RE: [Samba] SUMMARY: Samba3 PDC with ldap backend in ldaps
Yes, I know and I have 2 ldap.conf on my server : /usr/local/etc/openldap/ldap.conf and /etc/ldap.conf The first is for openldap lib and the second for pam_ldap & nss_ldap I didn't want to put pam_ldap & nss_ldap parameters in the openldap ldap.conf because I was worrying my slapd would not accept them correctly. It is working well like this, maybe I could try to mixed both files but that would me recompile openldap lib ou slapd for me... so I am not very interested. thanx for the cue. -Original Message- From: Jeff Saxton [mailto:[EMAIL PROTECTED] Sent: August 19, 2004 3:32 PM To: [EMAIL PROTECTED] Cc: 'Bousquet Francois' Subject: RE: [Samba] SUMMARY: Samba3 PDC with ldap backend in ldaps Watch out, nss_ldap wants it in a different file, usually /etc/ldap.conf Jeff Saxton Sr. Support Engineer Addamark Technologies, Inc. http://www.addamark.com mailto:[EMAIL PROTECTED] CELL: +1 415-640-6392 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bousquet Francois Sent: Thursday, August 19, 2004 12:12 PM To: '[EMAIL PROTECTED]' Subject: [Samba] SUMMARY: Samba3 PDC with ldap backend in ldaps The ca certificate path must be entered in the ldap.conf of the openldap lib used by Samba. For me that was /usr/local/etc/openldap/ldap.conf Thanks everyone -Original Message- From: Bousquet Francois Sent: August 18, 2004 1:39 PM To: '[EMAIL PROTECTED]' Subject: Samba3 PDC with ldap backend in ldaps I have a Samba 3.0.4 installed on Solaris 7 as a PDC connecting to an ldap backend with ldaps (secure ldap). I need to specify the CA Certificate to Samba so it can accept the server certificate. What is the line to add to smb.conf ? I made some search and it doesn`t seems to have one. anyone have a idea ? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SUMMARY: Samba3 PDC with ldap backend in ldaps
The ca certificate path must be entered in the ldap.conf of the openldap lib used by Samba. For me that was /usr/local/etc/openldap/ldap.conf Thanks everyone -Original Message- From: Bousquet Francois Sent: August 18, 2004 1:39 PM To: '[EMAIL PROTECTED]' Subject: Samba3 PDC with ldap backend in ldaps I have a Samba 3.0.4 installed on Solaris 7 as a PDC connecting to an ldap backend with ldaps (secure ldap). I need to specify the CA Certificate to Samba so it can accept the server certificate. What is the line to add to smb.conf ? I made some search and it doesn`t seems to have one. anyone have a idea ? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba3 PDC with ldap backend in ldaps
I have a Samba 3.0.4 installed on Solaris 7 as a PDC connecting to an ldap backend with ldaps (secure ldap). I need to specify the CA Certificate to Samba so it can accept the server certificate. What is the line to add to smb.conf ? I made some search and it doesn`t seems to have one. anyone have a idea ? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] PDC with NO roaming profile
Is it possible to disable roaming profile and to force it local on each workstation that is a member of the Samba domain ? I have not set profiling with my Samba LDAP PDC and I get an error when login on a workstation that is domain member -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Can't join Samba-LDAP PDC
I am trying to join a windows server (Nt4 or 2K) to a Samba-LDAP PDC. Error message on Windows : The machine account for this computer either does not exist or is inaccessible. log.smbd : [2004/08/10 22:29:03, 5] lib/smbldap.c:smbldap_search(932) smbldap_search: base => [dc=prod,dc=blc,dc=com], filter => [(&(uid=NC1981WTX03$)(objectclass=sambaSamAccount))], scope => [2] [2004/08/10 22:29:03, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1157) ldapsam_getsampwnam: Unable to locate user [NC1981WTX03$] count=0 It creates a computer object in ldap with smbldap-useradd script from www.idealx.org but Samba seems to search for sambaSamAccount on this object, which is not a class of the newly created computer object. I read that Samba is supposed to modify the object and add the SambaSAMAccount, but my Samba isn`t doing that. Here is my configure : ./configure --prefix=/soft/samba3 --with-ldap --with-ldapsam Samba version 3.0.4 OpenLDAP 2.2.13 This is my smb.conf : [global] workgroup = INET_PROD netbios name = ub1981wfx01 server string = Samba LDAP-PDC INET_PROD security = user encrypt passwords = Yes passdb backend = ldapsam:ldap://ub1981wfx01 domain logons = Yes os level = 65 preferred master = Yes domain master = Yes domain logons = Yes add user script = /usr/local/sbin/smbldap-useradd -m '%u' delete user script = /usr/local/sbin/smbldap-userdel %u add group script = /usr/local/sbin/smbldap-groupadd -p '%g' delete group script = /usr/local/sbin/smbldap-groupdel '%g' add user to group script = /usr/local/sbin/smbldap-groupmod -m '%g' '%u' delete user from group script = /usr/local/sbin/smbldap-groupmod -x '%g' '%u' set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/local/sbin/smbldap-useradd -w '%u' ldap suffix = dc=prod,dc=blc,dc=com ldap machine suffix = ou=Computers ldap user suffix= ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Users ldap filder = (uid=%u) ldap delete dn = yes #ldap admin dn = cn=miniadmin,ou=DSA,dc=prod,dc=blc,dc=com ldap admin dn = cn=Manager,dc=prod,dc=blc,dc=com #ldap ssl = start_tls ldap passwd sync = Yes idmap backend = ldap:ldap://ub1981wfx01 idmap uid = 15000-2 idmap gid = 15000-2 winbind separator = + [data] comment = Data path = /tmp read only = Yes guest ok = Yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] URGENT : NT4 Standalone server in a Samba-LDAP PDC
I have an urgent need, Is it possible to connect an NT4 Standalone server to a Samba-LDAP PDC ?? I am trying to do that but keep getting the same error when trying to change an NT4 standalone server to the Samba-LDAP PDC. Error message : The machine account for this computer either does not exist or is inaccessible. log.smbd : [2004/08/10 22:29:03, 5] lib/smbldap.c:smbldap_search(932) smbldap_search: base => [dc=prod,dc=blc,dc=com], filter => [(&(uid=NC1981WTX03$)(objectclass=sambaSamAccount))], scope => [2] [2004/08/10 22:29:03, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1157) ldapsam_getsampwnam: Unable to locate user [NC1981WTX03$] count=0 It creates a computer object in ldap but Samba seems to search for sambaSamAccount on this object after, which is not a class of the newly created computer object -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 PDC with LDAP backend problem
I am installing an Samba 3 PDC with an OpenLDAP backend. I am currently having a problem when I try to add a Windows workstation to the domain with the Administrator user or trying to connect to a share. I get the following error : [2004/07/29 13:35:22, 1] auth/auth_util.c:make_server_info_sam(822) User Administrator in passdb, but getpwnam() fails! [2004/07/29 13:35:22, 0] auth/auth_sam.c:check_sam_security(260) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' But the user exists in my ldap, because if I do this command : # getent passwd | grep Administrator Administrator:x:0:512:Netbios Domain Administrator:/home/:/bin/false nss_ldap is installed and configured proprely : # grep "ldap" /etc/nsswitch.conf passwd: files ldap group: files ldap # Here is my smb.conf [global] workgroup = DEV_BLC netbios name = ud1981wfx01 passdb backend = ldapsam:ldap://ud1981wfx01 #username map = /etc/samba/smbusers add user script = /usr/local/sbin/smbldap-useradd -m '%u' delete user script = /usr/local/sbin/smbldap-userdel %u add group script = /usr/local/sbin/smbldap-groupadd -p '%g' delete group script = /usr/local/sbin/smbldap-groupdel '%g' add user to group script = /usr/local/sbin/ \ smbldap-groupmod -m '%g' '%u' delete user from group script = /usr/local/sbin/ \ smbldap-groupmod -x '%g' '%u' set primary group script = /usr/local/sbin/ \ smbldap-usermod -g '%g' '%u' add machine script = /usr/local/sbin/smbldap-useradd -w '%u' #logon script = scripts\logon.bat #logon path = \\%L\Profiles\%U #logon drive = H: #logon home = \\%L\%U domain logons = Yes os level = 35 preferred master = Yes domain master = Yes ldap suffix = dc=blc,dc=com ldap machine suffix = ou=People ldap user suffix = ou=People ldap group suffix = ou=People ldap idmap suffix = ou=People ldap admin dn = cn=Manager,dc=blc,dc=com idmap backend = ldap:ldap://ud1981wfx01 ldap passwd sync = Yes idmap uid = 15000-2 idmap gid = 15000-2 winbind separator = + [share1] path = /tmp [share2] path = / browseable = Yes comment = Some random files Any idea ? - Francois -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] LD_LIBRARY_PATH
I have just compiled and installed Samba 3.0.4 on Solaris 7 SPARC but when I start nmbd and smbd as a deamon (using the -D option) I need to set LD_LIBRARY_PATH=/usr/local/lib first to link libldap.so.2 Is there a way to link these library at the configure or compilation step so I won't have to set my LD_LIBRARY_PATH variable when starting smbd or nmbd ? Thanks François Bousquet Email : [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 2 or Samba 3
Hello, I am planning using Samba (on Solaris 7) as a PDC for Windows NT4 & 2000 Server. Connecting it to a LDAP server. There will be 4 different PDC (1 in each DMZ) sharing the same username (same LDAP server). I want to know the major difference between Samba 2 and Samba 3, which one is more stable and which one would fix better in my architecture plans. Thanks François Bousquet Email : [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 2 x Samba PDC with LDAP
Hi everyone, I am trying to setup a centralized authentification for both Unix (Solaris 7, 8 & 9) and NT4/2000 servers located in 4 different DMZ. I am searching for a native solution on both Unix and Windows platform. LDAP is giving me this possibility with Unix (Solaris) but for Windows I have no choice but to use a PDC. But the use of this type of technology (PDC) between DMZ is not a good idea, because the number of port to open would nullify the DMZ security. So, I am looking to create a Samba PDC in each DMZ that would connect to a centralized LDAP server. Is is possible to connect 4 Samba PDC to the same LDAP server and that all PDC serve the same usernames and password ? Maybe BDC would help in this case, but they would not be able to connect to the PDC directly because of the DMZ, that's why I was looking for PDC. Thank you François Bousquet Counselor - Unix System Administrator Email : [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
