RE: [Samba] Samba+LDAP - so close yet so far:) ...STILL NOTSOLVED
Yes, running RH 8, samba 3.0.0, openldap 2.1.30, Berkeley DB 4.2.52. Seems to work fine. ldap suffix = dc=tow,dc=net ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap admin dn = cn=admin,dc=tow,dc=net Kent N Hi, ldap admin dn = cn=root,dc=juwimm,dc=local ldap suffix = ou=juwidc01,dc=juwimm,dc=local ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=machines Works well with samba 3.0.2a on a suse 9.0 machine Is there anyone succes with place Users and Computers in different ou's ? regards reza -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba+LDAP - so close yet so far :) ...STILL NOTSOLVED
Dear lists... But this still un-solved the real problem to join w2k to samba3-ldap . I'm here with the same situation. I even switch my distro to SuSe with same result, still cant join domain. Please give us hint how to solve or debug this problem. you will need to work through the examples in the Samba How-to http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/ I haven't a clue where you are at or what your problem is Craig My Problem is, i cant join my w2k machine to Samba-Ldap Server. Error from w2k machine is Logon Failure bad user name and password when try join with Administrator account and right passwor My Linux is Fedora Core 2 with samba-3.0.3-5, openldap-2.1.29-1 and smbldap-tools-0.8.5-1 My configuration are: #smb.conf### # Global parameters [global] workgroup = MRAGROUP netbios name = PDC-SMB3 interfaces = 172.16.0.237 username map = /etc/samba/smbusers #admin users= @Domain Admins server string = Samba Server %v security = user encrypt passwords = Yes min passwd length = 3 obey pam restrictions = No #unix password sync = Yes #passwd program = /usr/local/sbin/smbldap-passwd -u %u #passwd chat = Changing password for*\nNew password* %n\n *Retype new password* %n\n ldap passwd sync = Yes log level = 5 syslog = 0 log file = /var/log/samba/log.%m max log size = 10 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 logon script = logon.bat logon drive = H: logon home = logon path = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes passdb backend = ldapsam:ldap://127.0.0.1/ # passdb backend = ldapsam:ldap://127.0.0.1/ ldap://slave.idealx.com; # ldap filter = ((objectclass=sambaSamAccount)(uid=%u)) #ldap admin dn = cn=samba,ou=Users,dc=idealx,dc=org ldap admin dn = cn=Manager,dc=mragroup,dc=net ldap suffix = dc=mragroup,dc=net ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users #ldap ssl = start tls add user script = /usr/local/sbin/smbldap-useradd -m %u ldap delete dn = Yes #delete user script = /usr/local/sbin/smbldap-userdel %u add machine script = /usr/local/sbin/smbldap-useradd -w %u add group script = /usr/local/sbin/smbldap-groupadd -p %g #delete group script = /usr/local/sbin/smbldap-groupdel %g add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u # printers configuration printer admin = @Print Operators load printers = Yes create mask = 0640 directory mask = 0750 nt acl support = No printing = cups printcap name = cups deadtime = 10 guest account = nobody map to guest = Bad User dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd show add printer wizard = yes ; to maintain capital letters in shortcuts in any of the profile folders: preserve case = yes short preserve case = yes case sensitive = no [homes] comment = repertoire de %U, %u read only = No create mask = 0644 directory mask = 0775 browseable = No [netlogon] path = /home/netlogon/ browseable = No read only = yes [profiles] path = /home/profiles read only = no create mask = 0600 directory mask = 0700 browseable = No guest ok = Yes profile acls = yes csc policy = disable # next line is a great way to secure the profiles force user = %U # next line allows administrator to access all profiles valid users = %U @Domain Admins [printers] comment = Network Printers printer admin = @Print Operators guest ok = yes printable = yes path = /home/spool/ browseable = No read only = Yes printable = Yes print command = /usr/bin/lpr -P%p -r %s lpq command = /usr/bin/lpq -P%p lprm command = /usr/bin/lprm -P%p %j [print$] path = /home/printers guest ok = No browseable = Yes read only = Yes valid users = @Print Operators write list = @Print Operators create mask = 0664 directory mask = 0775 [public] comment = Repertoire public path = /home/public browseable = Yes guest ok
RE: [idx-smbldap-tools ] RE: [Samba] Samba+LDAP - so close yet so far :) ...STILL NOTSOLVED
Partially Solved: http://lists.samba.org/archive/samba/2004-May/085233.html thanks om Wisnu... Is there anyone succes with place Users and Computers in different ou's ? regards reza -Original Message- From: Mohammad Reza Sent: Thu 7/22/2004 1:56 PM To: Craig White; [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: Subject:[idx-smbldap-tools ] RE: [Samba] Samba+LDAP - so close yet so far :) ...STILL NOTSOLVED Dear lists... But this still un-solved the real problem to join w2k to samba3-ldap . I'm here with the same situation. I even switch my distro to SuSe with same result, still cant join domain. Please give us hint how to solve or debug this problem. you will need to work through the examples in the Samba How-to http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/ I haven't a clue where you are at or what your problem is Craig My Problem is, i cant join my w2k machine to Samba-Ldap Server. Error from w2k machine is Logon Failure bad user name and password when try join with Administrator account and right passwor My Linux is Fedora Core 2 with samba-3.0.3-5, openldap-2.1.29-1 and smbldap-tools-0.8.5-1 My configuration are: #smb.conf### # Global parameters [global] workgroup = MRAGROUP netbios name = PDC-SMB3 interfaces = 172.16.0.237 username map = /etc/samba/smbusers #admin users= @Domain Admins server string = Samba Server %v security = user encrypt passwords = Yes min passwd length = 3 obey pam restrictions = No #unix password sync = Yes #passwd program = /usr/local/sbin/smbldap-passwd -u %u #passwd chat = Changing password for*\nNew password* %n\n *Retype new password* %n\n ldap passwd sync = Yes log level = 5 syslog = 0 log file = /var/log/samba/log.%m max log size = 10 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 logon script = logon.bat logon drive = H: logon home = logon path = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes passdb backend = ldapsam:ldap://127.0.0.1/ # passdb backend = ldapsam:ldap://127.0.0.1/ ldap://slave.idealx.com; # ldap filter = ((objectclass=sambaSamAccount)(uid=%u)) #ldap admin dn = cn=samba,ou=Users,dc=idealx,dc=org ldap admin dn = cn=Manager,dc=mragroup,dc=net ldap suffix = dc=mragroup,dc=net ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users #ldap ssl = start tls add user script = /usr/local/sbin/smbldap-useradd -m %u ldap delete dn = Yes #delete user script = /usr/local/sbin/smbldap-userdel %u add machine script = /usr/local/sbin/smbldap-useradd -w %u add group script = /usr/local/sbin/smbldap-groupadd -p %g #delete group script = /usr/local/sbin/smbldap-groupdel %g add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u # printers configuration printer admin = @Print Operators load printers = Yes create mask = 0640 directory mask = 0750 nt acl support = No printing = cups printcap name = cups deadtime = 10 guest account = nobody map to guest = Bad User dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd show add printer wizard = yes ; to maintain capital letters in shortcuts in any of the profile folders: preserve case = yes short preserve case = yes case sensitive = no [homes] comment = repertoire de %U, %u read only = No create mask = 0644 directory mask = 0775 browseable = No [netlogon] path = /home/netlogon/ browseable = No read only = yes [profiles] path = /home/profiles read only = no create mask = 0600 directory mask = 0700 browseable = No guest ok = Yes profile acls = yes csc policy = disable # next line is a great way to secure the profiles force user = %U # next line allows administrator to access all profiles valid users = %U @Domain Admins [printers] comment = Network Printers printer admin = @Print Operators guest ok = yes printable = yes path = /home/spool/ browseable = No read only = Yes printable = Yes print command = /usr/bin/lpr -P%p -r %s
RE: [Samba] Samba+LDAP - so close yet so far:) ...STILL NOTSOLVED
Hi, ldap admin dn = cn=root,dc=juwimm,dc=local ldap suffix = ou=juwidc01,dc=juwimm,dc=local ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=machines Works well with samba 3.0.2a on a suse 9.0 machine Is there anyone succes with place Users and Computers in different ou's ? regards reza -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba+LDAP - so close yet so far:) ...STILL NOTSOLVED
What does your ldap.conf (or pam_ldap.conf or libnss-ldap.conf) looks like? I assume It is something like this: nss_base_passwd dc=juwimm,dc=local?sub nss_base_shadow dc=juwimm,dc=local?sub nss_base_group ou=Groups,dc=juwimm,dc=local?one Wich, unless you have ldap for samba only, is not a very good idea. You should have something like: nss_base_passwd ou=Samba,dc=juwimm,dc=local?sub nss_base_shadow ou=Samba,dc=juwimm,dc=local?sub nss_base_group ou=Groups,dc=juwimm,dc=local?one and use: ou=users,ou=Samba,dc=juwimm,dc=local for your users. ou=machines,ou=Samba,dc=juwimm,dc=local for the computers. and put: ldap user suffix = ou=users,ou=Samba ldap machine suffix = ou=machines,ou=Samba in your smb.conf This way you can even have different samba PDCs in the same ldap, using different ou (let's say that you have 4 domains in your network (different network segments, maybe), then you can keep them independent one of the other, and still have a central user administration/storage). Or, off course, different services sharing the same ldap directory. Andre Helberg wrote: Hi, ldap admin dn = cn=root,dc=juwimm,dc=local ldap suffix = ou=juwidc01,dc=juwimm,dc=local ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=machines Works well with samba 3.0.2a on a suse 9.0 machine Is there anyone succes with place Users and Computers in different ou's ? regards reza -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba