On 07/05/15 16:19, Rowland Penny wrote:> Did the smb.conf above work on samba 3.6 ?Absolutely! It's still working now.> I would have expected the ldap lines to be something like these:> ldap suffix="dc=ventu" > ldap admin dn="cn=root,dc=ventu" I have these. > ldap machine suffix = ou=machines > ldap user suffix = ou=users > ldap group suffix = ou=groups 3.6 works without these, why shouldn't 4.2? AFAIK, these can help performance, but with 3 PCs and 5 users they should practically make no difference. BTW, in my case "machines" is "computers".> ldap delete dn = noThis is the default, so it should make no difference.> passdb backend = ldapsam:ldap://127.0.0.1"ldap://localhost" is the default (as per "man smb.conf"), so this should be equivalent to what I have. In any case, I tried with those lines and they don't make any difference either with 3.6 (still working) and 4.2 (still NOT working). Thanks av.
On 06/07/15 08:21, Andrea Venturoli wrote:> On 07/05/15 16:19, Rowland Penny wrote: > >> Did the smb.conf above work on samba 3.6 ? > > Absolutely! It's still working now. > > > > > >> I would have expected the ldap lines to be something like these: > > ldap suffix="dc=ventu" > > ldap admin dn="cn=root,dc=ventu" > > I have these. > > > ldap machine suffix = ou=machines > > ldap user suffix = ou=users > > ldap group suffix = ou=groups > > 3.6 works without these, why shouldn't 4.2? > AFAIK, these can help performance, but with 3 PCs and 5 users they > should practically make no difference. > BTW, in my case "machines" is "computers".OK, so you just have 'dc=ventu' and everything is stored in there ? well it is your domain, but I wouldn't have set it up like that even with only 3 PCs and 5 users, to be honest, I wouldn't have bothered with a domain I would have gone with a workgroup, but hey as I said, it's your domain.> >> ldap delete dn = no > > This is the default, so it should make no difference. > >> passdb backend = ldapsam:ldap://127.0.0.1 > > "ldap://localhost" is the default (as per "man smb.conf"), so this > should be equivalent to what I have.No it isnt, the 127.0.0.1 == localhost I will give you, but: passdb backend = ldapsam idmap config * : backend=ldap:ldap://localhost is not: passdb backend = ldapsam:ldap://127.0.0.1 or passdb backend = ldapsam:ldap://localhost What I would suggest, given your domain is so small, search the internet for a fairly recent PDC howto and start again, but this time, please do it right. Rowland> > > > In any case, I tried with those lines and they don't make any > difference either with 3.6 (still working) and 4.2 (still NOT working). > > > Thanks > av.
On 07/06/15 10:17, Rowland Penny wrote:>> > ldap machine suffix = ou=machines >> > ldap user suffix = ou=users >> > ldap group suffix = ou=groups >> >> 3.6 works without these, why shouldn't 4.2? >> AFAIK, these can help performance, but with 3 PCs and 5 users they >> should practically make no difference. >> BTW, in my case "machines" is "computers". > > OK, so you just have 'dc=ventu' and everything is stored in there ?Yes, everything is under 'dc=ventu'; no, if you mean I don't have ou=users, ou=groups, ou=computers. As I said, I have those and in fact I modified my configuration as you suggested. What I was saying is just that searching an user in "dc=ventu" is almost as fast as serching it in "ou=users,dc=ventu", given the small size of my database.> well > it is your domain, but I wouldn't have set it up like that even with > only 3 PCs and 5 users, to be honest, I wouldn't have bothered with a > domain I would have gone with a workgroup, but hey as I said, it's your > domain.Right. It's also my test domain, so I'm trying to upgrade this and be sure it works and I know my ways, before I start upgrading bigger, more important, production domains (where I'll possibly have more than a hundred users and PCs, which cannot stop working for long).> passdb backend = ldapsam > idmap config * : backend=ldap:ldap://localhost > > is not: > passdb backend = ldapsam:ldap://127.0.0.1 > or > passdb backend = ldapsam:ldap://localhostI don't understand this, could you please explain why there are not the same? In any case, I tried your suggestion and it still didn't work.> What I would suggest, given your domain is so small, search the internet > for a fairly recent PDC howto and start again, but this time, please do > it right.See above. While I could start from scratch with this domain in little time, it's sort of a testbed for bigger domains which I could not easily rebuild. So I need to figure what is wrong before I move to those. bye & Thanks av.