hi
I have pdc with openldap and samba...two server a master(shogun) and
slave(shinobi), two works right and are replicated, and samba works
right just when ldapsam is pointed to the same host where it installed
(samba is in shogun the master) i mean "passdb backend
ldapsam:ldaps://shogun.ironman.es:636" , it works right...but when i put
"passdb backend = ldapsam:ldaps://shinobi.ironman.es:636" or
"passdb backend = ldapsam:"ldaps://shogun.ironman.es:636
ldaps://shinobi.ironman.es:636", it works just when shogun is up. I test
shinobi for auth and it works right. The certificates are right cause i
can get auth from all machines and when i start samba teh log don't show
any thing wrong.
My smb.conf
[global]
workgroup = IRONMAN
netbios name = SHOGUN
server string = SAMBA-LDAP PDC server
; wins support = no
; wins server = w.x.y.z
interfaces = eth1
pam password change = Yes
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
; syslog only = no
syslog = 0
panic action = /usr/share/samba/panic-action %d
name resolve order = lmhosts host wins bcast
####AUTENTIFICACION######
security = user
encrypt passwords = true
passdb backend = ldapsam:ldaps://shogun.ironman.es:636
;ldappassword sync =yes
; guest account = guest
####; invalid users = root####
unix password sync = no
ldap password sync = yes
passwd program = /usr/local/sbin/bin/smbldap-passwd -o %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX
\spassword:* %n\n .
; obey pam restrictions = yes
; pam password change = no
#####LDAP#####
ldap admin dn = cn=admin,dc=ironman,dc=es
ldap ssl = on
ldap delete dn = no
ldap suffix = dc=ironman,dc=es
ldap user suffix = ou=people
ldap group suffix = ou=groups
ldap machine suffix = ou=machines
########## Printing ##########
# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
load printers = yes
# lpr(ng) printing. You may wish to override the location of the
# printcap file
; printing = bsd
; printcap name = /etc/printcap
# CUPS printing. See also the cupsaddsmb(8) manpage in the
# cupsys-client package.
printing = cups
printcap name = cups
# When using [print$], root is implicitly a 'printer admin', but you can
# also give this right to other users to add drivers and set printer
# properties
printer admin = @domainprintoperators
#######PDC###########3
os level = 80
preferred master = yes
domain master = yes
local master = yes
domain logons = yes
; logon path = //SHOGUN/profiles/%u
logon drive = V:
logon home = //SHOGUN/%u
logon script =%u.bat
; domain admin group = @domainadmins
add user script = /usr/local/sbin/smbldap-useradd -w %u
######## File sharing ########
# Name mangling options
; preserve case = yes
; short preserve case = yes
############ Misc ############
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
add user script = /usr/local/sbin/smbldap-useradd -w %u
#======================= Share Definitions ======================
[homes]
comment = Home Directories
browseable = no
writable = yes
create mask = 0700
directory mask = 0700
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
browseable = no
guest ok = no
create mask = 0700
use client driver = no
printable = yes
public = yes
writable = no
printer admin = root, @domainprintoperators
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
; write list = root, chechu
[netlogon]
comment = Network Logon Service
path = /home/users/netlogon
writeable = no
share modes = no
guest ok = yes
write list = @domainadmins
[profiles]
comment = User's Profiles
path = /home/users/profiles
writeable = yes
browseable = no
create mask = 0600
directory mask = 0700
guest ok = yes
[peliculas]
comment = Peliculas
path = /mnt/media/peliculas
writable = no
browseable = yes
guest ok = no
[videoclips]
comment = Videoclips
path = /mnt/ftp/videoclips
writable = no
browseable = yes
guest ok = no
[series]
comment = Series
path = /mnt/media/series
writable = no
browseable = yes
guest ok = no
[musica]
comment = musica
path = /mnt/media/musica
writable = no
browseable = yes
guest ok = no
[mldonkey]
comment = Peliculas
path = /mldonkey
writable = no
browseable = yes
guest ok = no
[pelis]
comment = Peliculas
path = /pelis
writable = no
browseable = yes
guest ok = no
