Re: [gentoo-user] LDAP + Samba as PDC
http://gentoo-wiki.com/HOWTO_LDAP_SAMBA_PDC_Basic_Setup#Configure_NSS_LDAP Did you see this wiki on this? Have you read these sections? Sincerely, Joshua -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] LDAP + Samba as PDC
Sorry for taking this long, rough week. I didn't understand your answer. The Linux box you're talking about is the Samba server? Yes, the Samba server What is Winbind? Or nss_ldap? How did you setup a PDC without using either nss_ldap or winbind? nss_ldap: * requires modification to /etc/ldap.conf * requires the nss_ldap package. * requires modification of /etc/nsswitch.conf winbind: * requires the winbind flag for the samba ebuild * requires modification of /etc/nsswitch.conf getent passwd * returns users * returns workstations & servers also they will have a '$' at the end of the username). Normally this is completed via nss_ldap, but I have used winbind before, for the sake of not depending on the bleeding sore that is nss_ldap. So, how is the local box finding the network users? From your config, it appears that you are using smb-ldap tools, but is that the case? If you cat /etc/passwd - do you see the users? What does /etc/ldap.conf look like? Sincerely, Joshua -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] LDAP + Samba as PDC
On 11/14/06, Joshua Schmidlkofer <[EMAIL PROTECTED]> wrote: > Hi Cameron, > > thanks for the reply. Unfortunately, all the reg hacks I found > didn't work. If I find one that does, I'll post it here. :) > > Regards, > > Raphael This sounds exactly like you do not have the nsswitch.conf environment correct on your Linux box. Are you using Winbind or nss_ldap? Once you verify that, does getent find the user/workstation? Are you using nscd? Sorry for taking this long, rough week. I didn't understand your answer. The Linux box you're talking about is the Samba server? What is Winbind? Or nss_ldap? getent returns users, I don't know how to check for workstations. What is nscd? Sincerely, Joshua -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] LDAP + Samba as PDC
Hi Cameron, thanks for the reply. Unfortunately, all the reg hacks I found didn't work. If I find one that does, I'll post it here. :) Regards, Raphael This sounds exactly like you do not have the nsswitch.conf environment correct on your Linux box. Are you using Winbind or nss_ldap? Once you verify that, does getent find the user/workstation? Are you using nscd? Sincerely, Joshua -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] LDAP + Samba as PDC
On 11/13/06, Cameron Lowe <[EMAIL PROTECTED]> wrote: Raphael Melo de Oliveira Bastos Sales wrote: > Hi everyone, > > I've been trying to set up an authentication server for a mixed LAN > (Windows and Linux clientes ) and I'm having problems with Samba. > > The way it is today, the Windows clients can access the Samba > server and each user can access it's home, by double-clicking on the > server icon on the screen that shows all the machines on the network. > > But I'm unable to register the client workstations on the server. > It says something like "user name not found" when I try to do it. But > the odd thing is, when I look in the LDAP server, there is a registry > of the client there. > > I'd like to know if anyone has managed to do this type of thing > and, if possible, could send me the Samba config file (smb.conf) so I > can see what I'm doing wrong. > > Here is my smb.conf file. If anyone detects what I'm doing wrong, > I'd be grateful. :) > > [global] > server string = %L > workgroup = WORKGROUP > announce as = NT Server > > hosts allow = 192.168.0.0/24 > security = user > encrypt passwords = yes > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > interfaces = lo eth1 > bind interfaces only = yes > > local master = yes > os level = 100 > domain master = yes > preferred master = yes > > null passwords = no > #hide unreadable = yes > > enable privileges = yes > > domain logons = yes > logon script = login.bat > logon path = \\%L\profiles\%U > logon drive = H: > logon home = \\%L\%U\.9xprofile > > wins support = yes > name resolve order = wins lmhosts host bcast > dns proxy = no > > time server = yes > log file = /var/log/samba/log.%m > max log size = 50 > > passdb backend = ldapsam:ldaps://127.0.0.1:636/ > > ldap admin dn = cn=Laboratorio,dc=lara,dc=cic,dc=unb,dc=br > ldap port = 636 > ldap suffix = dc=lara,dc=cic,dc=unb,dc=br > ldap server = ldaps://127.0.0.1:636/ > ldap machine suffix = ou=Computers > ldap user suffix = ou=Users > ldap group suffix = ou=Groups > ldap idmap suffix = ou=Idmap > ldap delete dn = Yes > ldap password sync = yes > > add group script = /usr/sbin/smbldap-groupadd -p "%g" > add machine script = /usr/sbin/smbldap-useradd -w "%u" > add user script = /usr/sbin/smbldap-useradd -m "%u" > add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" > delete group script = /usr/sbin/smbldap-groupdel "%g" > delete user script = /usr/sbin/smbldap-userdel "%u" > delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" > passwd program = /usr/sbin/smbldap-passwd > passwd chat = "*New password:*" %n\r "*New password (again):*" %n\r \ > "*Password changed*" > set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" > > idmap backend = ldap:ldaps://127.0.0.1:636/ > idmap uid = 1-2 > idmap gid = 1-2 > > unix charset = ISO8859-1 > > profile acls = yes > > [netlogon] > path = /var/lib/samba/netlogon > guest ok = no > read only = yes > browseable = no > > [profiles] > path = /var/lib/samba/profiles > browseable = no > writeable = yes > default case = lower > preserve case = no > short preserve case = no > case sensitive = no > hide files = /desktop.ini/ntuser.ini/NTUSER.*/ > write list = @smbusers @root > create mask = 0600 > directory mask = 0700 > csc policy = disable > > [homes] > path = /home/%U > browseable = no > valid users = %S > read only = no > guest ok = no > inherit permissions = yes Last time I had to do something similar (no LDAP). I had to put a reg hack on the XP machines. A quick search in Google shoud come up with the reg hack. Hi Cameron, thanks for the reply. Unfortunately, all the reg hacks I found didn't work. If I find one that does, I'll post it here. :) Regards, Raphael -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] LDAP + Samba as PDC
Raphael Melo de Oliveira Bastos Sales wrote: Hi everyone, I've been trying to set up an authentication server for a mixed LAN (Windows and Linux clientes ) and I'm having problems with Samba. The way it is today, the Windows clients can access the Samba server and each user can access it's home, by double-clicking on the server icon on the screen that shows all the machines on the network. But I'm unable to register the client workstations on the server. It says something like "user name not found" when I try to do it. But the odd thing is, when I look in the LDAP server, there is a registry of the client there. I'd like to know if anyone has managed to do this type of thing and, if possible, could send me the Samba config file (smb.conf) so I can see what I'm doing wrong. Here is my smb.conf file. If anyone detects what I'm doing wrong, I'd be grateful. :) [global] server string = %L workgroup = WORKGROUP announce as = NT Server hosts allow = 192.168.0.0/24 security = user encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = lo eth1 bind interfaces only = yes local master = yes os level = 100 domain master = yes preferred master = yes null passwords = no #hide unreadable = yes enable privileges = yes domain logons = yes logon script = login.bat logon path = \\%L\profiles\%U logon drive = H: logon home = \\%L\%U\.9xprofile wins support = yes name resolve order = wins lmhosts host bcast dns proxy = no time server = yes log file = /var/log/samba/log.%m max log size = 50 passdb backend = ldapsam:ldaps://127.0.0.1:636/ ldap admin dn = cn=Laboratorio,dc=lara,dc=cic,dc=unb,dc=br ldap port = 636 ldap suffix = dc=lara,dc=cic,dc=unb,dc=br ldap server = ldaps://127.0.0.1:636/ ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap delete dn = Yes ldap password sync = yes add group script = /usr/sbin/smbldap-groupadd -p "%g" add machine script = /usr/sbin/smbldap-useradd -w "%u" add user script = /usr/sbin/smbldap-useradd -m "%u" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete group script = /usr/sbin/smbldap-groupdel "%g" delete user script = /usr/sbin/smbldap-userdel "%u" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" passwd program = /usr/sbin/smbldap-passwd passwd chat = "*New password:*" %n\r "*New password (again):*" %n\r \ "*Password changed*" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" idmap backend = ldap:ldaps://127.0.0.1:636/ idmap uid = 1-2 idmap gid = 1-2 unix charset = ISO8859-1 profile acls = yes [netlogon] path = /var/lib/samba/netlogon guest ok = no read only = yes browseable = no [profiles] path = /var/lib/samba/profiles browseable = no writeable = yes default case = lower preserve case = no short preserve case = no case sensitive = no hide files = /desktop.ini/ntuser.ini/NTUSER.*/ write list = @smbusers @root create mask = 0600 directory mask = 0700 csc policy = disable [homes] path = /home/%U browseable = no valid users = %S read only = no guest ok = no inherit permissions = yes Last time I had to do something similar (no LDAP). I had to put a reg hack on the XP machines. A quick search in Google shoud come up with the reg hack. -- gentoo-user@gentoo.org mailing list
[gentoo-user] LDAP + Samba as PDC
Hi everyone, I've been trying to set up an authentication server for a mixed LAN (Windows and Linux clientes ) and I'm having problems with Samba. The way it is today, the Windows clients can access the Samba server and each user can access it's home, by double-clicking on the server icon on the screen that shows all the machines on the network. But I'm unable to register the client workstations on the server. It says something like "user name not found" when I try to do it. But the odd thing is, when I look in the LDAP server, there is a registry of the client there. I'd like to know if anyone has managed to do this type of thing and, if possible, could send me the Samba config file (smb.conf) so I can see what I'm doing wrong. Here is my smb.conf file. If anyone detects what I'm doing wrong, I'd be grateful. :) [global] server string = %L workgroup = WORKGROUP announce as = NT Server hosts allow = 192.168.0.0/24 security = user encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = lo eth1 bind interfaces only = yes local master = yes os level = 100 domain master = yes preferred master = yes null passwords = no #hide unreadable = yes enable privileges = yes domain logons = yes logon script = login.bat logon path = \\%L\profiles\%U logon drive = H: logon home = \\%L\%U\.9xprofile wins support = yes name resolve order = wins lmhosts host bcast dns proxy = no time server = yes log file = /var/log/samba/log.%m max log size = 50 passdb backend = ldapsam:ldaps://127.0.0.1:636/ ldap admin dn = cn=Laboratorio,dc=lara,dc=cic,dc=unb,dc=br ldap port = 636 ldap suffix = dc=lara,dc=cic,dc=unb,dc=br ldap server = ldaps://127.0.0.1:636/ ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap delete dn = Yes ldap password sync = yes add group script = /usr/sbin/smbldap-groupadd -p "%g" add machine script = /usr/sbin/smbldap-useradd -w "%u" add user script = /usr/sbin/smbldap-useradd -m "%u" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete group script = /usr/sbin/smbldap-groupdel "%g" delete user script = /usr/sbin/smbldap-userdel "%u" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" passwd program = /usr/sbin/smbldap-passwd passwd chat = "*New password:*" %n\r "*New password (again):*" %n\r \ "*Password changed*" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" idmap backend = ldap:ldaps://127.0.0.1:636/ idmap uid = 1-2 idmap gid = 1-2 unix charset = ISO8859-1 profile acls = yes [netlogon] path = /var/lib/samba/netlogon guest ok = no read only = yes browseable = no [profiles] path = /var/lib/samba/profiles browseable = no writeable = yes default case = lower preserve case = no short preserve case = no case sensitive = no hide files = /desktop.ini/ntuser.ini/NTUSER.*/ write list = @smbusers @root create mask = 0600 directory mask = 0700 csc policy = disable [homes] path = /home/%U browseable = no valid users = %S read only = no guest ok = no inherit permissions = yes -- gentoo-user@gentoo.org mailing list