Javier Barroso
2006-Jun-28 08:28 UTC
[Samba] Domain member against Samba+LDAP server configuration problem
Hi people, I have a problem with my configuration. I'd like my debian box was client of a Domain (Samba+LDAP) my smb.conf is: [global] security = domain workgroup = DOMAIN_NAME netbios name = MYCOMPUTER log level = 3 auth:10 winbind:10 idmap backend = ldap:ldap://xxx.xxx.xx.xxx ldap suffix = dc=DOMAIN_NAME,dc=com ldap idmap suffix = ou=Idmap idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash When I execute: # getent passwd DOMAIN\\myuser it returns a empty result. When I comment idmap backend = ldap:ldap://xxx.xxx.xx.xx directive, and restart the services , it work fine and return my user with a uid between 10000 and 20000 I would like uid was get from last number of sambaSID attribute on ldap tree The same happens with groups. I had read http://samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2577138, but it use security = ads when it put 'idmap backend' directive on the configuration. Thank you !
Javier Barroso
2006-Jun-28 14:36 UTC
[Samba] Re: Domain member against Samba+LDAP server configuration problem
Hi people again (sorry if this email arrives two time into your inbox, robomod@news.nic.it sent me a message about it was refused), I solved my problem: I added to my smb.conf: ldap admin dn = cn=admin,dc=DOMAINNAME,dc=com allow trusted domains = No And I had to execute smbpasswd -w SECRET Why domain member need ldap secret after it was joined to domain ? Thanks you ! On 6/28/06, Javier Barroso <javibarroso@gmail.com> wrote:> > Hi people, > > I have a problem with my configuration. I'd like my debian box was client > of a Domain (Samba+LDAP) > > my smb.conf is: > [global] > security = domain > workgroup = DOMAIN_NAME > netbios name = MYCOMPUTER > log level = 3 auth:10 winbind:10 > idmap backend = ldap:ldap://xxx.xxx.xx.xxx > ldap suffix = dc=DOMAIN_NAME,dc=com > ldap idmap suffix = ou=Idmap > idmap uid = 10000-20000 > idmap gid = 10000-20000 > template shell = /bin/bash > > > When I execute: > > # getent passwd DOMAIN\\myuser > > it returns a empty result. > > When I comment idmap backend = ldap:ldap://xxx.xxx.xx.xx directive, and > restart the services , it work fine and return my user with a uid between > 10000 and 20000 > I would like uid was get from last number of sambaSID attribute on ldap > tree > > The same happens with groups. > > I had read > http://samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2577138, but it use security = ads when it put 'idmap backend' directive on the > configuration. > > Thank you ! > > >
Edmundo Valle Neto
2006-Jun-28 18:40 UTC
[Samba] Domain member against Samba+LDAP server configuration problem
Javier Barroso escreveu:> Hi people, > > I have a problem with my configuration. I'd like my debian box was > client of > a Domain (Samba+LDAP) >cut You can use Samba + Winbind to do that and make you Linux box a domain member, but you don't REALLY need it to use a Samba domain with a Linux client. If you have an LDAP backend you probably will have accounts with POSIX attributes, this is all that is needed by the Linux "domain member" to know about the domain users and authenticate using these account. You can configure NSS and PAM to use LDAP and then install smbfs (to mount the shares), it will install the samba-common package, not the samba (server) package, that almost the only thing you must specify (trough debconf) is accept password encryption and set the domain name. You can even automount shares using libpam-mount on logon. Regards. Edmundo Valle Neto