Re: [Samba] net sam provision and samba 3.4.0
thank you ! But what's net idmap secret alloc password ? Is it different from smbpasswd -w ? man net says : Store a secret for the specified domain, used primarily for domains that use idmap_ldap as a backend. In this case the secret is used as the password for the user DN used to bind to the ldap server. hmmm... -Ursprüngliche Nachricht- Von: David Markey [mailto:dmar...@dodds.dmarkey.com] Gesendet: Montag, 7. September 2009 00:53 An: Zeller, Jan Cc: samba@lists.samba.org Betreff: Re: [Samba] net sam provision and samba 3.4.0 These are the settings i use: [global] workgroup = TESTDOM encrypt passwords = true passdb backend = ldapsam:ldapi:/// domain logons = yes ldapsam:trusted=yes ldapsam:editposix=yes restrict anonymous = 0 log level = 10 log file = /var/log/samba ldap admin dn = cn=admin,dc=samba,dc=org ldap delete dn = yes ldap passwd sync = yes ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap user suffix = ou=users ldap suffix = dc=samba,dc=org ldap ssl = off logon path = template homedir = /home/%U template shell = /bin/bash idmap backend = ldap:ldapi:/// idmap uid = 100-199 idmap gid = 100-199 idmap alloc backend = ldap idmap alloc config : ldap_url = ldapi:/// idmap alloc config : ldap_base_dn = ou=idmap,dc=samba,dc=org idmap alloc config : ldap_user_dn = cn=admin,dc=samba,dc=org Don't forget net idmap secret alloc password -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] net sam provision and samba 3.4.0
Yes smbpasswd -w is for user/group/domain information. net idmap secret alloc is specifically for the idmap part of the directory. IMO if there is no idmap password set, it should fall back to the global ldap dn/password. On Mon, 7 Sep 2009 08:35:20 +0200, Zeller, Jan jan.zel...@id.unibe.ch wrote: thank you ! But what's net idmap secret alloc password ? Is it different from smbpasswd -w ? man net says : Store a secret for the specified domain, used primarily for domains that use idmap_ldap as a backend. In this case the secret is used as the password for the user DN used to bind to the ldap server. hmmm... -Ursprüngliche Nachricht- Von: David Markey [mailto:dmar...@dodds.dmarkey.com] Gesendet: Montag, 7. September 2009 00:53 An: Zeller, Jan Cc: samba@lists.samba.org Betreff: Re: [Samba] net sam provision and samba 3.4.0 These are the settings i use: [global] workgroup = TESTDOM encrypt passwords = true passdb backend = ldapsam:ldapi:/// domain logons = yes ldapsam:trusted=yes ldapsam:editposix=yes restrict anonymous = 0 log level = 10 log file = /var/log/samba ldap admin dn = cn=admin,dc=samba,dc=org ldap delete dn = yes ldap passwd sync = yes ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap user suffix = ou=users ldap suffix = dc=samba,dc=org ldap ssl = off logon path = template homedir = /home/%U template shell = /bin/bash idmap backend = ldap:ldapi:/// idmap uid = 100-199 idmap gid = 100-199 idmap alloc backend = ldap idmap alloc config : ldap_url = ldapi:/// idmap alloc config : ldap_base_dn = ou=idmap,dc=samba,dc=org idmap alloc config : ldap_user_dn = cn=admin,dc=samba,dc=org Don't forget net idmap secret alloc password -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] net sam provision and samba 3.4.0
These are the settings i use: [global] workgroup = TESTDOM encrypt passwords = true passdb backend = ldapsam:ldapi:/// domain logons = yes ldapsam:trusted=yes ldapsam:editposix=yes restrict anonymous = 0 log level = 10 log file = /var/log/samba ldap admin dn = cn=admin,dc=samba,dc=org ldap delete dn = yes ldap passwd sync = yes ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap user suffix = ou=users ldap suffix = dc=samba,dc=org ldap ssl = off logon path = template homedir = /home/%U template shell = /bin/bash idmap backend = ldap:ldapi:/// idmap uid = 100-199 idmap gid = 100-199 idmap alloc backend = ldap idmap alloc config : ldap_url = ldapi:/// idmap alloc config : ldap_base_dn = ou=idmap,dc=samba,dc=org idmap alloc config : ldap_user_dn = cn=admin,dc=samba,dc=org Don't forget net idmap secret alloc password The docs should probably be updated. On Sun, 6 Sep 2009 21:16:59 +0200, Zeller, Jan jan.zel...@id.unibe.ch wrote: Dear list, i had some problems with net sam provision using samba 3.4.0 I followed the instructions described on http://wiki.samba.org/index.php/Ldapsam_Editposix and those published by iX 4-6/2008 (www.ix.de) but the result of net sam provision was always : # bin/net sam provision Checking for Domain Users group. Adding the Domain Users group. Unable to allocate a new gid to create Domain Users group! Checking for Domain Admins group. Adding the Domain Admins group. Unable to allocate a new gid to create Domain Admins group! Check for Administrator account. Adding the Administrator user. Can't create Administrator user, Domain Admins group not available! The only configuration which is working under 3.4.0 regarding net sam provision seems to be : [global] workgroup = MYDOM netbios name = passdb backend = ldapsam:ldap://yoda.home.lan ldap admin dn = cn=ldapadm,o=it,dc=home,dc=lan ldap suffix = o=it,dc=home,dc=lan ldap ssl = no idmap alloc backend = ldap idmap uid = 1-1 idmap gid = 1-1 idmap config MYDOM : range = 2-2 idmap config MYDOM : backend = ldap idmap alloc config:ldap_url = ldap://yoda.home.lan idmap alloc config:ldap_user_dn = cn=ldapadm,o=it,dc=home,dc=lan idmap alloc config:ldap_base_dn = o=it,dc=home,dc=lan ldapsam:editposix = yes ldapsam:trusted = yes If I omit idmap uid = idmap gid = I obtain the error message mentioned above. The only info I get about that problem is from : Michael Adam (Samba Team, SerNet): ID Mapping Re-Revisited (sambaxp.org) idmap domains seem to be obsolete. testparm always complains about : Unknown parameter encountered: idmap domains Ignoring unknown parameter idmap domains Honestly I don't understand the difference between idmap alloc backend = and idmap backend = idmap alloc backend (G) The idmap alloc backend provides a plugin interface for Winbind to use when allocating Unix uids/gids for Windows SIDs. This option is to be used in conjunction with the idmap domains parameter and refers to the name of the idmap module which will provide the id allocation functionality. idmap backend (G) The idmap backend provides a plugin interface for Winbind to use varying backends to store SID/uid/gid mapping tables. This option is mutually exclusive with the newer and more flexible idmap domains parameter. The main difference between the idmap backend and the idmap domains is that the former only allows one backend for all domains while the latter supports configuring backends on a per domain basis. Quite confusing for people like me ... kind regards, Jan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] net sam provision
On Tue, Feb 24, 2009 at 11:28:15PM +0100, s...@gmx-topmail.de wrote: What prerequisites are there to make this command work? I would really like to use this feature as I would like to administrate the Domain with the NT4 ResKit-Tools srvmgr und usrmgr. winbind must run and have a idmap ranges to work from. Volker pgpKB2Ug3ZSzN.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
