Except for the ldap.conf file, my machine was well configured. But I
learned that nsswitch is not yet fully implemented in DragonFly BSD, the
OS I use. So I guess this is why it won't work. Fortunatly, Samba works
great as a simple print/file manager, but it's not fully fonctionnal
here as a domain server.
Thanks for the answer.
SR
Nelson Vale a écrit :
If your Samba is running as a PDC, and you are logged in the samba domain,
you
are able to list the LDAP users in the shares or files security tab, and you
don't need winbind. All you need is nsswitch.conf configured with:
# /etc/nsswitch.conf
#
passwd: files ldap
group: files ldap
shadow: files ldap
Plus ldap.conf like:
bindpw
binddn xxx
uri ldap://xxx.xxx.xxx.xxx
base dc=local,dc=loc
rootbinddn x
host 127.0.0.1
ldap_version 3
scope one
ssl no
pam_login_attribute uid
pam_member_attribute gid
pam_password md5
nss_base_passwd dc=local,dc=loc?sub
nss_base_shadow dc=local,dc=loc?sub
nss_base_group ou=Groups,dc=local,dc=loc?one
In smb.conf you need to put something like:
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
ldap suffix = dc=local,dc=loc
ldap admin dn = cn=xx
ldap idmap suffix = ou=Idmap
Your LDAP must also have the default samba Domain Groups.
Em Thursday 06 December 2007 20:29, o Shammah Chancellor escreveu:
Hi,
Problem:
I seem to be able to add users to ACLs from windows due to an Name Not
Found error when looking up a username. According to what I have been
able to find, you cannot browse users on a samba server from windows
without winbind and security = domain/ads. However, winbind does not
have any place in my environment aside from remedying this problem. Is
there some alternative to enable this feature, or method of setting up
winbind that is innocuous in my environment while maintaining security
= user?
Background on the Environment:
I am running Samba 3.0.25c on Solaris 10u4 with security = user.I
am using the vfs object zfsacl to enable ACL support on my zfs
filesystem. We use LDAP as a password backend, which also stores
sambaSIDs for every user. SIDs and unix UIDs are synchronized across
all the samba servers because they all use the same LDAP backend.
Thanks in advance!
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba