1. In what situtation do I need People group as the group for machines?
Always. Until they fix the bug/design issue that is.
2. Should the PDC itself be in the ldap backend database?
I haven't found a good reason that it 'has' to in my tests.
3. In the /etc/ldap.conf, if I turn on the nss staff, I cannot log in to the dmain anymore. It said "User does not exist".Can you expand on this a bit more? From what you've said (which isn't much) it almost sounds like you didn't have ldap working as the posix auth system before you layered on samba.
Here are the specs of my setup: Fedora 2 (kernel 2.6.5-1.358) samba-3.0.3-5 openldap-2.1.29-1 smbldap-tools-0.8.5-1.1.fc2.dag
########### /etc/samba/smb.conf ######################### [global] workgroup = ab netbios name = pdc username map = /etc/samba/smbusers admin users= @"Domain Admins" server string = Samba Server %v security = user encrypt passwords = Yes min passwd length = 3 obey pam restrictions = No ldap passwd sync = Yes time server = Yes mangling method = hash2
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=Manager,dc=ab,dc=com
ldap suffix = dc=ab,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
ldap ssl = no
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g" delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
preserve case = yes
short preserve case = yes
case sensitive = no
[homes] comment = repertoire de %U, %u read only = No create mask = 0644 directory mask = 0775 browseable = No
[netlogon] path = /home/netlogon/ browseable = No read only = yes
[profiles]
path = /home/profiles
read only = no
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = yes
csc policy = disable
# next line is a great way to secure the profiles force user = %U # next line allows administrator to access all profiles valid users = %U "Domain Admins"
##################### /etc/openldap/slap.conf ################################
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/autofs.schema
include /etc/openldap/schema/samba.schema
allow bind_v2 pidfile /var/run/slapd.pid
database ldbm suffix "dc=ab,dc=com" rootdn "cn=Manager,dc=ab,dc=com" rootpw some secret
directory /var/lib/ldap
index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub
##################### /etc/smbldap-tools/smbldap.conf ################################
SID="S-1-5-21-324808091-3910462042-2848579765"
slaveLDAP="127.0.0.1" slavePort="389" masterLDAP="127.0.0.1" masterPort="389"
ldapTLS="0"
suffix="dc=ab,dc=com" usersdn="ou=Users,${suffix}" computersdn="ou=Computers,${suffix}" groupsdn="ou=Groups,${suffix}" idmapdn="ou=Idmap,${suffix}" sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
scope="sub" hash_encrypt="SSHA" crypt_salt_format="%s"
userLoginShell="/bin/tcsh" userHome="/u/%U" userGecos="System User" defaultUserGid="513" defaultComputerGid="515" skeletonDir="/etc/skel"
userSmbHome="\\pdc\%U" userProfile="" userHomeDrive="H:"
with_smbpasswd="0" smbpasswd="/usr/bin/smbpasswd"
######################## /etc/ldap.conf ################################ # host 127.0.0.1 base dc=ab,dc=com # nss_base_passwd ou=Users,dc=ab,dc=com?one # nss_base_shadow ou=Users,dc=ab,dc=com?one # nss_base_group ou=Group,dc=ab,dc=com?one ssl no pam_password md5
--- Kang Sun
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc. Information Systems Consultant Fax: 701-281-1322
URL: www.ae-solutions.com mailto: [EMAIL PROTECTED]
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
