samba - Feb 2018 - Migration from 3.6.25-0ubuntu0.12.04.10 to 4.x with passdb backend = ldapsam

On Wed, 21 Feb 2018 15:26:26 +0300
Vladimir Skubriev <skubriev at cvisionlab.com> wrote:
> You a sure. I have already configured openldap, which is workd as
> expected with old smb server.
> 
> net getlocalsid & net getdomainsid returns the same SID.
> LDAP sambaDomainName=EXAMPLE has the same SID in attribute sambaSID.
> 
> Also DIT has windows groups like Domain Users' etc ...
> 
> Unfortunately I can not find the reason for the unexpected exit of
> child smbd process.
> 
> Do your mean that I must remove all samba's data from ldap except dn:
> sambaDomainName=FILESERVER,dc=domain,dc=ltd (as described to tune in
> article)
> 
I am not saying that at all, what I am saying is, for all intents and
purposes, your smb.conf is for a PDC, yet you have :

server role = STANDALONE SERVER

in smb.conf.

I think you need to consider just what you require, a PDC or a
standalone server and then set up Samba & ldap accordingly.

If you want/need a standalone server, then you do not need things like
'Domain Users' etc, because your server will not be part of a domain.

Rowland

Thank you for a tip.

I want to setup a `STANDALONE` server relying on an external OpenLDAP for
authentication.

Is it possible on samba 4.x - ?

2018-02-21 15:49 GMT+03:00 Rowland Penny via samba <samba at
lists.samba.org>:
> On Wed, 21 Feb 2018 15:26:26 +0300
> Vladimir Skubriev <skubriev at cvisionlab.com> wrote:
>
> > You a sure. I have already configured openldap, which is workd as
> > expected with old smb server.
> >
> > net getlocalsid & net getdomainsid returns the same SID.
> > LDAP sambaDomainName=EXAMPLE has the same SID in attribute sambaSID.
> >
> > Also DIT has windows groups like Domain Users' etc ...
> >
> > Unfortunately I can not find the reason for the unexpected exit of
> > child smbd process.
> >
> > Do your mean that I must remove all samba's data from ldap except
dn:
> > sambaDomainName=FILESERVER,dc=domain,dc=ltd (as described to tune in
> > article)
> >
>
> I am not saying that at all, what I am saying is, for all intents and
> purposes, your smb.conf is for a PDC, yet you have :
>
> server role = STANDALONE SERVER
>
> in smb.conf.
>
> I think you need to consider just what you require, a PDC or a
> standalone server and then set up Samba & ldap accordingly.
>
> If you want/need a standalone server, then you do not need things like
> 'Domain Users' etc, because your server will not be part of a
domain.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


-- 
Faithfully yours,

CVision Lab System Administrator
Vladimir Skubriev

On Wed, 21 Feb 2018 16:01:14 +0300
Vladimir Skubriev <skubriev at cvisionlab.com> wrote:
> Thank you for a tip.
> 
> I want to setup a `STANDALONE` server relying on an external OpenLDAP
> for authentication.
> 
> Is it possible on samba 4.x - ?
> 
Yes, but you will need to use nslcd.

Rowland

On Wed, 2018-02-21 at 16:01 +0300, Vladimir Skubriev via samba
wrote:
> Thank you for a tip.
> 
> I want to setup a `STANDALONE` server relying on an external OpenLDAP for
> authentication.
> 
> Is it possible on samba 4.x - ?
I'm not sure, but it is very rarely done if it is.  You would
essentially be setting it up like a DC, with a domain record but that
domain actually being your hostname.  SIDs would point to your server,
and no other server could use that LDAP backend. 

It might be more standard (and therefore easier to get help) if you set
it up as a 'classic/NT4' DC but just never use the DC functionality. 

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba