[Samba] Re: security = user, LDAP, and adding users to ACLs

2007-12-11 Thread Stephane Russell 
Except for the ldap.conf file, my machine was well configured. But I
learned that nsswitch is not yet fully implemented in DragonFly BSD, the
OS I use. So I guess this is why it won't work. Fortunatly, Samba works
great as a simple print/file manager, but it's not fully fonctionnal
here as a domain server.

Thanks for the answer.

SR

Nelson Vale a écrit :
 If your Samba is running as a PDC, and you are logged in the samba domain, 
 you 
 are able to list the LDAP users in the shares or files security tab, and you 
 don't need winbind. All you need is nsswitch.conf configured with:
 
 # /etc/nsswitch.conf 
 # 
  
 passwd: files   ldap 
 group:  files   ldap 
 shadow: files   ldap
 
 
 Plus ldap.conf like:
 
 bindpw 
 binddn xxx
 uri ldap://xxx.xxx.xxx.xxx
 base dc=local,dc=loc 
 rootbinddn x
 host 127.0.0.1 
 ldap_version 3 
 scope one 
 ssl no 
 pam_login_attribute uid 
 pam_member_attribute gid 
 pam_password md5 
 nss_base_passwd dc=local,dc=loc?sub 
 nss_base_shadow dc=local,dc=loc?sub 
 nss_base_group ou=Groups,dc=local,dc=loc?one
 
 
 
 In smb.conf you need to put something like:
 
 ldap user suffix = ou=People
 ldap machine suffix = ou=Computers 
 ldap group suffix = ou=Groups
 ldap suffix = dc=local,dc=loc
 ldap admin dn = cn=xx 
 ldap idmap suffix = ou=Idmap
 
 
 Your LDAP must also have the default samba Domain Groups.
 
 
 Em Thursday 06 December 2007 20:29, o Shammah Chancellor escreveu:
 Hi,

 Problem:

 I seem to be able to add users to ACLs from windows due to an Name Not
 Found error when looking up a username.  According to what I have been
 able to find, you cannot browse users on a samba server from windows
 without winbind and security = domain/ads.   However, winbind does not
 have any place in my environment aside from remedying this problem.   Is
 there some alternative to enable this feature, or method of setting up
 winbind that is innocuous in my environment while maintaining security
 = user?

 Background on the Environment:

 I am running Samba 3.0.25c on Solaris 10u4 with security = user.I
 am using the vfs object zfsacl to enable ACL support on my zfs
 filesystem.  We use LDAP as a password backend, which also stores
 sambaSIDs for every user.  SIDs and unix UIDs are synchronized across
 all the samba servers because they all use the same LDAP backend.

 Thanks in advance!

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Error: session setup failed: Call returned zero bytes (EOF)

2007-12-10 Thread Stephane Russell 
Hello,

I've just upgraded to samba-3.0.26a on my BSD machine. The older
version (3.0.22) was working right, but this version is giving me
problems. My
server is configureg with a LDAP server. When I do, for example, a
smbclient -Lserver, it gives me this output:

---
Domain=[GALAXIE] OS=[Unix] Server=[Samba 3.0.26a]

Sharename   Type  Comment
-     ---
domicileDisk  Repertoire domicile des usagers
groupes Disk  Repertoire des groupes
appsDisk  Applications partagees
install Disk  Installations
ftp Disk  Repertoire ftp
IPC$IPC   IPC Service (DragonFlyBSD Samba Server)
impgal01Printer   HP LaserJet 5L
session setup failed: NT_STATUS_LOGON_FAILURE
NetBIOS over TCP disabled -- no workgroup available
---

When I try a second time, it then gives me this:

---
Receiving SMB: Server stopped responding
session setup failed: Call returned zero bytes (EOF)
---

I have to restart it to get the first output once. If I start winbindd,
it's showing the second output only. The configuration I'm using was
working as is, right before I upgraded. Is this issue known?

I've trie the latest version, 3.0.27, with the same results. I moved
back to 3.0.22, then everything was fine again. But sooner or later, my
samba will have to be upgraded (depedency matter), so I'm wondering what
I can do to solve that problem. LDAP version is 2.3.38.

Note: Since 3.0.22, the option ldap_compat has disapear in the
compilation options. Even if I'm using a valid LDAPv3 schema, is it
possible that it could be related in some way?

Thanks for any help.

SR



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba