I can NOT find any information on how to get the following into the LDAP tree (and where they should be located) from the documentation. I am definitely an LDAP beginner and assembling the tree from reading schema's is still over my head. I am able to connect to samba using only LDAP authentication and can add users, but that is all I can successfully do, "net groupmap add", "net group" returns nothing, "pdbedit -L" etc. fail miserably because I don't have everything I need in the tree (which I can see from setting the debugging to 2)it isn't finding these entries because I don't know where to put them and how this thing structurally should be laid out. Specifically where do the following fit into the LDAP tree; sambaGroupMapping, sambaUnixIdPool, sambaIdmapEntry (automatically created?), and sambaSidEntry. I used the IdealX smbldap-populate.pl tool to get the basic structure there and have at least gotten the User authentication portion working. But if someone could give me a clue of where to look (if I somehow missed it in the documents, but I don't see how because I read it from cover to cover) and/or how to get started on the rest of this, I would be eternally grateful. So far the tree looks approximately as so; dc=3Dvogeleusa, dc=3Dcom |_cn=3Droot |_ou=3DComputers (as created by smbldap-populate.pl, no entries here yet) |_ou=3DGroups (as created by smbldap-populate.pl) |_cn=3DDomain Admins ....... |_ou=3DUsers (as created by smbldap-populate.pl) |_uid=3DAdministrator |_uid=3Droot |_uid=3Dtestuser ........ |_sambaDomainName(sambaDomain)=3DVOGELEUSA (created automatically by pdbedit or a net command, I have forgotten which) I would greatly appreciate any help as I have been working on TRYING to get LDAP and Samba to work together for over a week now and have had only minor luck in getting the two to cooperate. Samba 3 does work fine with smbpasswd, I would just like to use LDAP exclusively for single sign. Ed Asbury Systems Admin/Programmer Vogele America, Inc.
I'm curious, the samba.schema is for Samba 2.0. Is there a new Schema for Samba 3.0 that includes ACLs? Ed Asbury wrote:> I can NOT find any information on how to get the following into the LDAP tree (and where they should be located) from the documentation. I am definitely an LDAP beginner and assembling the tree from reading schema's is still over my head. I am able to connect to samba using only LDAP authentication and can add users, but that is all I can successfully do, "net groupmap add", "net group" returns nothing, "pdbedit -L" etc. fail miserably because I don't have everything I need in the tree (which I can see from setting the debugging to 2)it isn't finding these entries because I don't know where to put them and how this thing structurally should be laid out. Specifically where do the following fit into the LDAP tree; sambaGroupMapping, sambaUnixIdPool, sambaIdmapEntry (automatically created?), and sambaSidEntry. > I used the IdealX smbldap-populate.pl tool to get the basic structure there and have at least gotten the User authentication portion working. But if someone could give me a clue of where to look (if I somehow missed it in the documents, but I don't see how because I read it from cover to cover) and/or how to get started on the rest of this, I would be eternally grateful. > So far the tree looks approximately as so; > > dc=vogeleusa, dc=com > |_cn=root > |_ou=Computers (as created by smbldap-populate.pl, no entries here yet) > |_ou=Groups (as created by smbldap-populate.pl) > |_cn=Domain Admins > ....... > |_ou=Users (as created by smbldap-populate.pl) > |_uid=Administrator > |_uid=root > |_uid=testuser > ........ > |_sambaDomainName(sambaDomain)=VOGELEUSA (created automatically by pdbedit or a net command, I have forgotten which) > > I would greatly appreciate any help as I have been working on TRYING to get LDAP and Samba to work together for over a week now and have had only minor luck in getting the two to cooperate. Samba 3 does work fine with smbpasswd, I would just like to use LDAP exclusively for single sign. > > Ed Asbury > Systems Admin/Programmer > Vogele America, Inc. >
hi ed, wiped out your post cause something went wrong with your line wrapping, it would have been a pain to read. Sorry for that. To give you some Information. A typical user entry in LDAP looks like this: # pkoelle, Users, samba, nil.b17 dn: uid=pkoelle,ou=Users,ou=samba,dc=nil,dc=b17 uid: pkoelle sambaSID: S-1-5-21-1363009748-3475195204-773963872-3000 displayName: pkoelle sambaAcctFlags: [U ] objectClass: sambaSamAccount objectClass: account objectClass: top sambaPrimaryGroupSID: S-1-5-21-1363009748-3475195204-773963872-512 sambaNTPassword: xxxxxxxxxxxxxxx sambaLMPassword: xxxxxxxxxxxxxx sambaPwdCanChange: 1065274530 sambaPwdLastSet: 1065274530 sambaPwdMustChange: 1067088930 Note that this are only (and not all) samba attributes and objectclasses, there have to be a corresponding posixAccount somewhere in the DIT accessible by getent(). And a group: # NTdomadms, groups, samba, nil.b17 dn: cn=NTdomadms,ou=groups,ou=samba,dc=nil,dc=b17 objectClass: posixGroup objectClass: top objectClass: sambaGroupMapping cn: NTdomadms gidNumber: 10008 sambaSID: S-1-5-21-1363009748-3475195204-773963872-512 sambaGroupType: 2 displayName: Domain Administrators memberUid: NTadmin memberUid: pkoelle This is basically a normal posixGroup, augmented by the sambaGroupmapping attributes sambaSID, sambaGroupType and displayName. Note that the SID is set to the "well known SID" of "Domain Administrators" group. You may use the "net groupmap" set of commands to get this mapping or populate your DIT from appropriate LDIF's. It would be helpful to see the ldap related lines of your smb.conf, and a few error messages (from net groupmap) or logs. hth Paul
Possibly Parallel Threads
- Error "Could not fetch trust account password" in Samba 3 Beta..what do I need to do?
- Swat shows smbd as not running when it is and had worked fine the day before.
- Group not found, (objectclass=sambaGroupMapping) (gidNumber=4294967295) ???
- chan_capi hfcpci mISDN linux 2.6.12 not working
- No more than one "instances" of a type in define()?