]: smbd.service: Main process exited, code=exited, status=1/FAILURE
相关smb.conf:
security = user
map to guest = Bad User
dfree command = /usr/local/bin/dfree_efs.sh
# This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no
# passdb backend = tdbsam
passdb backend = ldapsam:ldap://ldap.jumpcloud.com
smb ports = 445
ldap admin dn = uid=LDAP_BIND_DN,ou=Users,o=<Account Id>,dc=jumpcloud,dc=com
ldap suffix = dc=yourdomain,dc=com
ldap suffix = o=<Account Id>,dc=jumpcloud,dc=com
ldap user suffix = ou=Users
ldap group suffix = ou=Users
ldap passwd sync = yes
ldap ssl = start_tls
ldap timeout = 15
让我们对您的 Samba 服务器配置运行场景测试。
场景 配置 Samba 服务器以使用 JumpCloud LDAP 进行身份验证。
更新代码(
smb.conf[global]
security = user
map to guest = Bad User
dfree command = /usr/local/bin/dfree_efs.sh
dns proxy = no
passdb backend = ldapsam:ldap://ldap.jumpcloud.com
smb ports = 445
ldap admin dn = uid=LDAP_BIND_DN,ou=Users,o=<Account Id>,dc=jumpcloud,dc=com
ldap suffix = o=<Account Id>,dc=jumpcloud,dc=com
ldap user suffix = ou=Users
ldap group suffix = ou=Users
ldap passwd sync = yes
ldap ssl = start_tls
# Ensure TLS 1.2 or 1.3 is used for encryption
tls enabled = yes
tls certFile = /path/to/your/tls-cert.pem
tls keyFile = /path/to/your/tls-key.pem
tls cafile = /path/to/your/tls-ca.pem
变更与建议
ldap suffixldap suffixldap sslldap ssl = start_tlstls enabled = yes请使用这些更改更新您的
smb.conf