Yep, I've done that, I basically followed the Solaris 9 HOWTO from the main HOWTO collection that comes with Samba 3.0, the only difference is that I used an /etc/pam.conf for Solaris 9 posted on the list by Patrik Gustavsson. I haven't managed to get hold of him, he says he has made it work on Solaris 9. I also want to get pam_mkhomedir work but I have to get past this bit first. >From his email signature it looks like he work for Sun in Sweden but even the Sun helpdesk in the UK hasn't been able to get hold of him yet.
-----Original Message----- From: John H Terpstra [mailto:[EMAIL PROTECTED] Sent: 08 January 2004 15:54 To: Ganguly, Sapan Cc: 'ww m-pubsyssamba'; '[EMAIL PROTECTED]' Subject: RE: [Samba] How do I get Winbind accounts in LDAP? On Thu, 8 Jan 2004, Ganguly, Sapan wrote: > > I'm doing the same thing but with NT4 so I'm not using active > directory. The only thing you haven't mentioned that I can think of is > nsswitch.conf, you should have - > > Passwd: files winbind > Group: files winbind > > Getent works for me, I'm stuck with getting log ons to the Solaris > machine with NT usernames to work. If you want to log onto the Sun machine using Windows networking credentials you must configure PAM to support the use of pam_winbind.so. Have you done that? - John T. > They seem to have changed something in Solaris 9, even Sun hasn't been > able to help me! > > -----Original Message----- > From: ww m-pubsyssamba [mailto:[EMAIL PROTECTED] > Sent: 08 January 2004 13:45 > To: Ganguly, Sapan ; [EMAIL PROTECTED] > Subject: RE: [Samba] How do I get Winbind accounts in LDAP? > > > Hi Sapan/All, > > ok this is all in my test/dev environment. I have a Sun Sparc > workstation running Solaris 9 and an Intel server running Windows 2000 > server acting as a Native mode AD DC. My Sparc system has Samba 3.0.1 > installed and is successfully joined to the AD domain, I can > authenticate via kerberos and wbinfo -u lists domain users etc. All I > need LDAP for is centralising the IDMAP mappings across our > theoretical Samba server infrastructure. > > On the same sparc system I also have SunONE DS 5.2 installed, this > has the schema for Samba 3.0.1 successfully loaded. I have created the > idamap OU in the directory and I have configured my smb.conf to use > LDAP for idmap data, file attached. And I have set the LDAP admin > account password with "smbpasswd -w". I have also disabled nscd from > starting up & installed patch 113476-05 which is required for Solaris > 9. I can also see winbindd establishing a connection to Sun LDAP in > its access log. > > As I was writing this mail I have noticed that a getent for users > and groups is not displaying any AD users/groups but is exiting with a > status 0, this is despite the fact that wbinfo is correctly displaying > all my AD users/groups!? I can see from a snoop and truss run on the > getent that it is making LDAP calls to the AD DC but it's not > returning anything!?! I have had this running on a Solaris 8 system in > my test environment successfully and can't think of anything I've done > differently. > > If anyone can help I'd greatly appreciate it, > > many thanks Andy. > > -----Original Message----- > From: Ganguly, Sapan [mailto:[EMAIL PROTECTED] > Posted At: 07 January 2004 16:44 > Posted To: Samba > Conversation: [Samba] How do I get Winbind accounts in LDAP? > Subject: RE: [Samba] How do I get Winbind accounts in LDAP? > > > > Andy, > > Tell us a bit more, I'm doing a similar thing I think. I'm not using > Sun's LDAP service, I have OpenLDAP running on a Redhat 9.0 box and > I'm logging into my Solaris 9.0 machine running winbind, with my NT > username and password which creates an idmap in the openldap database > on the Redhat box....well, that's what it is supposed to do > anyway...it works fine on Redhat, Solaris is proving to be a little > more tricky. > > Is this what you are doing? > > -----Original Message----- > From: ww m-pubsyssamba [mailto:[EMAIL PROTECTED] > Sent: 07 January 2004 14:23 > To: [EMAIL PROTECTED] > Subject: RE: [Samba] How do I get Winbind accounts in LDAP? > > > Hi John/List, > > I'm attemtpting this (idmap in LDAP) with samba3.0.1 and Sun DS 5.2 > but without any success. I've tried what John T has suggested below > but my idmap OU is still empty (adapted LDAP commnads for Sun DS). I > cannot see any errors in either Samba or Sun DS logs, does anyone have > any troubleshooting tips to help work out why this isn't working? > > many thanks Andy. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf > Of John H Terpstra Posted At: 03 January 2004 23:54 Posted To: Samba > Conversation: [Samba] How do I get Winbind accounts in LDAP? > Subject: Re: [Samba] How do I get Winbind accounts in LDAP? > > > Kent, > > Did you create the container for the ou=Idmap in your LDAP database? > The IDMAP entries are automatically added to LDAP - IF the container > exists, and so long as Samba can access that database. > > Also, I suggest you store your machine accounts in the Users container > and not in the Computers container. Samba does not at this time search > the Computers container correctly. > > Execute the following to find out if your LDAP database has an IDMAP > container: > slapcat | grep -i IDMAP > > > If nothing is returned, execute this: > > ldapadd -x -D "cn=admin,dc=tow,dc=net" -w 'password' << EOR > dn: ou=Idmap,dc=abmas,dc=biz > objectClass: organizationalunit > ou: idmap > structuralObjectClass: organizationalunit > EOR > > Now you must stop samba, delete the winbind*tdb files, restart samba, > run: > wbinfo -u > And that should automatically populate your LDAP IDMAP database. > > Cheers, > John T. > > > > BBCi at http://www.bbc.co.uk/ > > This e-mail (and any attachments) is confidential and may contain > personal views which are not the views of the BBC unless specifically > stated. If you have received it in error, please delete it from your > system. Do not use, copy or disclose the information in any way nor > act in reliance on it and notify the sender immediately. Please note > that the BBC monitors e-mails sent or received. Further communication > will signify your consent to this. > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba