As far as I know openldap will not work anymore. You need to do it with
samba 4 c-ldap.
Just migrate your users to samba 4, classic upgrade!
To make your linux box know about ads users my way is to use samba 4
winbind Ex.: for my CentOs 6.4:
Be sure winbind is running:
ldconfig -v | grep winbind
--
ldconfig: /etc/ld.so.conf.d/kernel-2.6.32-358.11.1.el6.x86_64.conf:6:
duplicate hwcap 1 nosegneg
libnss_winbind.so -> libnss_winbind.so.2
[root at s4master lib]# wbinfo -u
Administrator
Guest
krbtgt
dns-s4master
You need to change /etc/nsswitch.conf:
passwd: files winbind
shadow: files
group: files winbind
AND:
ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib64/libnss_winbind.so
ln -s /lib64/libnss_winbind.so /lib64/libnss_winbind.so.2
Now,
[root at s4master ~]# ldconfig -v | grep winbind
ldconfig: /etc/ld.so.conf.d/kernel-2.6.32-358.14.1.el6.x86_64.conf:6:
duplicate hwcap 1 nosegneg
libnss_winbind.so -> libnss_winbind.so.2
libnss_winbind.so -> libnss_winbind.so.2
And getent passwd
....
TPLK\Administrator:*:0:100:Daniel M?ller:/home/TPLK/Administrator:/bin/false
TPLK\Guest:*:3000011:3000012::/home/TPLK/Guest:/bin/false
TPLK\krbtgt:*:3000022:100::/home/TPLK/krbtgt:/bin/false
TPLK\dns-s4master:*:3000023:100::/home/TPLK/dns-s4master:/bin/false
TPLK\marstaller:*:3000028:100:XXXXXXXXXXXX:/home/TPLK/marstaller:/bin/false
TPLK\tester:*:3000029:100::/home/TPLK/tester:/bin/false
Getent group
...
TPLK\Enterprise Read-Only Domain Controllers:*:3000016:
TPLK\Domain Admins:*:3000008:
TPLK\Domain Users:*:100:
TPLK\Domain Guests:*:3000012:
TPLK\Domain Computers:*:3000017:
TPLK\Domain Controllers:*:3000018:
TPLK\Schema Admins:*:3000007:
TPLK\Enterprise Admins:*:3000006:
TPLK\Group Policy Creator Owners:*:3000004:
TPLK\Read-Only Domain Controllers:*:3000019:
TPLK\DnsUpdateProxy:*:3000020:
Good Luck
Daniel
-----------------------------------------------
EDV Daniel M?ller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 T?bingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Urspr?ngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
Im
Auftrag von Fran?ois Dagorn
Gesendet: Mittwoch, 23. Oktober 2013 07:46
An: samba at lists.samba.org
Betreff: [Samba] samba4 + LDAP
Hello all,
we are currently running several samba 3 services to give CIFS access to
shares (mostly homedirs).
Well, access to the shares are controlled by our LDAP service (not AD,
OpenLDAP). Our servers are using sssd + pam to check wether or not a user is
allowed to mount the share (on some old servers we also use the pam_ldap
module for pam).
Now, we just want to run samba 4 as simply as possible, i.e. just install
samba 4 without any change on the sssd + pam side. Hum, seems difficult,
samba does not query LDAP at all !
I've looked at
http://wiki.samba.org/index.php/Local_user_management_and_authentication/sss
d
strange, seems to need a special account in our LDAP service, IS THIS TRUE ?
or is there a way to continue with SSSD + PAM without changing anything in
our LDAP service ?
Any help would be appreciated !
Cheers.
Fran?ois
Universit? de Rennes
France
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba