J Xu
2007-May-08 11:54 UTC
[Samba] ldapsam backend for standalone server - is it possible?
Hi, List,
I am wondering if it is possible to set up a
standalone server with ldapsam backend. I mean, not to
set it up as a domain controller; ideally I don't want
a windows domain but would like to stick with the
windows workgroup mode.
All the samba officail documents and other docs on the
web are for set it up as a [primary|backup] domain
controller.
Below I list the mimimal working samba configurations:
[global]
workgroup = MYGROUP
netbios name = LDAPSMB
server string = Samba Server
security = user
passdb backend = ldapsam:ldap://127.0.0.1/
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
printcap name = /etc/printcap
dns proxy = No
ldap admin dn = "cn=admin,dc=mydomain,dc=com"
ldap suffix = dc=mydomain,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=People
idmap uid = 10000-20000
idmap gid = 10000-20000
cups options = raw
local master = yes
preferred master = yes
os level = 33
domain master = yes
domain logons = yes
[homes]
comment = Home Directories
read only = No
browseable = No
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
share modes = No
[profiles]
path = /home/samba/profiles
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
This setup is more or less for a backup domain
controller. If I remove "domain master = yes" and
"domain logons = yes" directives and netlogon and
profiles shares, I then can not login - "smbclient
//localhost/<testuser>" would give an error like this:
session setup failed: NT_STATUS_LOGON_FAILURE
Any help please?
PS:
1) I know how to set up a standalone server with
tdbsam backend and I can setup a ldapsam based domain
controller. Just that I could't get a standalone
server with ldapsam backend.
2) I've put effort to make sure I have proper SIDs in
my ldap database. During attempts to setup a
standalone server, I tried to change all user/group
SIDs to the local domain (i.e., the one got with "net
getlocalsid"), of course with appreciated RIDs
appended. And of couser the domain SID (i.e., the one
got with "net getdomainsid <mygroup>") only worked
when I set the samba server as domain controller. I
even tried to start with a clean ldap database and
empty samba secrets.tdb.
___________________________________________________________
What kind of emailer are you? Find out today - get a free analysis of your email
personality. Take the quiz at the Yahoo! Mail Championship.
http://uk.rd.yahoo.com/evt=44106/*http://mail.yahoo.net/uk
Andrew Bartlett
2007-May-10 10:59 UTC
[Samba] ldapsam backend for standalone server - is it possible?
On Tue, 2007-05-08 at 12:53 +0100, J Xu wrote:> Hi, List, > > I am wondering if it is possible to set up a > standalone server with ldapsam backend. I mean, not to > set it up as a domain controller; ideally I don't want > a windows domain but would like to stick with the > windows workgroup mode.> 1) I know how to set up a standalone server with > tdbsam backend and I can setup a ldapsam based domain > controller. Just that I could't get a standalone > server with ldapsam backend.I always hoped this kind of thing would work, but I don't think anybody ever tests it... Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20070510/2387d531/attachment.bin