Hi,
Im having a problem while joining my domain.
i use samba 3.014a, ldap , samba as PDC.
When my XP is joinin the domain, i say's
cannot find user name
BUT !! when i look in my ldap database,
the new computer is created in the OU=Computers
i use the idealx setup and tools.
It was working, but i changed something and i don't know anymore what i
changed.
i must be a nss / ldap problem.
here are some configs
-------------------------------------------------
/etc/ldap/ldap.conf ( client )
HOST 127.0.0.1
BASE dc=rotterdam,dc=bazuin,dc=nl
TLS_CACERT /etc/ldap/ssl/ldap-cacert.pem
TLS_REQCERT try
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
-------------------------------------------------
/etc/ldap/slapd.conf
allow bind_v2
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/samba.schema
include /etc/ldap/schema/autofs.schema
include /etc/ldap/schema/rolodap.schema
include /etc/ldap/schema/postfix.schema
schemacheck on
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd.args
#The <hash> to use for userPassword generation. One
#of {SSHA}, {SHA}, {SMD5}, {MD5}, {CRYPT},
#KERBEROS}, {SASL}, and {UNIX}. The default is {SSHA}.
password-hash {MD5}
loglevel 0
#
# loglevel Logging description
# -1 enable all debugging
# 0 no debugging
# 1 trace function calls
# 2 debug packet handling
# 4 heavy trace debugging
# 8 connection management
# 16 print out packets sent and received
# 32 search filter processing
# 64 configuration file processing
# 128 access control list processing
# 256 stats log connections/operations/results
# 512 stats log entries sent
# 1024 print communication with shell backends
# 2048 print entry parsing debugging
#
modulepath /usr/lib/ldap
moduleload back_bdb
#Server and CA Certificates
TLSCipherSuite HIGH:MEDIUM:+SSLv3
TLSCertificateFile /etc/ldap/ssl/ldap-servercrt.pem
TLSCertificateKeyFile /etc/ldap/ssl/ldap-serverkey.pem
TLSCACertificateFile /etc/ldap/ssl/ldap-cacert.pem
sasl-realm rotterdam.bazuin.nl
sasl-host ldap.rotterdam.bazuin.nl
#######################################################################
# Specific Backend Directives for bdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend bdb
#######################################################################
# Set the entry cache size to 5000.
#
# This value is separate from the set_cachesize value set in
# the DB_CONFIG file under the bdb directory. That value
# should be set as well to optimize database caching for the
# Berkeley DB subsystem.
#
#cachesize 5000
#######################################################################
# Set transactional checkpoint (writing of changed data to
# to disk) to occur when either
#
# 512 Kilobytes of data have been written to the bdb sub-
# system.
# 720 Minutes have passed since the last checkpoint.
## the default
checkpoint 512 720
#######################################################################
# Specific Directives for database #1, of type bdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database bdb
suffix "dc=rotterdam,dc=bazuin,dc=nl"
rootdn "cn=admin,dc=rotterdam,dc=bazuin,dc=nl"
rootpw #### CHANGED ####
directory "/var/lib/ldap"
checkpoint 128 30
### !!!!! Always run slapindex(8) after changing indices!!!!!!
### and first STOP the LDAP SERVER ( /etc/init.d/slapd stop )
index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName pres,eq,sub
index memberUid,mail,givenname eq,subinitial
index sambaSID,sambaPrimaryGroupSID,sambaDomainName, eq
index mailLocalAddress eq
### Addressbook entries
index memberof eq
index active,userscode eq,sub,pres
index companyname eq,sub,pres
## default index
index default pres,eq
lastmod on
#cachesize 1000
#dbcachesize 10000
replogfile /var/lib/ldap/replog
# Access list for samba
# uses user admin (the rootdn) at the moment.
#
include /etc/ldap/samba-access.conf
# Access list for the ou=addressbook and user addressbook
# use user addressguest for outlook
#
include /etc/ldap/address-access.conf
## GLOBAL ACCESS
access to dn.base="dc=rotterdam,dc=bazuin,dc=nl"
by dn="cn=admin,dc=rotterdam,dc=bazuin,dc=nl" write
by * read
# The admin dn has full write access, everyone else
# can read everything.
access to *
by dn="cn=admin,dc=rotterdam,dc=bazuin,dc=nl" write
by * read
-------------------------------------------------
#/etc/ldap.conf ( and libnss-ldap.conf ) these are the same.
host 127.0.0.1
base dc=rotterdam,dc=bazuin,dc=nl
ldap_version 3
rootbinddn cn=admin,dc=rotterdam,dc=bazuin,dc=nl
timelimit 30
bind_timelimit 30
idle_timelimit 3600
pam_password md5
nss_base_passwd ou=Users,dc=rotterdam,dc=bazuin,dc=nl?one
nss_base_shadow ou=Users,dc=rotterdam,dc=bazuin,dc=nl?one
nss_base_group ou=Groups,dc=rotterdam,dc=bazuin,dc=nl?one
nss_base_hosts ou=Computers,dc=rotterdam,dc=bazuin,dc=nl?one
-------------------------------------------------
# /etc/nsswitch.conf
passwd: compat ldap
group: compat ldap
shadow: compat ldap
hosts: files dns ldap
networks: files ldap
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
--
*** Bazuin & Partners Managed E-mail Filter scanned this email for viruses
***
L.P.H. van Belle schrieb:> Hi, > > Im having a problem while joining my domain. > i use samba 3.014a, ldap , samba as PDC. > > When my XP is joinin the domain, i say's > > cannot find user name > > BUT !! when i look in my ldap database, > the new computer is created in the OU=Computers > > i use the idealx setup and tools. > > It was working, but i changed something and i don't know anymore what i > changed. > > i must be a nss / ldap problem.does your PDC see all usernames and machines? try getent passwd - you should see both "usernames" and "machinenames$". -- Tomek WPKG - automated software distribution http://wpkg.org
Louis van Belle schrieb:> Hi, > > getent passwd , DID resolve my All my usernames, but not > my computers$your add machine script in smb.conf is broken. try to execute it from the command line (with some testname), then getent passwd, then change the script until it's fixed (and put it into smb.conf). -- Tomek WPKG - automated software distribution http://wpkg.org
Jimmy McMillan
2005-Jul-05 15:03 UTC
[Samba] Dual Authentication Across Seperate Subnets, and Permission Masking.
I hope the Subject line is about right... Is it possiable to have 2 subnets 192.168.55.x 192.168.2.x and samba will authenticate connections from the 192.168.55.x connections with the standard smbpasswd, and authenticate connections from 192.168.2.x across my AD LDAP server? And with this said, is there a way to force mask ownership? For instance, if I wanted the server side files to be owned by nobody.nobody, but allow username1 and username2 to authenticate from the AD server and write/create/rename files, but preserve the nobody.nobody ownership? Hope this all makes sense. :D Jimmy B: