Most of this is generated by FreeNAS's gui, so I'll have to figure out how to override it. I know where the file is, but I don't know if changes I make to it will actually stick, but that's for a different forum :) Just curious, since I appear to be running a PDC, is there a way to have a standalone samba server, and just get the user/password information from LDAP without doing all the domain stuff? That's actually what I'd like to do. I don't need a domain controller. On 5/26/19 4:12 AM, Rowland penny via samba wrote:> On 26/05/2019 02:04, David Kowis via samba wrote: >> Certainly: https://termbin.com/wr68 >> >> Thanks again! >> > OK, you are running Samba as an NT4-style PDC, though you don't seem to > think so, because you have 'server role = member server', so I would > remove the 'server role' line. > > I would change 'server min protocol = SMB2_02' to 'server min protocol > NT1' > > I would also change 'ldap ssl = start tls' to 'ldap ssl = off' until you > get Samba working, you can turn it on again later. > > You have this: > > passdb backend = ldapsam:ldap://pione.dark.kow.is > ldap admin dn = cn=admin,dc=dark,dc=kow,dc=is > ldap suffix = dc=dark,dc=kow,dc=is > ldap user suffix = ou=Users > ldap group suffix = ou=Groups > ldap machine suffix = ou=Computers > ldap ssl = start tls > ldap password sync = yes > ldapsam:trusted = yes > ldapsam:editposix = yes > idmap config *: backend = tdb > idmap config *: range = 90000001-100000000 > idmap config NOSGOTH: backend = ldap > idmap config NOSGOTH: range = 10000-90000000 > idmap config NOSGOTH: ldap_base_dn = ou=idmap,dc=dark,dc=kow,dc=is > idmap config NOSGOTH: ldap_user_dn = cn=sambaadmin,dc=dark,dc=kow,dc=is > idmap config NOSGOTH: ldap_url = ldap://pione.dark.kow.is > > When I tested creating a PDC some time ago, I could only get it working > with this: > > passdb backend = ldapsam > ldap admin dn = cn=admin,dc=dark,dc=kow,dc=is > ldap suffix = dc=dark,dc=kow,dc=is > ldap user suffix = ou=Users > ldap group suffix = ou=Groups > ldap machine suffix = ou=Computers > ldap ssl = off > ldap password sync = yes > ldapsam:editposix = yes > ldapsam:trusted = yes > idmap config * : backend = ldap > idmap config * : range = 10000-90000000 > idmap config * : ldap_url = ldap://pione.dark.kow.is > idmap config * : ldap_base_dn = ou=idmap,dc=dark,dc=kow,dc=is > idmap config * : ldap_user_dn = cn=admin,dc=dark,dc=kow,dc=isI'll see if I can't give this configuration a go, in the meantime.> > Rowland > > > >
On 26/05/2019 16:03, David Kowis via samba wrote:> Most of this is generated by FreeNAS's gui, so I'll have to figure out > how to override it. I know where the file is, but I don't know if > changes I make to it will actually stick, but that's for a different > forum :)I think I can gues which ;-)> > Just curious, since I appear to be running a PDC, is there a way to have > a standalone samba server, and just get the user/password information > from LDAP without doing all the domain stuff? That's actually what I'd > like to do. I don't need a domain controller.I sort of thought you didn't Try this: remove 'security = user' which will make it 'security = auto' Change these: domain logons = yes server role = member server To: domain logons = no server role = standalone server This should get you a standalone server with users in LDAP. I must point out that I have never tried the above, but it should work. Rowland
On 5/26/19 10:14 AM, Rowland penny via samba wrote:>> Just curious, since I appear to be running a PDC, is there a way to have >> a standalone samba server, and just get the user/password information >> from LDAP without doing all the domain stuff? That's actually what I'd >> like to do. I don't need a domain controller. > > I sort of thought you didn't > > Try this: > > remove 'security = user' which will make it 'security = auto' > > Change these: > > domain logons = yes > server role = member server > > To: > > domain logons = no > server role = standalone server > > This should get you a standalone server with users in LDAP. > > I must point out that I have never tried the above, but it should work.Sadly, it doesn't seem to, or it's a combination of how I must configure things in FreeNAS land. `testparm` shows the expected output with a few exceptions. Fortunately, I'm able to override settings in the smb4.conf by specifying them again, and last-one-in-wins: https://termbin.com/ausk It is showing up as a ROLE_STANDALONE server, but I do see during the startup of smbd: https://pastebin.com/Fgd8PPXb I assume that's from the lines, but I don't know. ``` idmap config nosgoth: ldap_url = ldap://pione.dark.kow.is idmap config nosgoth: ldap_user_dn cn=sambaadmin,dc=dark,dc=kow,dc=is idmap config nosgoth: ldap_base_dn = ou=idmap,dc=dark,dc=kow,dc=is idmap config nosgoth: range = 10000-90000000 idmap config nosgoth: backend = ldap ``` Is there a way to specify things by setting them to empty? I can't delete the entries, because FreeNAS auto-generates this file on boot from it's configuration database, but I can append to the end and include stuff that overrides the existing setup.... Thanks again! -- David