Ernest Keller wrote:
...
TIA
Ernest
I am at a loss here, I cannot map any AD container other then BUILTIN.
Here is some configuration info:
[EMAIL PROTECTED]:~> testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[odin]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
smb.conf contents:
[global]
workgroup = domain
netbios name = samba-box
server string = samba-box.domain.com
realm = DOMAIN.COM
security = ads
password server = dc.domain.com # no kdc errors if I specify a
kdc server
ldap idmap suffix = cn=users,dc=domain,dc=com
prefered master = no
local master = no
domain master = no
prefered master = no
domain logons = no
encrypt passwords = yes
update encrypted = yes
password level = 20
winbind use default domain = yes
winbind separator = \
winbind enum users = yes
winbind enum groups = yes
idmap uid = 15000-20000
idmap gid = 15000-20000
hide unreadable = no
wins support = no
dns proxy = no
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add machine script = /usr/sbin/useradd -c Machine -d
/var/lib/nobody -s /bin/false %m$
use spnego = yes
os level = 20
template shell = /bin/bash
template homedir = /home/%D/%U
load printers = no
[odin]
comment = samba share
inherit acls = Yes
path = /usr/local/odin/
read only = no
user = @"DOMAIN+domain users"
force group = users
force user = users
guest ok = no
results of net ads join command:
[EMAIL PROTECTED]:~> sudo net ads join -U [EMAIL PROTECTED] "users"
[EMAIL PROTECTED]'s password:
ads_join_realm: organizational unit users does not exist
(dn:ou=users,dc=DOMAIN,dc=COM)
output of the wbinfo -g command:
[EMAIL PROTECTED]:~> sudo wbinfo -g
BUILTIN/system operators
BUILTIN/replicators
BUILTIN/guests
BUILTIN/power users
BUILTIN/print operators
BUILTIN/administrators
BUILTIN/account operators
BUILTIN/backup operators
BUILTIN/users
and output of the wbinfo -u command:
[EMAIL PROTECTED]:~> sudo wbinfo -u
Error looking up domain users
I have the available services:
[EMAIL PROTECTED]:~> ps xaf | grep nmbd
9530 ? Ss 0:00 /usr/sbin/nmbd -D -s /etc/samba/smb.conf
[EMAIL PROTECTED]:~> ps xaf | grep smbd
9658 ? Ss 0:00 /usr/sbin/smbd -D -s /etc/samba/smb.conf
9681 ? S 0:00 \_ /usr/sbin/smbd -D -s /etc/samba/smb.conf
[EMAIL PROTECTED]:~> ps xaf | grep winbindd
9669 ? Ss 0:00 /usr/sbin/winbindd -s /etc/samba/smb.conf
9670 ? S 0:00 \_ /usr/sbin/winbindd -s /etc/samba/smb.conf
Am I doing something wrong?
...
LDAP://server.domain.com/CN=Users,DC=server,DC=domain,DC=com
Note the CN=Users, vs. OU=Users, I will go read the RFC to see if I
can get more info on this.
So, you're not authenticating against ADS? If you are, are you sure the
winbind daemon is running?
Dimitri
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
Jason Gerfen
"My girlfriend threated to
leave me if I went boarding...
I will miss her."
~ DIATRIBE aka FBITKK
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
