[Samba] Synchronization of passwords - ldap and samba
I've configured a LDAP/Samba server. I've got password syncing working partly: -- windows client - users can change their password and pam_smbpass.so will change the ldap password. -- LDAP server - user logs on to LDAP server, the ldap password can be changed and pam_smbpass.so will change the samba password. Here is the problem. On the linux client, the user can change his password using the passwd command, and the user's ldap password will be changed - but it doesn't seem to change the user's samba password. On the LDAP Server (SuSE 9.3), I'm using: /etc/pam.d/passwd #%PAM-1.0 auth includecommon-auth account includecommon-account password includecommon-password session includecommon-session password required pam_smbpass.so use_authtok use_first_pass /etc/samba/smb.conf ldap password sync = yes How can I get password syncing to work from both the linux and windows clients? The linux client is running ubuntu. Yasi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain Users and smbldap-useradd
> No, users can be in other groups you created, like "somecity", > "firstgroup" etc. - that's why the groups are, right? :) Yes, but do users have to be in the group "Domain Users" for samba to work properly? And in practice, is the default group for the user, "Domain Users"? -Yasee On 7/1/05, Tomasz Chmielewski <[EMAIL PROTECTED]> wrote: > linuxlady schrieb: > > I noticed that when I create users with smbldap-useradd, the default > > group is "Domain Users". > > > > Is this the best user/group default setup for Samba/LDAP? > > > > I'm more familar with the unix user/group setup like max/students or > > max/faculty. > > > > Does the user group have to be "Domain Users" when using Samba? > > No, users can be in other groups you created, like "somecity", > "firstgroup" etc. - that's why the groups are, right? :) > > > -- > Tomek > WPKG - use Samba to deploy software > http://wpkg.org > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Domain Users and smbldap-useradd
I noticed that when I create users with smbldap-useradd, the default group is "Domain Users". Is this the best user/group default setup for Samba/LDAP? I'm more familar with the unix user/group setup like max/students or max/faculty. Does the user group have to be "Domain Users" when using Samba? Thanks, Yasee smbldap-useradd -m -a username (where the username is max) hopper:/home/max # ls -la total 61 drwx-- 7 max Domain Users 576 Jul 1 14:11 . drwxr-xr-x 5 root root 120 Jun 30 13:27 .. -rw--- 1 max Domain Users0 May 18 1996 .bash_history -rw-r--r-- 1 max Domain Users 1294 Feb 1 07:42 .bashrc -rw-r--r-- 1 max Domain Users 208 Nov 17 1995 .dvipsrc -rw-r--r-- 1 max Domain Users 1637 Jan 25 2002 .emacs -rw-r--r-- 1 max Domain Users 1124 Feb 28 2000 .exrc drwxr-xr-x 2 max Domain Users 48 Mar 15 2003 .fonts -rw-r--r-- 1 max Domain Users 164 Nov 17 1995 .kermrc -rw-r--r-- 1 max Domain Users 6127 Nov 5 2004 .muttrc -rw-r--r-- 1 max Domain Users 934 Jul 17 2002 .profile -rw-r--r-- 1 max Domain Users 311 Jul 7 2000 .urlview -rw-r--r-- 1 max Domain Users 7913 Nov 30 1995 .xcoralrc drwxr-xr-x 2 max Domain Users 72 Jun 15 16:03 .xemacs -rw-r--r-- 1 max Domain Users 1940 Mar 22 09:50 .xim.template -rwxr-xr-x 1 max Domain Users 3191 Feb 21 10:19 .xinitrc.template -rw-r--r-- 1 max Domain Users 119 Oct 28 1997 .xtalkrc drwxr-xr-x 2 max Domain Users 80 Jun 15 16:03 Documents drwxr-xr-x 2 max Domain Users 48 Sep 2 2003 bin -rw--- 1 max Domain Users 59 Jun 30 13:56 createdsclient1.txt drwxr-xr-x 2 max Domain Users 80 Jun 15 16:03 public_html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] location of user profile
Why is it more secure to create a separate share for storing user profiles? I've tested using: [global] logon path = \\%L\profiles\%U [profiles] path = /var/lib/samba/profiles And this works fine. But, why not just put the profile in the home directory? I can see that a user might save a file on the desktop and then not be able to find it. When I previously used roaming profiles on a Windows Server, the location was in the user's profile directory. Is this so the user won't accidently delete their own profile in their home dir? What are the advantages of using a separate share for profiles? What are the problems in storing the roaming profile in the home directory? I'm using Samba with LDAP on SuSE, and will be using roaming profiles in a lab environment. Thanks, Yasee -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] location of roaming profile
Why is it more secure to create a separate share for storing user profiles? I've tested using: [global] logon path = \\%L\profiles\%U [profiles] path = /var/lib/samba/profiles And this works fine. But, why not just put the profile in the home directory? I can see that a user might save a file on the desktop and then not be able to find it. When I previously used roaming profiles on a Windows Server, the location was in the user's profile directory. Is this so the user won't accidently delete their own profile in their home dir? What are the advantages of using a separate share for profiles? What are the problems in storing the roaming profile in the home directory? I'm using Samba with LDAP on SuSE, and will be using roaming profiles in a lab environment. Thanks, Yasee -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba + LDAP NSS resolving
I'm sure it's not the docs, just me. I used the other docs from idealx because I had problems with the smbldap-tools - but I managed to solve those problems and add entries. I went back and checked the configuration for nss_ldap and pam_ldap - but it still didn't work. I'm using Chapter 5 of the Samba Docs: http://us3.samba.org/samba/docs/man/Samba-Guide/happy.html getent passwd | grep testuser1 In the logs: conn=120 op=0 RESULT tag=97 err=49 text= And the windows domain groups are not mapped to the UNIX groups: net groupmap list Domain Admins (S-1-5-21-306150234-1547186280-1464621331-512) -> 512 Domain Users (S-1-5-21-306150234-1547186280-1464621331-513) -> 513 Domain Guests (S-1-5-21-306150234-1547186280-1464621331-514) -> 514 Domain Computers (S-1-5-21-306150234-1547186280-1464621331-515) -> 515 Administrators (S-1-5-32-544) -> 544 Account Operators (S-1-5-32-548) -> 548 Print Operators (S-1-5-32-550) -> 550 Backup Operators (S-1-5-32-551) -> 551 Replicators (S-1-5-32-552) -> 552 Maybe I should just start over. Where in the samba docs would be a good place to start for using Samba with LDAP? This is the second time I've started over already - I've never gotten it to work completely. Thanks, Yasi On 6/13/05, John H Terpstra <[EMAIL PROTECTED]> wrote: > On Monday 13 June 2005 19:58, linuxlady wrote: > > I'm using the howto from idealx and the samba-guide to configure a > > samba server with LDAP backend. > > I am the author of the Samba-Guide. Frankly, if my documentation does not > solve your problem then it is broken and useless! You should not need more > documentation than the official Samba documentation. > > Please help me to understand what is broken. I humbly apologize that my > documentation is so bad. > > > > > The config works fine until I get to the step: > > Which document are you following, which section, and which step number? > > > > > getent passwd | grep root > > > > It doesn't query any of the LDAP entries that were added with > > smbldap-populate or smbldap-useradd - it only returns local entries. > > This means that your nss_ldap library is either defective - or is > mis-configured. > > > > > I've checked the nsswitch.conf, ldap.conf, smbldap.conf, log files. > > > > I can query the ldap database directly and see the entries. > > > > What could be the problem? What else can I check? > > Well, lots! You will need to be more specific - in fact completely specific > about every step you have followed. The Samba-Guide was recently updated > using SUSE 9.3 professional - So I know it can work! > > In the technical discussion in chapter 5 I have detailed how to debug LDAP and > NSS_LDAP operation. Which of those steps have you followed to diagnose the > problem? > > > > > I'm using SuSE 9.3, Samba 3.0.13-1.1, openLDAP 2.2.23-6, > > smbldap-tools-0.91. > > - John T. > -- > John H Terpstra > Samba-Team Member > Phone: +1 (650) 580-8668 > > Author: > The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 > Samba-3 by Example, ISBN: 0131472216 > Hardening Linux, ISBN: 0072254971 > Other books in production. > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba + LDAP NSS resolving
I'm using the howto from idealx and the samba-guide to configure a samba server with LDAP backend. The config works fine until I get to the step: getent passwd | grep root It doesn't query any of the LDAP entries that were added with smbldap-populate or smbldap-useradd - it only returns local entries. I've checked the nsswitch.conf, ldap.conf, smbldap.conf, log files. I can query the ldap database directly and see the entries. What could be the problem? What else can I check? I'm using SuSE 9.3, Samba 3.0.13-1.1, openLDAP 2.2.23-6, smbldap-tools-0.9.1 Thanks, Yasee -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
