[Samba] 2nd smb server
Sascha
tdy_shadow at yahoo.com
Tue Jun 10 14:04:34 GMT 2008
Hi,
thanks for the help. I just got stuck in one problem: I joined the Samba Domain. Everything runs well execpt that i can't see/use the domain groups. If I add a share on the 2nd samba and define valid users = user1, the user can connect to that share. But if I add a group, e.g. @admins, that won't work. I don't understand why. I can even see that my PDC accepts and authenticates the user. Do I have to use Idmap? Please help. I'm despaired.
Thanks and best regards
----- Original Message ----
From: Sascha Bieler <sascha.bieler at radiogong.de>
To: Sven Buchstaller <ask at quickline.de>; samba at lists.samba.org
Sent: Tuesday, June 10, 2008 12:45:54 PM
Subject: RE: [Samba] 2nd smb server
Ah ok, but it should work as you described.
> -----Original Message-----
> From: samba-bounces+sascha.bieler=radiogong.de at lists.samba.org
> [mailto:samba-bounces+sascha.bieler=radiogong.de at lists.samba.org] On
> Behalf Of Sven Buchstaller
> Sent: Tuesday, June 10, 2008 12:39 PM
> To: samba at lists.samba.org
> Subject: AW: [Samba] 2nd smb server
>
> Hi Sasha
>
> I think Sacha aka tdy_shadow mean somthing else, i have setup this
> scenario
> for some weeks but i have some trouble, when you look
> In my ask in this list like "second samba pdc".
> First he must setup the second PDC on a seperate physikal machine, with
> newest samba version for "trusted domains" ...
> Then you must do on the LDAP the groupmaps for the second PDC for
> windows
> and unix, you can't use the same from the 1 PDC.
> After them you can add user host groups.
> Dont forget the SIDs must be the same from the hosts users and groups
> for an
> domain, only the RIDs must be not the same.
> Then add the infos in your smb.conf, i use wins for netbios.
> Winbind do you only when you authentifikate on Windows Server.
> Thats was a crash info when you need more help send me an Email, today
> i
> have not much time sorry.
>
> P.S. The Second Domain works here
>
> Mit freundlichen Grüßen
>
> Sven
>
> Sorry for bad english
>
>
>
> > -----Ursprüngliche Nachricht-----
> > Von: samba-bounces+ask=quickline.de at lists.samba.org
> > [mailto:samba-bounces+ask=quickline.de at lists.samba.org] Im
> > Auftrag von Sascha Bieler
> > Gesendet: Dienstag, 10. Juni 2008 12:15
> > An: 'Sascha'; samba at lists.samba.org
> > Betreff: RE: [Samba] 2nd smb server
> >
> > Take this as a hint:
> >
> > [global]
> > interfaces = lo eth0
> > bind interfaces only = Yes
> > name resolve order = wins bcast lmhosts host
> > printing = cups
> > printcap name = cups
> > printcap cache time = 750
> > cups options = raw
> > load printers = Yes
> > unix charset = UTF-8
> > display charset = UTF-8
> > workgroup = DOMAIN
> > netbios name = NETBIOSNAME
> > admin users = @"Domain Admins"
> > guest account = gast
> > server string = FileServer %v
> > security = user
> > encrypt passwords = Yes
> > log level = 1 vfs:1
> > log file = /var/log/samba/log.%m
> > syslog = 0
> > max log size = 100000
> > domain logons = No
> > os level = 32
> > preferred master = No
> > domain master = No
> > local master = No
> > wins server = 192.168.10.1
> > dns proxy = Yes
> > time server = Yes
> > #ldap##
> > passdb backend = ldapsam:"ldap://192.168.10.1"
> > ldap admin dn = cn=admin,dc=domain,dc=name
> > ldap suffix = dc=domain,dc=name
> > ldap group suffix = ou=Groups
> > ldap user suffix = ou=Users
> > ldap machine suffix = ou=Computers
> > ldap idmap suffix = ou=Users
> > ldap ssl = no
> > ldap delete dn = Yes
> > ldap passwd sync = Yes
> > utmp = Yes
> > idmap uid = 1000-20000
> > idmap gid = 1000-20000
> > idmap backend = ldap:"ldap://192.168.10.1"
> > shutdown script = /sbin/shutdown
> > abort shutdown script = /sbin/shutdown -c
> > nt acl support = yes
> > kernel oplocks = yes
> > enable privileges = Yes
> > template shell = /bin/false
> > ldap passwd sync = Yes
> > utmp = Yes
> > idmap uid = 1000-20000
> > idmap gid = 1000-20000
> > idmap backend = ldap:"ldap://192.168.10.1"
> > shutdown script = /sbin/shutdown
> > abort shutdown script = /sbin/shutdown -c
> > nt acl support = yes
> > kernel oplocks = yes
> > enable privileges = Yes
> > template shell = /bin/false
> > logon script =
> > logon path =
> > logon home =
> >
> >
> >
> >
> > ############################
> > /etc/samba/smbldap.conf
> > ############################
> > slaveLDAP="192.168.10.1"
> > slavePort="389"
> >
> > masterLDAP="192.168.10.1"
> > masterPort="389"
> >
> >
> > Also set your ldap.conf and nsswitch.conf to the appropiate values.
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/listinfo/samba
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list