[Samba] re: editposix setup
Gunnar Thielebein
gunnar at thielebein.net
Thu Dec 20 11:12:35 GMT 2007
Oh dear,
I apologise for my typo in subject.
Obviously it should mean: EDITPOSIX SETUP.
> Hi,
>
> i've setup the samba environment like described in the wiki:
> http://wiki.samba.org/index.php/Ldapsam_Editposix
>
> I can now easily add windows user / machines when using the policies for
> "Administrator".
>
> I have also setup unix account session auth via libpam_ldap, libnss_ldap
> like described here:
>
> http://www.gentoo.org/doc/en/ldap-howto.xml
>
> Some things i dont understand:
>
> 1. How is the unix password set for the windows users?
> When i su <winusername> it is not accepting the win password.
> I also tried editing the unix password via ldap-account-manager but also
> with no luck.
>
> Is a unix password set in general when creating new accounts?
>
> With my unixuseraccounts migrated to ldap via migrationsscipt (the ones
> used in the gentoo article) it is possible to su <username>.
>
> 2. How do I make a sambadomain user out of such a migrated unix user?
>
> 3. When creating accounts the user homes per default points to
> /home/domainname/user. How can I change that?
>
> Thanks for any reply/feedback for my configs
>
> Gunnar
>
> my smb.conf:
> ---
> [global]
> #pdc
> netbios name = TIGGER
> workgroup = th-domain
> domain logons = yes
>
> #path
> logon home = \\%N\%U
> logon path = \\%N\%U\.winprofile
>
> #password
> encrypt passwords = true
> passdb backend = ldapsam
>
> #ldap
> ldap suffix = dc=th-domain,dc=lan
> ldapsam:trusted = yes
> ldapsam:editposix = yes
> ldap admin dn = cn=admin,dc=th-domain,dc=lan
> ldap delete dn = yes
> ldap group suffix = ou=groups
> ldap machine suffix = ou=computers
> ldap user suffix = ou=peoples
> ldap idmap suffix = ou=idmap
>
> #idmap
> idmap domains = th-domain
> idmap config th-domain:backend = ldap
> idmap config th-domain:readonly = no
> idmap config th-domain:default = yes
> idmap config th-domain:ldap_base_dn = ou=idmap,dc=th-domain,dc=lan
> idmap config th-domain:ldap_user_dn = cn=admin,dc=th-domain,dc=lan
> idmap config th-domain:ldap_url = ldap://localhost
> idmap config th-domain:range = 50000-500000
> idmap alloc backend = ldap
> idmap alloc config:ldap_base_dn = ou=idmap,dc=th-domain,dc=lan
> idmap alloc config:ldap_user_dn = cn=admin,dc=th-domain,dc=lan
> idmap alloc config:ldap_url = ldap://localhost
> idmap alloc config:range = 50000-500000
>
> #logging
> log level = 1
> ---
> my nsswitch/pam /etc/ldap.conf
> ---
> ssl off
> suffix "dc=th-domain,dc=lan"
> uri ldap://localhost
> pam_password exop
>
> rootbinddn "cn=root,dc=th-domain,dc=lan"
>
> ldap_version 3
> pam_filter objectclass=posixAccount
> pam_login_attribute uid
> pam_member_attribute memberuid
> nss_base_passwd ou=peoples,dc=th-domain,dc=lan
> nss_base_shadow ou=peoples,dc=th-domain,dc=lan
> nss_base_group ou=groups,dc=th-domain,dc=lan
> nss_base_hosts ou=hosts,dc=th-domain,dc=lan
>
> scope one
> ----
>
>
More information about the samba
mailing list