RE: [Samba] Samba+LDAP - so close yet so far:) ...STILL NOTSOLVED
Yes, running RH 8, samba 3.0.0, openldap 2.1.30, Berkeley DB 4.2.52. Seems to work fine. ldap suffix = dc=tow,dc=net ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap admin dn = cn=admin,dc=tow,dc=net Kent N > Hi, > >ldap admin dn = cn=root,dc=juwimm,dc=local >ldap suffix = ou=juwidc01,dc=juwimm,dc=local >ldap user suffix = ou=users >ldap group suffix = ou=groups >ldap machine suffix = ou=machines > > Works well with samba 3.0.2a on a suse 9.0 machine > >> Is there anyone succes with place Users and Computers in >> different ou's ? >> >> regards >> reza > > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba+LDAP - so close yet so far:) ...STILL NOTSOLVED
What does your ldap.conf (or pam_ldap.conf or libnss-ldap.conf) looks like? I assume It is something like this: nss_base_passwd dc=juwimm,dc=local?sub nss_base_shadow dc=juwimm,dc=local?sub nss_base_group ou=Groups,dc=juwimm,dc=local?one Wich, unless you have ldap for samba only, is not a very good idea. You should have something like: nss_base_passwd ou=Samba,dc=juwimm,dc=local?sub nss_base_shadow ou=Samba,dc=juwimm,dc=local?sub nss_base_group ou=Groups,dc=juwimm,dc=local?one and use: ou=users,ou=Samba,dc=juwimm,dc=local for your users. ou=machines,ou=Samba,dc=juwimm,dc=local for the computers. and put: ldap user suffix = ou=users,ou=Samba ldap machine suffix = ou=machines,ou=Samba in your smb.conf This way you can even have different samba PDCs in the same ldap, using different ou (let's say that you have 4 domains in your network (different network segments, maybe), then you can keep them independent one of the other, and still have a central user administration/storage). Or, off course, different services sharing the same ldap directory. Andre Helberg wrote: Hi, ldap admin dn = cn=root,dc=juwimm,dc=local ldap suffix = ou=juwidc01,dc=juwimm,dc=local ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=machines Works well with samba 3.0.2a on a suse 9.0 machine Is there anyone succes with place Users and Computers in different ou's ? regards reza -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba+LDAP - so close yet so far:) ...STILL NOTSOLVED
Hi, ldap admin dn = cn=root,dc=juwimm,dc=local ldap suffix = ou=juwidc01,dc=juwimm,dc=local ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=machines Works well with samba 3.0.2a on a suse 9.0 machine > Is there anyone succes with place Users and Computers in > different ou's ? > > regards > reza -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [idx-smbldap-tools ] RE: [Samba] Samba+LDAP - so close yet so far :) ...STILL NOTSOLVED
Partially Solved: http://lists.samba.org/archive/samba/2004-May/085233.html thanks om Wisnu... Is there anyone succes with place Users and Computers in different ou's ? regards reza -Original Message- From: Mohammad Reza Sent: Thu 7/22/2004 1:56 PM To: Craig White; [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: Subject:[idx-smbldap-tools ] RE: [Samba] Samba+LDAP - so close yet so far :) ...STILL NOTSOLVED > Dear lists... > > But this still un-solved the real problem to join w2k to samba3-ldap . > I'm here with the same situation. > I even switch my distro to SuSe with same result, still cant join domain. > Please give us hint how to solve or debug this problem. > you will need to work through the examples in the Samba How-to http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/ I haven't a clue where you are at or what your problem is Craig My Problem is, i cant join my w2k machine to Samba-Ldap Server. Error from w2k machine is "Logon Failure bad user name and password" when try join with Administrator account and right passwor My Linux is Fedora Core 2 with samba-3.0.3-5, openldap-2.1.29-1 and smbldap-tools-0.8.5-1 My configuration are: #smb.conf### # Global parameters [global] workgroup = MRAGROUP netbios name = PDC-SMB3 interfaces = 172.16.0.237 username map = /etc/samba/smbusers #admin users= @"Domain Admins" server string = Samba Server %v security = user encrypt passwords = Yes min passwd length = 3 obey pam restrictions = No #unix password sync = Yes #passwd program = /usr/local/sbin/smbldap-passwd -u %u #passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n" ldap passwd sync = Yes log level = 5 syslog = 0 log file = /var/log/samba/log.%m max log size = 10 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 logon script = logon.bat logon drive = H: logon home = logon path = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes passdb backend = ldapsam:ldap://127.0.0.1/ # passdb backend = ldapsam:"ldap://127.0.0.1/ ldap://slave.idealx.com"; # ldap filter = (&(objectclass=sambaSamAccount)(uid=%u)) #ldap admin dn = cn=samba,ou=Users,dc=idealx,dc=org ldap admin dn = cn=Manager,dc=mragroup,dc=net ldap suffix = dc=mragroup,dc=net ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users #ldap ssl = start tls add user script = /usr/local/sbin/smbldap-useradd -m "%u" ldap delete dn = Yes #delete user script = /usr/local/sbin/smbldap-userdel "%u" add machine script = /usr/local/sbin/smbldap-useradd -w "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" #delete group script = /usr/local/sbin/smbldap-groupdel "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" # printers configuration printer admin = @"Print Operators" load printers = Yes create mask = 0640 directory mask = 0750 nt acl support = No printing = cups printcap name = cups deadtime = 10 guest account = nobody map to guest = Bad User dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd show add printer wizard = yes ; to maintain capital letters in shortcuts in any of the profile folders: preserve case = yes short preserve case = yes case sensitive = no [homes] comment = repertoire de %U, %u read only = No create mask = 0644 directory mask = 0775 browseable = No [netlogon] path = /home/netlogon/ browseable = No read only = yes [profiles] path = /home/profiles read only = no create mask = 0600 directory mask = 0700 browseable = No guest ok = Yes profile acls = yes csc policy = disable # next line is a great way to secure the profiles force user = %U # next line allows administrator to access all profiles valid users = %U @"Domain Admins" [printers]
RE: [Samba] Samba+LDAP - so close yet so far :) ...STILL NOTSOLVED
> Dear lists... > > But this still un-solved the real problem to join w2k to samba3-ldap . > I'm here with the same situation. > I even switch my distro to SuSe with same result, still cant join domain. > Please give us hint how to solve or debug this problem. > you will need to work through the examples in the Samba How-to http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/ I haven't a clue where you are at or what your problem is Craig My Problem is, i cant join my w2k machine to Samba-Ldap Server. Error from w2k machine is "Logon Failure bad user name and password" when try join with Administrator account and right passwor My Linux is Fedora Core 2 with samba-3.0.3-5, openldap-2.1.29-1 and smbldap-tools-0.8.5-1 My configuration are: #smb.conf### # Global parameters [global] workgroup = MRAGROUP netbios name = PDC-SMB3 interfaces = 172.16.0.237 username map = /etc/samba/smbusers #admin users= @"Domain Admins" server string = Samba Server %v security = user encrypt passwords = Yes min passwd length = 3 obey pam restrictions = No #unix password sync = Yes #passwd program = /usr/local/sbin/smbldap-passwd -u %u #passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n" ldap passwd sync = Yes log level = 5 syslog = 0 log file = /var/log/samba/log.%m max log size = 10 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 logon script = logon.bat logon drive = H: logon home = logon path = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes passdb backend = ldapsam:ldap://127.0.0.1/ # passdb backend = ldapsam:"ldap://127.0.0.1/ ldap://slave.idealx.com"; # ldap filter = (&(objectclass=sambaSamAccount)(uid=%u)) #ldap admin dn = cn=samba,ou=Users,dc=idealx,dc=org ldap admin dn = cn=Manager,dc=mragroup,dc=net ldap suffix = dc=mragroup,dc=net ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users #ldap ssl = start tls add user script = /usr/local/sbin/smbldap-useradd -m "%u" ldap delete dn = Yes #delete user script = /usr/local/sbin/smbldap-userdel "%u" add machine script = /usr/local/sbin/smbldap-useradd -w "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" #delete group script = /usr/local/sbin/smbldap-groupdel "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" # printers configuration printer admin = @"Print Operators" load printers = Yes create mask = 0640 directory mask = 0750 nt acl support = No printing = cups printcap name = cups deadtime = 10 guest account = nobody map to guest = Bad User dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd show add printer wizard = yes ; to maintain capital letters in shortcuts in any of the profile folders: preserve case = yes short preserve case = yes case sensitive = no [homes] comment = repertoire de %U, %u read only = No create mask = 0644 directory mask = 0775 browseable = No [netlogon] path = /home/netlogon/ browseable = No read only = yes [profiles] path = /home/profiles read only = no create mask = 0600 directory mask = 0700 browseable = No guest ok = Yes profile acls = yes csc policy = disable # next line is a great way to secure the profiles force user = %U # next line allows administrator to access all profiles valid users = %U @"Domain Admins" [printers] comment = Network Printers printer admin = @"Print Operators" guest ok = yes printable = yes path = /home/spool/ browseable = No read only = Yes printable = Yes print command = /usr/bin/lpr -P%p -r %s lpq command = /usr/bin/lpq -P%p lprm command = /usr/bin/lprm -P%p %j [print$] path = /home/printers guest ok = No browseable = Yes read only = Yes valid users = @"Print Operators" write list = @"Print Operators" create mask = 0664 directory mask = 0775 [public] comment = Repertoire public path