[Samba] Would BDC Sync with Local Passwd?
Hi All, I have a Samba PDC on my Suse 9.3 machine serving up to 25 clients with a OpenLdap backend.The samba user password also *sync's with the LDAP Password and the Local User password*. All Samba users also have a local user account which is used by IMAP Server Accounts Cyrus Authentication on the same machine. (So, One Password to email and samba for all users, if the user changes his password from the client machine all the passwords are synchronized). Recently I have setup a BDC as well which is working fine with the OpenLdap Replica. I would like to know whether the Samba BDC will also synchronizes with the local user password on the BDC machine. My Replica LDAP is updated on the BDC but am not sure whether the local user password is updated by the BDC in the same way as the PDC does. (all user accounts are also created on the BDC machine.). Thank's in advance. cheers, Pavan. -- Pavan Krishna L Systems Administrator Diversity Arrays Technology Pty Ltd Ph: +61 2 6281 8512 Fax: +61 2 6281 8533 Mob: +61 423 411 281 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Promoting Samba BDC to PDC
Hi Adrian, Thank you for your reply. Yeah i have done what you have described already, but the problem is that my client machine is not able to detect the BDC, though my testparm on the BDC shows me no errors. And yes the LDAP administrative password is stored in secrets.tdb else i cannot join my client machine to the domain and cannot even make changes to the ldapsam database with the admindn user. Do you think i need to add something else on the Samba BDC file, following are my configuration settings for the BDC using the replicated ldapsam database. [global] workgroup = testdom interfaces = 127.0.0.1/255.255.255.0 192.168.9.238 printing = cups printcap name = cups printer admin = @ntadmin, root, administrator map to guest = Bad User security = user encrypt passwords = yes allow trusted domains = yes server string = Samba Server add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ domain master = no admin users = root hosts allow=192.168.9. 255.255.255. localhost remote announce=192.168.9.255 domain logons = yes preferred master=no enhanced browsing=yes local master = yes unix password sync = no passwd program = /bin/passwd %u ldap passwd sync = yes ldap delete dn = no pam password change = yes preferred master = yes os level = 65 ldap suffix = dc=dart,dc=com ldap user suffix = ou=People ldap group suffix = ou=Group passdb backend = ldapsam:ldap://localhost netbios name = dartlinux username map = /etc/samba/smbusers logon home = \\%L\%U\.profile logon drive = H: logon path = \\%L\profiles\%U logon script = netlogon.bat wins support = yes log file = /var/log/samba/log.%m log level = 5 ldap admin dn = uid=root,ou=People,dc=dart,dc=com idmap backend = ldap:ldap://localhost ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers thanks, pavan. adrian sender wrote: Hello Pavan Firstly have you been following the samba guide - Samba 3 by example by John Terpstra. Chapter 5. You must now set the LDAP administrative password into the Samba-3 secrets.tdb file by executing this command: root# smbpasswd -w not24get Setting stored password for cn=Manager,dc=abmas,dc=biz in secrets.tdb Now you must obtain the domain SID from the PDC and store it into the secrets.tdb file also. This step is not necessary with an LDAP passdb backend because Samba-3 obtains the domain SID from the sambaDomain object it automatically stores in the LDAP backend. It does not hurt to add the SID to the secrets.tdb, and if you wish to do so, this command can achieve that: root# net rpc getsid MEGANET2 Storing SID S-1-5-21-3504140859-1010554828-2431957765 \ for Domain MEGANET2 in secrets.tdb Regards, Adrian Sender. --- Hi All, Has any one got an idea of how to make clients automatically find the BDC when the PDC is stopped. Both PDC and BDC are running by Samba authenticating again a LDAPSAM backend replicated on both the PDC with master LDAP database and BDC with replicated LDAP database. But when I stop PDC the clients are not detecting the BDC broadcast. I can see that the replication is of the OpenLDAP data is perfect. Any idea of where i may be wrong?? thankx in advance. pavan. --- -- Pavan Krishna L Systems Administrator Diversity Arrays Technology Pty Ltd Ph: +61 2 6281 8512 Fax: +61 2 6281 8533 Mob: +61 423 411 281 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT MD4 password check failed
hi, check the permission settings on the share or the home directory, Check your global settings: logon home = \\%L\%U\.profile logon drive = H: and the permissions on the share: [homes] comment = Home Directories valid users = %U writeable = yes browseable = no read only = no guest ok = no printable = no and it can only be mapped automatically if your PC is the domain member else you have to go to run and type \\samba server name and see whether you are able to see your home directory. I used to have this error if the smbpassword is different from the Linux Local user password. Vincente Aggrippino wrote: I'm sorry for asking a question which has been asked so many times before, but I can't seem to find the answer... How do I get to access my home directory on a Linux server running Samba from a Windows XP client? I'm getting NT MD4 password check failed in the log file even though the Windows client is listed in hosts.equiv. More information below... I have a small home network consisting of a Linux (SuSE 10.0) server and two Windows XP clients. Since I can't get things working properly, I've added log level = 10 to my smb.conf. The two users on my network are my wife and myself. I want to map drive H (for home :)) on the Windows clients to the home directory on the Linux server. So, I have a standard [homes] section in my smb.conf. Both of the accounts on the clients have a capitalized first letter and the Linux usernames are all lowercase. So, I have added the usernames to /etc/samba/smbusers so that the Windows username will map properly to the Linux usernames. This seems to be working properly: [2005/11/17 11:37:29, 10] lib/username.c:user_in_list(583) user_in_list: checking user Vince in list [2005/11/17 11:37:29, 10] lib/username.c:user_in_list(587) user_in_list: checking user |Vince| against |Vince| [2005/11/17 11:37:29, 3] lib/username.c:map_username(212) Mapped user Vince to vince Neither of our accounts on the Windows XP clients have passwords. We just use the Welcome screen and click on our names. So, I have added the host names to /etc/hosts.equiv and added hosts equiv = /etc/hosts.equiv to smb.conf so that, when the client tries to connect to the server it shouldn't need to provide a password to go with the username. This is the part that doesn't seem to be working: [2005/11/17 11:37:29, 9] passdb/passdb.c:pdb_update_autolock_flag(2333) pdb_update_autolock_flag: Account vince not autolocked, no check needed [2005/11/17 11:37:29, 4] libsmb/ntlm_check.c:ntlm_password_check(326) ntlm_password_check: Checking NT MD4 password [2005/11/17 11:37:29, 3] libsmb/ntlm_check.c:ntlm_password_check(344) ntlm_password_check: NT MD4 password check failed for user vince Does anyone know the solution to this problem? Thank you, Vince Aggrippino [EMAIL PROTECTED] -- Pavan Krishna L Systems Administrator Diversity Arrays Technology Pty Ltd Ph: +61 2 6281 8512 Fax: +61 2 6281 8533 Mob: +61 423 411 281 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OpenLDAP and SAMBA
I have done the similar in my company and had the same problem, I have now a centralized authentication of the linux local user, email and samba user. You need to check for the ACS's in the slapd.conf file first, making sure that every one has the full rights on their account in LDAP and the root or ldap admin has the full rights on all the records in the ldap. then make the changes in the nssswitch.conf file and then change the entries in the /etc/pam.d directory for samba login passwd files. this should solve your problem but when playing with pam.d directory, make sure you are logged in some other terminal as you may lock yourself. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba