On 5/26/19 10:14 AM, Rowland penny via samba wrote:>> Just curious, since I appear to be running a PDC, is there a way to have >> a standalone samba server, and just get the user/password information >> from LDAP without doing all the domain stuff? That's actually what I'd >> like to do. I don't need a domain controller. > > I sort of thought you didn't > > Try this: > > remove 'security = user' which will make it 'security = auto' > > Change these: > > domain logons = yes > server role = member server > > To: > > domain logons = no > server role = standalone server > > This should get you a standalone server with users in LDAP. > > I must point out that I have never tried the above, but it should work.Sadly, it doesn't seem to, or it's a combination of how I must configure things in FreeNAS land. `testparm` shows the expected output with a few exceptions. Fortunately, I'm able to override settings in the smb4.conf by specifying them again, and last-one-in-wins: https://termbin.com/ausk It is showing up as a ROLE_STANDALONE server, but I do see during the startup of smbd: https://pastebin.com/Fgd8PPXb I assume that's from the lines, but I don't know. ``` idmap config nosgoth: ldap_url = ldap://pione.dark.kow.is idmap config nosgoth: ldap_user_dn cn=sambaadmin,dc=dark,dc=kow,dc=is idmap config nosgoth: ldap_base_dn = ou=idmap,dc=dark,dc=kow,dc=is idmap config nosgoth: range = 10000-90000000 idmap config nosgoth: backend = ldap ``` Is there a way to specify things by setting them to empty? I can't delete the entries, because FreeNAS auto-generates this file on boot from it's configuration database, but I can append to the end and include stuff that overrides the existing setup.... Thanks again! -- David
On 5/26/19 6:42 PM, David Kowis via samba wrote:> Is there a way to specify things by setting them to empty? I can't > delete the entries, because FreeNAS auto-generates this file on boot > from it's configuration database, but I can append to the end and > include stuff that overrides the existing setup....I figured out how to get rid of a lot of the PDC stuff that FreeNAS was injecting. Testparm: https://termbin.com/96y9 actual smb.conf: https://termbin.com/ks1e It's got a lot less stuff in there now. I still see it searching LDAP for a Domain, which is not what I want it to do. I guess maybe because I have a domain entry in ldap, it's going to search for it no matter what? I wouldn't expect that, but I'm not sure what's telling it to search for a domain: [2019/05/26 18:54:30.376438, 2] ../source3/passdb/pdb_ldap_util.c:281(smbldap_search_domain_info) smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=FREENAS))] It finds one of course, but still. The entire logs from server startup to where I tried to connect to a fileshare :( https://pastebin.com/KF2Bhf9G -- David
On 27/05/2019 00:42, David Kowis via samba wrote:> > On 5/26/19 10:14 AM, Rowland penny via samba wrote: >>> Just curious, since I appear to be running a PDC, is there a way to have >>> a standalone samba server, and just get the user/password information >>> from LDAP without doing all the domain stuff? That's actually what I'd >>> like to do. I don't need a domain controller. >> I sort of thought you didn't >> >> Try this: >> >> remove 'security = user' which will make it 'security = auto' >> >> Change these: >> >> domain logons = yes >> server role = member server >> >> To: >> >> domain logons = no >> server role = standalone server >> >> This should get you a standalone server with users in LDAP. >> >> I must point out that I have never tried the above, but it should work. > Sadly, it doesn't seem to, or it's a combination of how I must configure > things in FreeNAS land. `testparm` shows the expected output with a few > exceptions. Fortunately, I'm able to override settings in the smb4.conf > by specifying them again, and last-one-in-wins: > https://termbin.com/ausk > > It is showing up as a ROLE_STANDALONE server, but I do see during the > startup of smbd: > https://pastebin.com/Fgd8PPXb > > I assume that's from the lines, but I don't know. > ``` > idmap config nosgoth: ldap_url = ldap://pione.dark.kow.is > idmap config nosgoth: ldap_user_dn > cn=sambaadmin,dc=dark,dc=kow,dc=is > idmap config nosgoth: ldap_base_dn = ou=idmap,dc=dark,dc=kow,dc=is > idmap config nosgoth: range = 10000-90000000 > idmap config nosgoth: backend = ldap > ``` > > Is there a way to specify things by setting them to empty? I can't > delete the entries, because FreeNAS auto-generates this file on boot > from it's configuration database, but I can append to the end and > include stuff that overrides the existing setup.... > > Thanks again! > -- David >I showed you how I got a PDC to work, forget the PDC bit, I could only get the LDAP part to work by putting everything into the default domain (*). I tried the way that works on a Unix domain member, separate 'DOMAIN' and '*' lines, but I could not get this to work. I rapidly came to the point that setting up a new PDC was a bad idea, but in your case, you don't really have much choice, because of the ACLs used on freenas. Rowland
On 27/05/2019 00:57, David Kowis via samba wrote:> On 5/26/19 6:42 PM, David Kowis via samba wrote: >> Is there a way to specify things by setting them to empty? I can't >> delete the entries, because FreeNAS auto-generates this file on boot >> from it's configuration database, but I can append to the end and >> include stuff that overrides the existing setup.... > I figured out how to get rid of a lot of the PDC stuff that FreeNAS was > injecting. > Testparm: > https://termbin.com/96y9 > > actual smb.conf: > https://termbin.com/ks1e > > It's got a lot less stuff in there now. I still see it searching LDAP > for a Domain, which is not what I want it to do. I guess maybe because I > have a domain entry in ldap, it's going to search for it no matter what? > I wouldn't expect that, but I'm not sure what's telling it to search for > a domain: > [2019/05/26 18:54:30.376438, 2] > ../source3/passdb/pdb_ldap_util.c:281(smbldap_search_domain_info) > smbldap_search_domain_info: Searching > for:[(&(objectClass=sambaDomain)(sambaDomainName=FREENAS))] > > > It finds one of course, but still. > > The entire logs from server startup to where I tried to connect to a > fileshare :( > https://pastebin.com/KF2Bhf9G > > -- David >I think you need to talk to the freenas people, you need some way to set up the smb.conf in a way that it isn't overwritten. Rowland