On 07/04/15 13:04, Rowland Penny wrote:> Hi, never used freebsd, but 4.2 is not just an AD DC, it is also > supposed to be a replacement for the old 3.6 series and work in the same > way.That's what I'm trying to achieve.> There are some changes to what can and cannot go into smb.conf, but > these are minor and can easily be identified by reading the smb.conf > manpage and the samba release notes.I got some warnings about "idmap backend" being deprecated, but I think I solved; also they only were warnings.> Does anything start ?Sure: two instances of nmbd, one of smbd and three of winbindd.> Is there anything in the log files ?Nothing special: _ log.nmbd ends with "become_logon_server_success: Samba is now a logon server for workgroup VENTU on subnet 10.1.2.13"; _ log.smbd complains about not being able to retrieve printer list, but I'm not interested in printing; _ log.winbindd says it's ready. Also, sockets are open (port 137,138, 139 and 445) and there's a couple of connections from smbd to slapd.> what is your smb.conf ?Here's my global section:> [global] > log level=1 > unix password sync=no > workgroup = VENTU > server string = SOTH > load printers=no > max log size=50000 > security = user > encrypt passwords = yes > interfaces = nfe0 10.1.2.13/24 > local master = yes > os level = 255 > domain master = yes > preferred master = yes > domain logons = yes > logon script=netlogon.cmd %U > wins support = yes > wins proxy = yes > dns proxy = no > ldap admin dn="cn=root,dc=ventu" > ldap ssl=off > ldap suffix="dc=ventu" > passdb backend = ldapsam > ea support=yes > map hidden=no > map system=no > map archive=no > idmap config * : backend=ldap:ldap://localhost > ldap idmap suffix="dc=ventu" > hosts allow = 127. 10.1.2. > name resolve order = wins > time server = no > map archive = No > hide dot files=no > lm announce=auto > logon path> logon home> unix extensions=no > mangled names=no > winbind use default domain=yes"smbclient -U andrea -I 10.1.2.13 -L //soth" asks for a password, but then dumps core (it doesn't matter if the given password is right or wrong). "wbinfo -u" correctly retrieves the user list, but PAM authentication (through pam_winbind.so) fails. So you confirm there is nothing special I had to do, but didn't? I'd like to make sure I'm not wasting time, before I compile with debugging info, raise log levels, etc... bye & Thanks av.
On 05/07/15 14:59, Andrea Venturoli wrote:> On 07/04/15 13:04, Rowland Penny wrote: > >> Hi, never used freebsd, but 4.2 is not just an AD DC, it is also >> supposed to be a replacement for the old 3.6 series and work in the same >> way. > > That's what I'm trying to achieve. > > > >> There are some changes to what can and cannot go into smb.conf, but >> these are minor and can easily be identified by reading the smb.conf >> manpage and the samba release notes. > > I got some warnings about "idmap backend" being deprecated, but I > think I solved; also they only were warnings. > > > >> Does anything start ? > > Sure: two instances of nmbd, one of smbd and three of winbindd. > > > >> Is there anything in the log files ? > > Nothing special: > _ log.nmbd ends with "become_logon_server_success: Samba is now a > logon server for workgroup VENTU on subnet 10.1.2.13"; > _ log.smbd complains about not being able to retrieve printer list, > but I'm not interested in printing; > _ log.winbindd says it's ready. > > Also, sockets are open (port 137,138, 139 and 445) and there's a > couple of connections from smbd to slapd. > > > >> what is your smb.conf ? > > Here's my global section: >> [global] >> log level=1 >> unix password sync=no >> workgroup = VENTU >> server string = SOTH >> load printers=no >> max log size=50000 >> security = user >> encrypt passwords = yes >> interfaces = nfe0 10.1.2.13/24 >> local master = yes >> os level = 255 >> domain master = yes >> preferred master = yes >> domain logons = yes >> logon script=netlogon.cmd %U >> wins support = yes >> wins proxy = yes >> dns proxy = no >> ldap admin dn="cn=root,dc=ventu" >> ldap ssl=off >> ldap suffix="dc=ventu" >> passdb backend = ldapsam >> ea support=yes >> map hidden=no >> map system=no >> map archive=no >> idmap config * : backend=ldap:ldap://localhost >> ldap idmap suffix="dc=ventu" >> hosts allow = 127. 10.1.2. >> name resolve order = wins >> time server = no >> map archive = No >> hide dot files=no >> lm announce=auto >> logon path>> logon home>> unix extensions=no >> mangled names=no >> winbind use default domain=yes > >Did the smb.conf above work on samba 3.6 ? I would have expected the ldap lines to be something like these: passdb backend = ldapsam:ldap://127.0.0.1 ldap suffix="dc=ventu" ldap machine suffix = ou=machines ldap user suffix = ou=users ldap group suffix = ou=groups ldap admin dn="cn=root,dc=ventu" ldap delete dn = no Rowland> > > > "smbclient -U andrea -I 10.1.2.13 -L //soth" asks for a password, but > then dumps core (it doesn't matter if the given password is right or > wrong). > > "wbinfo -u" correctly retrieves the user list, but PAM authentication > (through pam_winbind.so) fails. > > > > > So you confirm there is nothing special I had to do, but didn't? > I'd like to make sure I'm not wasting time, before I compile with > debugging info, raise log levels, etc... > > > > bye & Thanks > av.
On 07/05/15 16:19, Rowland Penny wrote:> Did the smb.conf above work on samba 3.6 ?Absolutely! It's still working now.> I would have expected the ldap lines to be something like these:> ldap suffix="dc=ventu" > ldap admin dn="cn=root,dc=ventu" I have these. > ldap machine suffix = ou=machines > ldap user suffix = ou=users > ldap group suffix = ou=groups 3.6 works without these, why shouldn't 4.2? AFAIK, these can help performance, but with 3 PCs and 5 users they should practically make no difference. BTW, in my case "machines" is "computers".> ldap delete dn = noThis is the default, so it should make no difference.> passdb backend = ldapsam:ldap://127.0.0.1"ldap://localhost" is the default (as per "man smb.conf"), so this should be equivalent to what I have. In any case, I tried with those lines and they don't make any difference either with 3.6 (still working) and 4.2 (still NOT working). Thanks av.