Hi Daniel
Original - Text
I have to say I run on OpenSUSE 11.4 and I hate it for doing things not
transparent to the user like shown in the config file below.
Did you getent passwd and getent group.
And all ldap users and groups are shown up?
I can confirm this.
Did you do at least install an ldap-client and ldapauth on your linux box?
Yes for the ldap-client and no for ldapauth - haven't even heard of it
so far. I am able to log in using a ldap user which is not locally
defined at the samba box, if this answers the background of your question.
Do you talk to ldap with winbind, ldapsam:editposix?
It is ldapsam, here is an extract of my smb.conf:
passdb backend = ldapsam:ldap://ldap.mytld.de
set primary group script = ldapsmb -m -u %u -gid %g
add machine script = /sbin/yast /usr/share/YaST2/data/add_machine.ycp %m$
logon path = \\%L\profiles\.msprofile
logon drive = P:
logon home = \\%L\%U\.9xprofile
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
ldap admin dn = cn=Manager,dc=mytld,dc=de
ldap group suffix = ou=Group
ldap machine suffix = ou=Computers
ldap passwd sync = yes
ldap suffix = dc=mytld,dc=de
ldap ssl = no #testing only
ldap user suffix = ou=People
Your answer opened my eyes and I started wondering about the add
machine script and the set primary group script entries in my config.
I even do not have the ldapsmb rpm installed on the file server, but it
is installed (automatically by YaST) at the ldap box. I never used it,
it must have been installed and configured by YaST automatically.
Also it is not clear to me, why one need the add machine scpript. I
digged into the code and saw that it will read my smb.conf, get the
password from secret.tdb, do a connection to my ldap server, add a user
and a machine below Computers in the DIT.
[snip]
mapstring,any config_map = $[
bind_pw : passwd,
bind_dn : bind_dn,
user_base : ldap_machine_suffix+,+ldap_suffix,
type : ldap,
plugins: [ UsersPluginLDAPAll, UsersPluginSamba ],
];
mapstring,any data_map = $[
uid : value,
givenName : Machine,
cn : value,
sn : Machine,
userPassword : *,
loginShell : /bin/false,
homeDirectory : /var/lib/nobody,
create_home : false,
];
// add the user
y2milestone (YaPI::USERS::UserAdd (config_map, data_map) );
[snip]
Please tell me what is going on in the background so that I am able to
understand what to do. As said before, connecting the ldap server and
gathering information from there seems to work since I am able to see it
in the smb logs.
Is there a maybe a sequence diagramm available about what is going on
when a share wants to be opened? I saw something for winbind with unix
UID to samba SID but I got confused. It is not clear to me, when using
winbind. Also your Question
Do you talk to ldap with winbind, ldapsam:editposix? in this context
is not clear to me. Does it mean either winbind or ldapsam should be
used or are they used together?
I guess I go and find me a serious job...
Thanks.
-fuz
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
