Except for the ldap.conf file, my machine was well configured. But I learned that nsswitch is not yet fully implemented in DragonFly BSD, the OS I use. So I guess this is why it won't work. Fortunatly, Samba works great as a simple print/file manager, but it's not fully fonctionnal here as a domain server.
Thanks for the answer. SR Nelson Vale a écrit : > If your Samba is running as a PDC, and you are logged in the samba domain, > you > are able to list the LDAP users in the shares or files security tab, and you > don't need winbind. All you need is nsswitch.conf configured with: > > # /etc/nsswitch.conf > # > > passwd: files ldap > group: files ldap > shadow: files ldap > > > Plus ldap.conf like: > > bindpw xxxxxxxx > binddn xxxxxxxxxxx > uri ldap://xxx.xxx.xxx.xxx > base dc=local,dc=loc > rootbinddn xxxxxxxxxxxxxxxxxxxxx > host 127.0.0.1 > ldap_version 3 > scope one > ssl no > pam_login_attribute uid > pam_member_attribute gid > pam_password md5 > nss_base_passwd dc=local,dc=loc?sub > nss_base_shadow dc=local,dc=loc?sub > nss_base_group ou=Groups,dc=local,dc=loc?one > > > > In smb.conf you need to put something like: > > ldap user suffix = ou=People > ldap machine suffix = ou=Computers > ldap group suffix = ou=Groups > ldap suffix = dc=local,dc=loc > ldap admin dn = cn=xxxxxxxxxxxxxxxxxxxxxx > ldap idmap suffix = ou=Idmap > > > Your LDAP must also have the default samba Domain Groups. > > > Em Thursday 06 December 2007 20:29, o Shammah Chancellor escreveu: >> Hi, >> >> Problem: >> >> I seem to be able to add users to ACLs from windows due to an "Name Not >> Found" error when looking up a username. According to what I have been >> able to find, you cannot browse users on a samba server from windows >> without winbind and "security = domain/ads". However, winbind does not >> have any place in my environment aside from remedying this problem. Is >> there some alternative to enable this feature, or method of setting up >> winbind that is innocuous in my environment while maintaining "security >> = user"? >> >> Background on the Environment: >> >> I am running Samba 3.0.25c on Solaris 10u4 with "security = user". I >> am using the vfs object "zfsacl" to enable ACL support on my zfs >> filesystem. We use LDAP as a password backend, which also stores >> sambaSIDs for every user. SIDs and unix UIDs are synchronized across >> all the samba servers because they all use the same LDAP backend. >> >> Thanks in advance! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba