samba - Sep 2003 - problem with samba 3.0 beta

hi

yes it's possible (even for local logins @ your linux machine to use 
just ldap as auth.)

you have to edit nsswitch.conf and /etc/pam.d/login (or /etc/pam*)

-- snip --

account sufficient pam_ldap.so
password sufficient pam_ldap.so
auth sufficient pam_ldap.so

-- snip --

greez

nitin@netcore.co.in wrote:
> Hi!
> I am using samba 3.0 beta as a PDC with ldap authentication.
> I am able to login to win 98 machine with samba as PDC.
> The problem i am facing is samba requires /etc/passwd entry of user in
addition
> to ldap entry. I am pasting my smb.conf for ref.
> Is it possible to use only ldap account so that i do not have to add
/etc/passwd
> entry.
> 
> I have not added ldap entry in /etc/nsswitch.conf file.
> 
> please mail a cc at nitin@netcore.co.in.
> 
> any help really appreciated.
> thanks in advance.
> 
> 
> 
> ------------------ smb.conf--------------------------------
> global]
> 	workgroup = SMBDOMAIN
> 	netbios name = LINUX72SVR
> 	server string = Samba-LDAP PDC running %v
> 	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> 
> 	os level = 64
> 	preferred master = Yes
> 	local master = Yes
> 	domain master = Yes
> 	wins support = Yes
> 
> 	security = user
> 	encrypt passwords = yes
> 	log file = /var/log/samba/log.%m
> 	log level = 2
> 	max log size = 50
> 	hosts allow = 127.0.0.1 192.168.2.0/255.255.255.0
> 
> 	passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u
> 	passwd chat = *New*password* %n\n *Retype*New*password* %n\n
> *passwd:*all*authentication*tokens*updated*
> 	unix password sync = Yes
> 	
> 	ldap admin dn = cn=Manager,dc=smbdomain,dc=com
> 	ldap server = localhost
> 	ldap port = 389
> 	ldap ssl = no
> 	ldap suffix = "ou=Users,dc=smbdomain,dc=com"
> 
> 	logon home = \\%L\%U\
> 	logon drive = Y:
> 	logon path = \\%L\samba\profiles\%U
> 	logon scripts = netlogon.bat
> 
> 	add user script = /usr/local/sbin/smbldap-useradd.pl -m -d /dev/null -g
computers
> -s /bin/false
> 	domain logons = Yes
> 
> 
> [homes]
> 	comment = Home Directories
> 	valid users = %S
> 	browseable = No
> 	writable = yes
> 	create mask = 0664
> 	directory mask = 0775
> 
> [printers]
> 	comment = All Printers
> 	path = /var/spool/samba
> 	printable = Yes
> 	browseable = No
> 
> [profiles]
> 	path = /home/samba/profiles
> 	writable = yes
> 	browseable = no
> 	create mask = 0600
> 	directory mask = 0700
> 
> [netlogon]
> 	comment = Network Logon Service
> 	path = /home/netlogon
> 	read only = yes
> 	browseable = no
> 	write list = nitin
> 
> ------------------------------------------------------------------
> 
> ----------------------------------------------------------------
> 
> NETCORE SOLUTIONS *** Ph: +91 22 5662 8000 Fax: +91 22 5662 8134
> 
> MailServ: Email, IM, Proxy, Firewall, Anti-Virus, LDAP
> Fleximail: Mail Storage, Management and Relaying
> http://netcore.co.in
> 
> Emergic Freedom: Linux-based Thin Client-Thick Server Computing
> http://www.emergic.com
> 
> BlogStreet: Top Blogs, Neighborhoods, Search and Utilities
> http://www.blogstreet.com
> 
> Rajesh Jain's Weblog on Technology: http://www.emergic.org
> ----------------------------------------------------------------
> 
> 
-- 


          "Matrix - more than a vision"

**************************************************
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Deutscher Platz 6
04103 Leipzig

Germany
**************************************************

Hi!
I am using samba 3.0 beta as a PDC with ldap authentication.
I am able to login to win 98 machine with samba as PDC.
The problem i am facing is samba requires /etc/passwd entry of user in addition
to ldap entry. I am pasting my smb.conf for ref.
Is it possible to use only ldap account so that i do not have to add /etc/passwd
entry.

I have not added ldap entry in /etc/nsswitch.conf file.

please mail a cc at nitin@netcore.co.in.

any help really appreciated.
thanks in advance.



------------------ smb.conf--------------------------------
global]
	workgroup = SMBDOMAIN
	netbios name = LINUX72SVR
	server string = Samba-LDAP PDC running %v
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

	os level = 64
	preferred master = Yes
	local master = Yes
	domain master = Yes
	wins support = Yes

	security = user
	encrypt passwords = yes
	log file = /var/log/samba/log.%m
	log level = 2
	max log size = 50
	hosts allow = 127.0.0.1 192.168.2.0/255.255.255.0

	passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u
	passwd chat = *New*password* %n\n *Retype*New*password* %n\n
*passwd:*all*authentication*tokens*updated*
	unix password sync = Yes
	
	ldap admin dn = cn=Manager,dc=smbdomain,dc=com
	ldap server = localhost
	ldap port = 389
	ldap ssl = no
	ldap suffix = "ou=Users,dc=smbdomain,dc=com"

	logon home = \\%L\%U\
	logon drive = Y:
	logon path = \\%L\samba\profiles\%U
	logon scripts = netlogon.bat

	add user script = /usr/local/sbin/smbldap-useradd.pl -m -d /dev/null -g
computers
-s /bin/false
	domain logons = Yes


[homes]
	comment = Home Directories
	valid users = %S
	browseable = No
	writable = yes
	create mask = 0664
	directory mask = 0775

[printers]
	comment = All Printers
	path = /var/spool/samba
	printable = Yes
	browseable = No

[profiles]
	path = /home/samba/profiles
	writable = yes
	browseable = no
	create mask = 0600
	directory mask = 0700

[netlogon]
	comment = Network Logon Service
	path = /home/netlogon
	read only = yes
	browseable = no
	write list = nitin

------------------------------------------------------------------

----------------------------------------------------------------

NETCORE SOLUTIONS *** Ph: +91 22 5662 8000 Fax: +91 22 5662 8134

MailServ: Email, IM, Proxy, Firewall, Anti-Virus, LDAP
Fleximail: Mail Storage, Management and Relaying
http://netcore.co.in

Emergic Freedom: Linux-based Thin Client-Thick Server Computing
http://www.emergic.com

BlogStreet: Top Blogs, Neighborhoods, Search and Utilities
http://www.blogstreet.com

Rajesh Jain's Weblog on Technology: http://www.emergic.org
----------------------------------------------------------------

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Linux (or Unix in general) needs to have a UID for everyone who is
accessing files/system resources.

If your Samba user is not in /etc/passwd, then Linux doesn't know who he
is, and won't let him do anything.

If you add ldap to nsswitch.conf, then even though the user isn't in
/etc/passwd he will show up if you run:

getent passwd

and then Samba will be happy to let him access.

The only other option is to force everyone to be root; which is not a
good option at all.

- -Tom

nitin@netcore.co.in wrote:
| Hi!
| I am using samba 3.0 beta as a PDC with ldap authentication.
| I am able to login to win 98 machine with samba as PDC.
| The problem i am facing is samba requires /etc/passwd entry of user in
addition
| to ldap entry. I am pasting my smb.conf for ref.
| Is it possible to use only ldap account so that i do not have to add
/etc/passwd
| entry.
|
| I have not added ldap entry in /etc/nsswitch.conf file.
|
| please mail a cc at nitin@netcore.co.in.
|
| any help really appreciated.
| thanks in advance.
|
|
|
| ------------------ smb.conf--------------------------------
| global]
| 	workgroup = SMBDOMAIN
| 	netbios name = LINUX72SVR
| 	server string = Samba-LDAP PDC running %v
| 	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
|
| 	os level = 64
| 	preferred master = Yes
| 	local master = Yes
| 	domain master = Yes
| 	wins support = Yes
|
| 	security = user
| 	encrypt passwords = yes
| 	log file = /var/log/samba/log.%m
| 	log level = 2
| 	max log size = 50
| 	hosts allow = 127.0.0.1 192.168.2.0/255.255.255.0
|
| 	passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u
| 	passwd chat = *New*password* %n\n *Retype*New*password* %n\n
| *passwd:*all*authentication*tokens*updated*
| 	unix password sync = Yes
| 	
| 	ldap admin dn = cn=Manager,dc=smbdomain,dc=com
| 	ldap server = localhost
| 	ldap port = 389
| 	ldap ssl = no
| 	ldap suffix = "ou=Users,dc=smbdomain,dc=com"
|
| 	logon home = \\%L\%U\
| 	logon drive = Y:
| 	logon path = \\%L\samba\profiles\%U
| 	logon scripts = netlogon.bat
|
| 	add user script = /usr/local/sbin/smbldap-useradd.pl -m -d /dev/null
- -g computers
| -s /bin/false
| 	domain logons = Yes
|
|
| [homes]
| 	comment = Home Directories
| 	valid users = %S
| 	browseable = No
| 	writable = yes
| 	create mask = 0664
| 	directory mask = 0775
|
| [printers]
| 	comment = All Printers
| 	path = /var/spool/samba
| 	printable = Yes
| 	browseable = No
|
| [profiles]
| 	path = /home/samba/profiles
| 	writable = yes
| 	browseable = no
| 	create mask = 0600
| 	directory mask = 0700
|
| [netlogon]
| 	comment = Network Logon Service
| 	path = /home/netlogon
| 	read only = yes
| 	browseable = no
| 	write list = nitin
|
| ------------------------------------------------------------------
|
| ----------------------------------------------------------------
|
| NETCORE SOLUTIONS *** Ph: +91 22 5662 8000 Fax: +91 22 5662 8134
|
| MailServ: Email, IM, Proxy, Firewall, Anti-Virus, LDAP
| Fleximail: Mail Storage, Management and Relaying
| http://netcore.co.in
|
| Emergic Freedom: Linux-based Thin Client-Thick Server Computing
| http://www.emergic.com
|
| BlogStreet: Top Blogs, Neighborhoods, Search and Utilities
| http://www.blogstreet.com
|
| Rajesh Jain's Weblog on Technology: http://www.emergic.org
| ----------------------------------------------------------------
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/V+mbRliD/69byygRAkr7AJ9FPJvD2/ryn1EkAznmxG/0u3m5rQCfYPBB
G4TexV2rHA8mwdzmompqdTg=uZpA
-----END PGP SIGNATURE-----