[Samba-it] samba con doppia personalita' ;-)
Sandro Doro
samba at dorogroup.com
Fri Dec 9 10:58:01 MST 2005
> On Thu, 2005-12-08 at 21:16 +0100, Sandro Doro wrote:
>
> > La cosa che mi lascia un po' perplesso e' la dicitura
> > Domain: HOME anche se e' stato fatto il join al dominio NETKITWG.
>
> Sento puzza di bruciato :-)
>
> > Qualche idea sulla mancata "traduzione" dei SID sul Domain Member ?
>
> Servono gli output di net getlocalsid su entrambe i server.
Premetto che il pdc ha netbios name CORE e l'altro HOME.
sambaCore:~# net getlocalsid
SID for domain CORE is: S-1-5-21-3840722988-1065274203-713729200
sambaHome:~# netHome -s /etc/samba/smbHome.conf getlocalsid
SID for domain HOME is: S-1-5-21-3362258605-3231886521-2455157064
>
> Servono gli smb.conf
>
====================== smb.conf CORE =============================
[global]
workgroup = NetkitWG
netbios name = Core
server string = CoreServerString
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
bind interfaces only = yes
interfaces = 192.168.50.101, 127.0.0.1
admin users = Administrator
security = user
encrypt passwords = Yes
obey pam restrictions = No
ldap passwd sync = Yes
log level = 3
syslog = 0
log file = /var/log/samba/log.%m
max log size = 300
smb ports = 139 445
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
logon script = scripts\logon.bat
logon drive = H:
logon path = \\HOME\profiles\foo
logon home = \\HOME\%U
wins support = Yes
name resolve order = wins hosts bcast
passdb backend = ldapsam:ldap://ldap/
ldap admin dn = cn=samba,ou=DSA,dc=istituto,dc=it
ldap suffix = dc=istituto,dc=it
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
idmap backend = ldap:ldap://ldap/
idmap uid = 10000-20000
idmap gid = 10000-20000
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
[homes]
comment = Home Directories di %U, %u
valid users = %S
browseable = No
read only = No
[netlogon]
comment = Network Logon Service
path = /home/netlogon
guest ok = Yes
locking = No
[profiles]
comment = Profile Share
path = /home/profiles
read only = No
profile acls = Yes
==========================fine ======================================
========================== smb.conf HOME ============================
[global]
workgroup = NetkitWG
netbios name = Home
server string = HomeServerString
bind interfaces only = yes
interfaces = 192.168.50.102
admin users = Administrator
security = domain
encrypt passwords = yes
password server = CORE
obey pam restrictions = No
log level = 4
syslog = 0
log file = /var/log/sambaHome/log.%m
max log size = 1000
smb ports = 139 445
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
Dos charset = 850
Unix charset = ISO8859-1
pid directory = /var/run/sambaHome/
wins server = 192.168.50.101
name resolve order = wins hosts bcast
logon script = scripts\logon.bat
logon drive = H:
logon path = \\HOME\profiles\foo
logon home = \\HOME\%U
passdb backend = ldapsam:ldap://ldap/
ldap admin dn = cn=samba,ou=DSA,dc=istituto,dc=it
ldap suffix = dc=istituto,dc=it
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
idmap backend = ldap:ldap://ldap/
idmap uid = 10000-20000
idmap gid = 10000-20000
[homes]
comment = Home Directories
path = /mnt/homes/%S
valid users = %S
browseable = No
read only = No
[netlogon]
comment = Network Logon Service
path = /mnt/netlogon
guest ok = Yes
locking = No
[profiles]
comment = Profile Share
path = /mnt/profiles
read only = No
profile acls = Yes
==========================fine =======================================
> Simo.
>
> --
> Simo Sorce - simo.sorce at xsec.it
> Xsec s.r.l. - http://www.xsec.it
> via Garofalo, 39 - 20133 - Milano
> mobile: +39 329 328 7702
> tel. +39 02 2953 4143 - fax: +39 02 700 442 399
Grazie, ciao
Sandro
--
Sandro Doro
e-mail: sandro.doro AT istruzione.it
More information about the samba-it
mailing list