samba - Feb 2006 - PDC. Samba

Hi, i?ve installed Samba Version: 3.0.14a-3sarge1 on Debian Sarge.-

Samba works great like a pdc with system users....  but i want to
connect with ldap.. but it does not work.-

my ldap suffix is like this:

ou=samba,o=sernam 
ou=Users,ou=samba,o=organization
ou=Groups,ou=samba,o=organization
ou=Computers,ou=samba,o=organization
ou=Idmap,ou=samba,o=organization
sambaDomainName=debian,ou=samba,o=organization
uid=Administrator,ou=Users,ou=samba,o=organization
uid=nobody,ou=Users,ou=samba,o=organization
cn=Domain Admins,ou=Groups,ou=samba,o=organization
cn=Domain Users,ou=Groups,ou=samba,o=organization
cn=Domain Guests,ou=Groups,ou=samba,o=organization
cn=Domain Computers,ou=Groups,ou=samba,o=organization
cn=Administrators,ou=Groups,ou=samba,o=organization
cn=Print Operators,ou=Groups,ou=samba,o=organization
cn=Backup Operators,ou=Groups,ou=samba,o=organization
cn=Replicators,ou=Groups,ou=samba,o=organization

this was created by smbldap-polulate (from smbldap-tools) 

if i create a user i cannot conect to the domain, this happend with
win9x and 200x

mi smb.con is:

[global]
   workgroup = debian
   netbios name = debian
   server string = %h server (Samba %v)
   domain master = yes
   local  master = yes
   preferred master = yes
   hosts allow = 127.0.0.1 10.0.20.0/255.255.255.0
   domain logons = yes
   logon path = \\%L\Profiles\%U
   logon script = prueba.bat
   logon home = \\%L\%U\profile
    dns proxy = no
    ldap admin dn = cn=admin,o=sernam
    ldap suffix = ou=samba,o=sernam
    ldap group suffix = ou=Groups
    ldap user suffix = ou=Users
    security = user
    encrypt passwords = yes
    passdb backend = ldapsam:ldap://127.0.0.1
    add user script = /usr/sbin/smbldap-useradd -a 'u%'
    delete user script = /usr/sbin/smbldap-userdel 'u%'
    add group script = /usr/sbin/smbldap-groupadd -p 'g%'
    delete group script = /usr/sbin/smbldap-groupdel 'g%'
    add user to group script = /usr/sbin/smbldap-groupmod -m '%u'
'g%'
    delete user from group script = /usr/sbin/smbldap-groupmod -x '%u'
'g%'
    set primary group script = /usr/sbin/smbldap-groupmod -g '%g'
'%u'
    add machine script = /usr/sbin/smbldap-useradd -w '%u'
    idmap backend = ldap:ldap://localhost
    ldap machine suffix = ou=Computers
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    log file = /var/log/samba/log.%m
    max log size = 1000
    syslog = 0
    panic action = /usr/share/samba/panic-action %d
    security = user
    encrypt passwords = true
    passdb backend = tdbsam guest
    obey pam restrictions = yes
    passwd program = /usr/bin/passwd %u


What i am doing wrong?.-

Can i connect Ldap to Samba without PAM?

Thanks in advance!

Michael.-

Hi,

for this i wrote a howto, its on the samba list.
it covers verything you need.

here's a link 

http://www.nabble.com/BIG-Samba-howto-for-debian-only.-p1813392.html 

Louis 
>-----Oorspronkelijk bericht-----
>Van: samba-bounces+louis=van-belle.nl@lists.samba.org 
>[mailto:samba-bounces+louis=van-belle.nl@lists.samba.org] 
>Namens Michael Fern?ndez M.
>Verzonden: woensdag 8 februari 2006 21:16
>Aan: Samba List
>Onderwerp: [Samba] PDC. Samba
>
>Hi, i?ve installed Samba Version: 3.0.14a-3sarge1 on Debian Sarge.-
>
>Samba works great like a pdc with system users....  but i want to
>connect with ldap.. but it does not work.-
>
>my ldap suffix is like this:
>
>ou=samba,o=sernam 
>ou=Users,ou=samba,o=organization
>ou=Groups,ou=samba,o=organization
>ou=Computers,ou=samba,o=organization
>ou=Idmap,ou=samba,o=organization
>sambaDomainName=debian,ou=samba,o=organization
>uid=Administrator,ou=Users,ou=samba,o=organization
>uid=nobody,ou=Users,ou=samba,o=organization
>cn=Domain Admins,ou=Groups,ou=samba,o=organization
>cn=Domain Users,ou=Groups,ou=samba,o=organization
>cn=Domain Guests,ou=Groups,ou=samba,o=organization
>cn=Domain Computers,ou=Groups,ou=samba,o=organization
>cn=Administrators,ou=Groups,ou=samba,o=organization
>cn=Print Operators,ou=Groups,ou=samba,o=organization
>cn=Backup Operators,ou=Groups,ou=samba,o=organization
>cn=Replicators,ou=Groups,ou=samba,o=organization
>
>this was created by smbldap-polulate (from smbldap-tools) 
>
>if i create a user i cannot conect to the domain, this happend with
>win9x and 200x
>
>mi smb.con is:
>
>[global]
>   workgroup = debian
>   netbios name = debian
>   server string = %h server (Samba %v)
>   domain master = yes
>   local  master = yes
>   preferred master = yes
>   hosts allow = 127.0.0.1 10.0.20.0/255.255.255.0
>   domain logons = yes
>   logon path = \\%L\Profiles\%U
>   logon script = prueba.bat
>   logon home = \\%L\%U\profile
>    dns proxy = no
>    ldap admin dn = cn=admin,o=sernam
>    ldap suffix = ou=samba,o=sernam
>    ldap group suffix = ou=Groups
>    ldap user suffix = ou=Users
>    security = user
>    encrypt passwords = yes
>    passdb backend = ldapsam:ldap://127.0.0.1
>    add user script = /usr/sbin/smbldap-useradd -a 'u%'
>    delete user script = /usr/sbin/smbldap-userdel 'u%'
>    add group script = /usr/sbin/smbldap-groupadd -p 'g%'
>    delete group script = /usr/sbin/smbldap-groupdel 'g%'
>    add user to group script = /usr/sbin/smbldap-groupmod -m '%u'
'g%'
>    delete user from group script = /usr/sbin/smbldap-groupmod -x
'%u'
>'g%'
>    set primary group script = /usr/sbin/smbldap-groupmod -g '%g'
'%u'
>    add machine script = /usr/sbin/smbldap-useradd -w '%u'
>    idmap backend = ldap:ldap://localhost
>    ldap machine suffix = ou=Computers
>    idmap uid = 10000-20000
>    idmap gid = 10000-20000
>    log file = /var/log/samba/log.%m
>    max log size = 1000
>    syslog = 0
>    panic action = /usr/share/samba/panic-action %d
>    security = user
>    encrypt passwords = true
>    passdb backend = tdbsam guest
>    obey pam restrictions = yes
>    passwd program = /usr/bin/passwd %u
>
>
>What i am doing wrong?.-
>
>Can i connect Ldap to Samba without PAM?
>
>Thanks in advance!
>
>Michael.-
>
>
>
>
>
>
>
>
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/listinfo/samba
>