RE: [Samba] Samba+LDAP - so close yet so far:) ...STILL NOTSOLVED

[kent]

Yes, running RH 8, samba 3.0.0, openldap 2.1.30, Berkeley DB 4.2.52. Seems
to work fine.

ldap suffix = dc=tow,dc=net
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = cn=admin,dc=tow,dc=net

Kent N

> Hi,
>
>ldap admin dn = cn=root,dc=juwimm,dc=local
>ldap suffix = ou=juwidc01,dc=juwimm,dc=local
>ldap user suffix = ou=users
>ldap group suffix = ou=groups
>ldap machine suffix = ou=machines
>
> Works well with samba 3.0.2a on a suse 9.0 machine
>
>> Is there anyone succes with place Users and Computers in
>> different ou's ?
>>
>> regards
>> reza
>
>
>


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba+LDAP - so close yet so far:) ...STILL NOTSOLVED

[José Ildefonso Camargo Tolosa]

What does your ldap.conf (or pam_ldap.conf or libnss-ldap.conf) looks 
like?  I assume It is something like this:

nss_base_passwd dc=juwimm,dc=local?sub
nss_base_shadow dc=juwimm,dc=local?sub
nss_base_group  ou=Groups,dc=juwimm,dc=local?one
Wich, unless you have ldap for samba only, is not a very good idea.  You 
should have something like:

nss_base_passwd ou=Samba,dc=juwimm,dc=local?sub
nss_base_shadow ou=Samba,dc=juwimm,dc=local?sub
nss_base_group  ou=Groups,dc=juwimm,dc=local?one
and use:
ou=users,ou=Samba,dc=juwimm,dc=local  for your users.
ou=machines,ou=Samba,dc=juwimm,dc=local  for the computers.
and put:
ldap user suffix = ou=users,ou=Samba
ldap machine suffix = ou=machines,ou=Samba
in your smb.conf
This way you can even have different samba PDCs in the same ldap, using 
different ou (let's say that you have 4 domains in your network 
(different network segments, maybe), then you can keep them independent 
one of the other, and still have a central user 
administration/storage).  Or, off course, different services sharing the 
same ldap directory.

Andre Helberg wrote:
Hi,
  ldap admin dn = cn=root,dc=juwimm,dc=local
  ldap suffix = ou=juwidc01,dc=juwimm,dc=local
  ldap user suffix = ou=users
  ldap group suffix = ou=groups
  ldap machine suffix = ou=machines 

Works well with samba 3.0.2a on a suse 9.0 machine
 

Is there anyone succes with place Users and Computers in 
different ou's ?

regards
reza
   

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba+LDAP - so close yet so far:) ...STILL NOTSOLVED

[Andre Helberg]

Hi,

   ldap admin dn = cn=root,dc=juwimm,dc=local
   ldap suffix = ou=juwidc01,dc=juwimm,dc=local
   ldap user suffix = ou=users
   ldap group suffix = ou=groups
   ldap machine suffix = ou=machines 

Works well with samba 3.0.2a on a suse 9.0 machine

> Is there anyone succes with place Users and Computers in 
> different ou's ?
> 
> regards
> reza

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [idx-smbldap-tools ] RE: [Samba] Samba+LDAP - so close yet so far :) ...STILL NOTSOLVED

[Mohammad Reza]

Partially Solved:

http://lists.samba.org/archive/samba/2004-May/085233.html

thanks om Wisnu...

Is there anyone succes with place Users and Computers in different ou's ?

regards
reza


-Original Message-
From:   Mohammad Reza
Sent:   Thu 7/22/2004 1:56 PM
To: Craig White; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc: 
Subject:[idx-smbldap-tools ] RE: [Samba] Samba+LDAP - so close yet so far  :) 
...STILL NOTSOLVED
> Dear lists...
>  
> But this still un-solved the real problem to join w2k to samba3-ldap .
> I'm here with the same situation.
> I even switch my distro to SuSe with same result, still cant join domain.
> Please give us hint how to solve or debug this problem.
>  
you will need to work through the examples in the Samba How-to

http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/

I haven't a clue where you are at or what your problem is

Craig


My Problem is, i cant join my w2k machine to Samba-Ldap Server.
Error from w2k machine is "Logon Failure bad user name and password"
when try join with Administrator account and right passwor
My Linux is Fedora Core 2 with samba-3.0.3-5, openldap-2.1.29-1 and 
smbldap-tools-0.8.5-1

My configuration  are:

#smb.conf###
# Global parameters
[global]
workgroup = MRAGROUP
netbios name = PDC-SMB3
interfaces = 172.16.0.237
username map = /etc/samba/smbusers
#admin users= @"Domain Admins"
server string = Samba Server %v
security = user
encrypt passwords = Yes
min passwd length = 3
obey pam restrictions = No
#unix password sync = Yes
#passwd program = /usr/local/sbin/smbldap-passwd -u %u
 #passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" 
%n\n"
ldap passwd sync = Yes
log level = 5
syslog = 0
log file = /var/log/samba/log.%m
max log size = 10
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
 
logon script = logon.bat
logon drive = H:
logon home =
logon path =
 
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
passdb backend = ldapsam:ldap://127.0.0.1/
# passdb backend = ldapsam:"ldap://127.0.0.1/ ldap://slave.idealx.com";
 # ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
#ldap admin dn = cn=samba,ou=Users,dc=idealx,dc=org
ldap admin dn = cn=Manager,dc=mragroup,dc=net
ldap suffix = dc=mragroup,dc=net
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
#ldap ssl = start tls
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
#delete user script = /usr/local/sbin/smbldap-userdel "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
#delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
 
# printers configuration
printer admin = @"Print Operators"
load printers = Yes
create mask = 0640
directory mask = 0750
nt acl support = No
printing = cups
printcap name = cups
deadtime = 10
guest account = nobody
map to guest = Bad User
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
show add printer wizard = yes
; to maintain capital letters in shortcuts in any of the profile folders:
preserve case = yes
short preserve case = yes
case sensitive = no
 
[homes]
comment = repertoire de %U, %u
read only = No
create mask = 0644
directory mask = 0775
browseable = No
 
[netlogon]
path = /home/netlogon/
 browseable = No
read only = yes
 
[profiles]
path = /home/profiles
read only = no
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = yes
csc policy = disable
# next line is a great way to secure the profiles
force user = %U
# next line allows administrator to access all profiles
valid users = %U @"Domain Admins"
 
[printers]

RE: [Samba] Samba+LDAP - so close yet so far :) ...STILL NOTSOLVED

[Mohammad Reza]

> Dear lists...
>  
> But this still un-solved the real problem to join w2k to samba3-ldap .
> I'm here with the same situation.
> I even switch my distro to SuSe with same result, still cant join domain.
> Please give us hint how to solve or debug this problem.
>  
you will need to work through the examples in the Samba How-to

http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/

I haven't a clue where you are at or what your problem is

Craig


My Problem is, i cant join my w2k machine to Samba-Ldap Server.
Error from w2k machine is "Logon Failure bad user name and password"
when try join with Administrator account and right passwor
My Linux is Fedora Core 2 with samba-3.0.3-5, openldap-2.1.29-1 and 
smbldap-tools-0.8.5-1

My configuration  are:

#smb.conf###
# Global parameters
[global]
workgroup = MRAGROUP
netbios name = PDC-SMB3
interfaces = 172.16.0.237
username map = /etc/samba/smbusers
#admin users= @"Domain Admins"
server string = Samba Server %v
security = user
encrypt passwords = Yes
min passwd length = 3
obey pam restrictions = No
#unix password sync = Yes
#passwd program = /usr/local/sbin/smbldap-passwd -u %u
 #passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" 
%n\n"
ldap passwd sync = Yes
log level = 5
syslog = 0
log file = /var/log/samba/log.%m
max log size = 10
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
 
logon script = logon.bat
logon drive = H:
logon home =
logon path =
 
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
passdb backend = ldapsam:ldap://127.0.0.1/
# passdb backend = ldapsam:"ldap://127.0.0.1/ ldap://slave.idealx.com";
 # ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
#ldap admin dn = cn=samba,ou=Users,dc=idealx,dc=org
ldap admin dn = cn=Manager,dc=mragroup,dc=net
ldap suffix = dc=mragroup,dc=net
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
#ldap ssl = start tls
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
#delete user script = /usr/local/sbin/smbldap-userdel "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
#delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
 
# printers configuration
printer admin = @"Print Operators"
load printers = Yes
create mask = 0640
directory mask = 0750
nt acl support = No
printing = cups
printcap name = cups
deadtime = 10
guest account = nobody
map to guest = Bad User
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
show add printer wizard = yes
; to maintain capital letters in shortcuts in any of the profile folders:
preserve case = yes
short preserve case = yes
case sensitive = no
 
[homes]
comment = repertoire de %U, %u
read only = No
create mask = 0644
directory mask = 0775
browseable = No
 
[netlogon]
path = /home/netlogon/
 browseable = No
read only = yes
 
[profiles]
path = /home/profiles
read only = no
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = yes
csc policy = disable
# next line is a great way to secure the profiles
force user = %U
# next line allows administrator to access all profiles
valid users = %U @"Domain Admins"
 
[printers]
comment = Network Printers
printer admin = @"Print Operators"
guest ok = yes
printable = yes
path = /home/spool/
browseable = No
read only  = Yes
printable = Yes
print command = /usr/bin/lpr -P%p -r %s
lpq command = /usr/bin/lpq -P%p
lprm command = /usr/bin/lprm -P%p %j
 
[print$]
path = /home/printers
guest ok = No
browseable = Yes
read only = Yes
valid users = @"Print Operators"
write list = @"Print Operators"
create mask = 0664
directory mask = 0775
 
[public]
comment = Repertoire public
path