Just a quick question, it may sound a bit stupid but I just want to make sure. I have a Solaris 9 machine running winbind, the backend is an OpenLDAP database running on a RedHat 9 machine. My question is, apart from the 'smbpasswd -w' command and the obvious stuff in smb.conf, do I have to set up the LDAP client on Solaris for Samba to be able to put new mappings into the LDAP database? The reason I ask is because everything seems to work (ntlm_auth, wbinfo, getent) except logins (via telnet, etc), I'm stuck for ideas. The next thing I will try is recompiling with a different version of gcc and maybe try 3.0.2 instead. Sapan
Firstly, no you definitely don't need to setup LDAP native client in Solaris, SAMBA/winbind does all the LDAP reads for Solaris and Solaris talks direct to winbind. I've had this work with solaris 8 now, have you verified that the idmap data is written into the idmap ou specified in smb.conf (probably not necessary for winbind authentication but since you raised the question)? Most important have you updated the pam.conf as detailed in SAMBA-HowTo-collection guide (more or less accurate for Solaris 9)? Does getent list your AD domain users? this needs to work for winbind authentication, thanks Andy. -----Original Message----- From: Ganguly, Sapan [mailto:Sapan.Ganguly@thalesgroup.com] Posted At: 23 January 2004 15:42 Posted To: Samba Conversation: [Samba] Samba Winbind and LDAP backend Subject: [Samba] Samba Winbind and LDAP backend Just a quick question, it may sound a bit stupid but I just want to make sure. I have a Solaris 9 machine running winbind, the backend is an OpenLDAP database running on a RedHat 9 machine. My question is, apart from the 'smbpasswd -w' command and the obvious stuff in smb.conf, do I have to set up the LDAP client on Solaris for Samba to be able to put new mappings into the LDAP database? The reason I ask is because everything seems to work (ntlm_auth, wbinfo, getent) except logins (via telnet, etc), I'm stuck for ideas. The next thing I will try is recompiling with a different version of gcc and maybe try 3.0.2 instead. Sapan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba BBCi at http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this.
Andy, Thanks for clearing that up, I didn't think I needed to setup up the LDAP client, everything I've done so far has indicated that winbind is putting information into my idmap ou. Yep, getent does work and I'm using a pam.conf specifically for Solaris 9 that I've seen posted here on the mailing list. I've applied the Solaris patch that is mentioned in the HOWTO also. I've just compiled and tried out 3.0.2rc1 as well, I get the same problem with that so I'm guessing the problem may not even lie with samba/winbind. I can't think what else it could be. I'll try compiling using a different compiler. Oh, one other thing, I'm not using Active Directory, this is all on an old NT4 domain. -----Original Message----- From: ww m-pubsyssamba [mailto:pubsyssamba@bbc.co.uk] Sent: 23 January 2004 16:09 To: Ganguly, Sapan ; samba@lists.samba.org Subject: RE: [Samba] Samba Winbind and LDAP backend Firstly, no you definitely don't need to setup LDAP native client in Solaris, SAMBA/winbind does all the LDAP reads for Solaris and Solaris talks direct to winbind. I've had this work with solaris 8 now, have you verified that the idmap data is written into the idmap ou specified in smb.conf (probably not necessary for winbind authentication but since you raised the question)? Most important have you updated the pam.conf as detailed in SAMBA-HowTo-collection guide (more or less accurate for Solaris 9)? Does getent list your AD domain users? this needs to work for winbind authentication, thanks Andy. -----Original Message----- From: Ganguly, Sapan [mailto:Sapan.Ganguly@thalesgroup.com] Posted At: 23 January 2004 15:42 Posted To: Samba Conversation: [Samba] Samba Winbind and LDAP backend Subject: [Samba] Samba Winbind and LDAP backend Just a quick question, it may sound a bit stupid but I just want to make sure. I have a Solaris 9 machine running winbind, the backend is an OpenLDAP database running on a RedHat 9 machine. My question is, apart from the 'smbpasswd -w' command and the obvious stuff in smb.conf, do I have to set up the LDAP client on Solaris for Samba to be able to put new mappings into the LDAP database? The reason I ask is because everything seems to work (ntlm_auth, wbinfo, getent) except logins (via telnet, etc), I'm stuck for ideas. The next thing I will try is recompiling with a different version of gcc and maybe try 3.0.2 instead. Sapan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba BBCi at http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this.
P.S. One thing has changed since I installed 3.0.2rc1, before I could do the following - id -a windowuser And I would get a list of all the windows groups that windows user is a member of, but now it just hangs. -----Original Message----- From: Ganguly, Sapan Sent: 23 January 2004 18:00 To: 'ww m-pubsyssamba'; Ganguly, Sapan ; 'samba@lists.samba.org' Subject: RE: [Samba] Samba Winbind and LDAP backend Andy, Thanks for clearing that up, I didn't think I needed to setup up the LDAP client, everything I've done so far has indicated that winbind is putting information into my idmap ou. Yep, getent does work and I'm using a pam.conf specifically for Solaris 9 that I've seen posted here on the mailing list. I've applied the Solaris patch that is mentioned in the HOWTO also. I've just compiled and tried out 3.0.2rc1 as well, I get the same problem with that so I'm guessing the problem may not even lie with samba/winbind. I can't think what else it could be. I'll try compiling using a different compiler. Oh, one other thing, I'm not using Active Directory, this is all on an old NT4 domain. -----Original Message----- From: ww m-pubsyssamba [mailto:pubsyssamba@bbc.co.uk] Sent: 23 January 2004 16:09 To: Ganguly, Sapan ; samba@lists.samba.org Subject: RE: [Samba] Samba Winbind and LDAP backend Firstly, no you definitely don't need to setup LDAP native client in Solaris, SAMBA/winbind does all the LDAP reads for Solaris and Solaris talks direct to winbind. I've had this work with solaris 8 now, have you verified that the idmap data is written into the idmap ou specified in smb.conf (probably not necessary for winbind authentication but since you raised the question)? Most important have you updated the pam.conf as detailed in SAMBA-HowTo-collection guide (more or less accurate for Solaris 9)? Does getent list your AD domain users? this needs to work for winbind authentication, thanks Andy. -----Original Message----- From: Ganguly, Sapan [mailto:Sapan.Ganguly@thalesgroup.com] Posted At: 23 January 2004 15:42 Posted To: Samba Conversation: [Samba] Samba Winbind and LDAP backend Subject: [Samba] Samba Winbind and LDAP backend Just a quick question, it may sound a bit stupid but I just want to make sure. I have a Solaris 9 machine running winbind, the backend is an OpenLDAP database running on a RedHat 9 machine. My question is, apart from the 'smbpasswd -w' command and the obvious stuff in smb.conf, do I have to set up the LDAP client on Solaris for Samba to be able to put new mappings into the LDAP database? The reason I ask is because everything seems to work (ntlm_auth, wbinfo, getent) except logins (via telnet, etc), I'm stuck for ideas. The next thing I will try is recompiling with a different version of gcc and maybe try 3.0.2 instead. Sapan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba BBCi at http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this.