Most of this is generated by FreeNAS's gui, so I'll have to figure out
how to override it. I know where the file is, but I don't know if
changes I make to it will actually stick, but that's for a different
forum :)
Just curious, since I appear to be running a PDC, is there a way to have
a standalone samba server, and just get the user/password information
from LDAP without doing all the domain stuff? That's actually what I'd
like to do. I don't need a domain controller.
On 5/26/19 4:12 AM, Rowland penny via samba wrote:> On 26/05/2019 02:04, David Kowis via samba wrote:
>> Certainly: https://termbin.com/wr68
>>
>> Thanks again!
>>
> OK, you are running Samba as an NT4-style PDC, though you don't seem to
> think so, because you have 'server role = member server', so I
would
> remove the 'server role' line.
>
> I would change 'server min protocol = SMB2_02' to 'server min
protocol > NT1'
>
> I would also change 'ldap ssl = start tls' to 'ldap ssl =
off' until you
> get Samba working, you can turn it on again later.
>
> You have this:
>
> passdb backend = ldapsam:ldap://pione.dark.kow.is
> ldap admin dn = cn=admin,dc=dark,dc=kow,dc=is
> ldap suffix = dc=dark,dc=kow,dc=is
> ldap user suffix = ou=Users
> ldap group suffix = ou=Groups
> ldap machine suffix = ou=Computers
> ldap ssl = start tls
> ldap password sync = yes
> ldapsam:trusted = yes
> ldapsam:editposix = yes
> idmap config *: backend = tdb
> idmap config *: range = 90000001-100000000
> idmap config NOSGOTH: backend = ldap
> idmap config NOSGOTH: range = 10000-90000000
> idmap config NOSGOTH: ldap_base_dn = ou=idmap,dc=dark,dc=kow,dc=is
> idmap config NOSGOTH: ldap_user_dn = cn=sambaadmin,dc=dark,dc=kow,dc=is
> idmap config NOSGOTH: ldap_url = ldap://pione.dark.kow.is
>
> When I tested creating a PDC some time ago, I could only get it working
> with this:
>
> passdb backend = ldapsam
> ldap admin dn = cn=admin,dc=dark,dc=kow,dc=is
> ldap suffix = dc=dark,dc=kow,dc=is
> ldap user suffix = ou=Users
> ldap group suffix = ou=Groups
> ldap machine suffix = ou=Computers
> ldap ssl = off
> ldap password sync = yes
> ldapsam:editposix = yes
> ldapsam:trusted = yes
> idmap config * : backend = ldap
> idmap config * : range = 10000-90000000
> idmap config * : ldap_url = ldap://pione.dark.kow.is
> idmap config * : ldap_base_dn = ou=idmap,dc=dark,dc=kow,dc=is
> idmap config * : ldap_user_dn = cn=admin,dc=dark,dc=kow,dc=is
I'll see if I can't give this configuration a go, in the meantime.
>
> Rowland
>
>
>
>