Oh dear, I apologise for my typo in subject. Obviously it should mean: EDITPOSIX SETUP.> Hi, > > i've setup the samba environment like described in the wiki: > http://wiki.samba.org/index.php/Ldapsam_Editposix > > I can now easily add windows user / machines when using the policies for > "Administrator". > > I have also setup unix account session auth via libpam_ldap, libnss_ldap > like described here: > > http://www.gentoo.org/doc/en/ldap-howto.xml > > Some things i dont understand: > > 1. How is the unix password set for the windows users? > When i su <winusername> it is not accepting the win password. > I also tried editing the unix password via ldap-account-manager but also > with no luck. > > Is a unix password set in general when creating new accounts? > > With my unixuseraccounts migrated to ldap via migrationsscipt (the ones > used in the gentoo article) it is possible to su <username>. > > 2. How do I make a sambadomain user out of such a migrated unix user? > > 3. When creating accounts the user homes per default points to > /home/domainname/user. How can I change that? > > Thanks for any reply/feedback for my configs > > Gunnar > > my smb.conf: > --- > [global] > #pdc > netbios name = TIGGER > workgroup = th-domain > domain logons = yes > > #path > logon home = \\%N\%U > logon path = \\%N\%U\.winprofile > > #password > encrypt passwords = true > passdb backend = ldapsam > > #ldap > ldap suffix = dc=th-domain,dc=lan > ldapsam:trusted = yes > ldapsam:editposix = yes > ldap admin dn = cn=admin,dc=th-domain,dc=lan > ldap delete dn = yes > ldap group suffix = ou=groups > ldap machine suffix = ou=computers > ldap user suffix = ou=peoples > ldap idmap suffix = ou=idmap > > #idmap > idmap domains = th-domain > idmap config th-domain:backend = ldap > idmap config th-domain:readonly = no > idmap config th-domain:default = yes > idmap config th-domain:ldap_base_dn = ou=idmap,dc=th-domain,dc=lan > idmap config th-domain:ldap_user_dn = cn=admin,dc=th-domain,dc=lan > idmap config th-domain:ldap_url = ldap://localhost > idmap config th-domain:range = 50000-500000 > idmap alloc backend = ldap > idmap alloc config:ldap_base_dn = ou=idmap,dc=th-domain,dc=lan > idmap alloc config:ldap_user_dn = cn=admin,dc=th-domain,dc=lan > idmap alloc config:ldap_url = ldap://localhost > idmap alloc config:range = 50000-500000 > > #logging > log level = 1 > --- > my nsswitch/pam /etc/ldap.conf > --- > ssl off > suffix "dc=th-domain,dc=lan" > uri ldap://localhost > pam_password exop > > rootbinddn "cn=root,dc=th-domain,dc=lan" > > ldap_version 3 > pam_filter objectclass=posixAccount > pam_login_attribute uid > pam_member_attribute memberuid > nss_base_passwd ou=peoples,dc=th-domain,dc=lan > nss_base_shadow ou=peoples,dc=th-domain,dc=lan > nss_base_group ou=groups,dc=th-domain,dc=lan > nss_base_hosts ou=hosts,dc=th-domain,dc=lan > > scope one > ---- > >
> > i've setup the samba environment like described in the wiki: > > http://wiki.samba.org/index.php/Ldapsam_Editposix > > I can now easily add windows user / machines when using the policies for > > "Administrator". > > I have also setup unix account session auth via libpam_ldap, libnss_ldap > > like described here: > > http://www.gentoo.org/doc/en/ldap-howto.xml > > Some things i dont understand: > > 1. How is the unix password set for the windows users?Depends on your settings; usually Samba will set both passwords or use exop which should set both passwords. Note - I haven't bothered to look at the Wikis you mentioned. If you want to setup Samba you should do so using the Samba documentation.> > When i su <winusername> it is not accepting the win password. > > I also tried editing the unix password via ldap-account-manager but also > > with no luck. > > Is a unix password set in general when creating new accounts?In general, yes, but it depends on your settings.> > With my unixuseraccounts migrated to ldap via migrationsscipt (the ones > > used in the gentoo article) it is possible to su <username>.Have no idea about your migration script but yes; we can su <username> in our Samba-PDC/LDAP environment. http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/ http://us1.samba.org/samba/docs/man/Samba-Guide/ Use the official documentation, except no substitutes, and don't use Wikis. There is really nothing distro-specific about setting up Samba and/or LDAP.> > 2. How do I make a sambadomain user out of such a migrated unix user?You use smbpasswd or generate the required data with a script.> > 3. When creating accounts the user homes per default points to > > /home/domainname/user. How can I change that?This is a setting in your user add scripts (I'd assume). -- Adam Tauno Williams, Network & Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org
Keep traffic on the list.> Thanks, for your answer and pointing to the samba howto collection . > I had a look in the howtos and of course manfiles in first place. > But they didnt answered my question. > I also use exop for password handling (see my my config file ldap.conf) > I had checked my logs and now I see this in my log.winbindd-idmap > ---- > ==============================================================> [2007/12/20 16:58:40, 0] lib/fault.c:fault_report(42) > INTERNAL ERROR: Signal 11 in pid 6122 (3.0.26a) > Please read the Trouble-Shooting section of the Samba3-HOWTO > [2007/12/20 16:58:40, 0] lib/fault.c:fault_report(44) > > From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf > [2007/12/20 16:58:40, 0] lib/fault.c:fault_report(45)This is very very bad. You should never see a "Signal 11". Your hardware is bad, your build is smashed, or something is very seriously mis-configured.> ==============================================================> [2007/12/20 16:58:40, 0] lib/util.c:smb_panic(1632) > PANIC (pid 6122): internal error > [2007/12/20 16:58:40, 0] lib/util.c:log_stack_trace(1736) > BACKTRACE: 12 stack frames: > #0 /usr/sbin/winbindd(log_stack_trace+0x1c) [0x4d3e9c] > #1 /usr/sbin/winbindd(smb_panic+0x43) [0x4d3f83] > #2 /usr/sbin/winbindd [0x4c1992] > #3 /lib/libc.so.6 [0x2b69c7fe87d0] > #4 /usr/sbin/winbindd(idmap_unixids_to_sids+0x345) [0x5d4a05] > #5 /usr/sbin/winbindd(idmap_uid_to_sid+0x6c) [0x5d7edc] > #6 /usr/sbin/winbindd(winbindd_dual_uid2sid+0x38) [0x479838] > #7 /usr/sbin/winbindd [0x476a27] > #8 /usr/sbin/winbindd [0x44efa8] > #9 /usr/sbin/winbindd(main+0x85c) [0x44fcdc] > #10 /lib/libc.so.6(__libc_start_main+0xf4) [0x2b69c7fd4b44] > #11 /usr/sbin/winbindd [0x44e319] > ----- Adam Tauno Williams, Network & Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org