i need to know a few things about Sama TNg 0.6 + Netscape LDAP 4.1 + PDC

Paul Kennedy pkennedy at loudcloud.com
Tue Feb 29 19:45:39 GMT 2000



muchos wrote:

> I'm not configure LDAP, but i know that netscape directory have a parameter or
> something that is called "ntuser", someone knows if it is enought for samba
> authentification?

The Netscape Directory Server defines different schema from Samba for NT user attributes.
Netscape's schema is used by the Netscape NT Directory Synchronization Service, to
propagate NT users and groups to the LDAP server and from then on keep the SAM and LDAP
directory synchronized.

In order to use Samba with the Netscape Directory Server 4.0 or later, you'll need to add
the following schema to the file NSHOME/slapd-'your-serverid-here'/slapd.user_oc.conf

objectclass sambaAccount
        requires
                ObjectClass,
                uid,
                uidNumber,
                ntuid,
                rid
        allows
                gidNumber,
                grouprid,
                nickname,
                userpassword,
                ou,
                description,
                lmPassword,
                ntPassword,
                pwdLastSet,
                smbHome,
                homeDrive,
                script,
                profile,
                workstations,
                acctFlags,
                pwdCanChange,
                pwdMustChange,
                logonTime,
                logoffTime,
                kickoffTime,
                cn

objectclass sambaGroup
        requires
                cn,
                rid
        allows
                ntuid,
                member,
                description


objectclass sambaBuiltin
        requires
                cn,
                sid
        allows
                ntuid,
                rid,
                member,
                description

objectclass sambaConfig
        requires
                id
        allows
                nextrid


and add these attribute definitions to the file
NSHOME/slapd-'your-serverid-here'/slapd.user_at.conf

attribute uidNumber  cis
attribute ntUid   cis
attribute rid   cis
attribute nextRid   cis
attribute grouprid  cis
attribute nickname  cis
attribute lmpassword  cis
attribute ntpassword  cis
attribute pwdLastSet  cis
attribute smbHome   cis
attribute homeDrive  cis
attribute script   cis
attribute profile   cis
attribute workstations  cis
attribute acctFlags  cis
attribute pwdCanChange  cis
attribute pwdMustChange  cis
attribute sid   cis
attribute id   cis
attribute logonTime  cis
attribute logoffTime  cis
attribute kickoffTime  cis


Then restart the server, these config files are read once only, at server startup.

Then you should re-read Ignacio Coupeau's very helpful note.

Pk.

>
>
> I read Samba-PDC LDAP TNG howto made by Ignacio Coupeau at University of
> Navarra, but i find it a bit confuse or may be not clear for me.
>
> Well, i want to know if i must use smbpasswd if all the accounts are in the ldap
> server now, and i must add a machines account in the smbpasswd or in ldap
> directory?
>
> I think that my smb.conf is ok (i pasted below), but i don't know the
> requirements of LDAP (Netscape server)
>
> I'm using the Netscape LDAP with that parameter and Samba TNG 0.6 as a PDC
>
> ---------------------------------------------------------------------------------------
> [global]
>
> #  LDAP
>     ldap suffix = "o=Root_Ldap"
>     ldap bind as = "uid=root, o=Root_Ldap"
>     ldap passwd file = /usr/local/samba/private/ldappasswd
>     ldap server = localhost
>     ldap port = 389
>
> # DOMAIN SERVER
>     domain groups = ROOT_NT
>     workgroup = ROOT_NT
>     server string = Servidor Primario de Dominios
>     domain master = yes
>     domain logons = yes
>     preferred master = yes
>     comment = Linux sever Samba 2.1
>
> # PRINTERS GLOBAL SETUP
>     load printers = yes
>     printcap name = /etc/printcap
>
> # LOG SETUP
>     log file = /var/log/samba/log.%m
>     max log size = 500
>
> # PASSWORD SETUP
>     security = user
>     encrypt passwords = yes
>     smb passwd file = /etc/smbpasswd
>     unix password sync = yes
>     passwd program = /bin/passwd %u
>     password level = 0
> # OPTIONS
>     socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>
>     # Netbios Setup
>     logon script = %U.bat
>     logon path = \\%L\profiles\%U
>     netbios name = diablo
>     logon path = \\diablo\profiles\%U
>     # Options
>     map to guest = never
>     null passwords = no
>     os level = 34
>     wins support = yes
>     dead time = 0
>     debug level = 20
>     admin users = smbadmin
>
> # SHARES PARA EL PDC
>
> [homes]
>     comment = Directorios Personales
>     browseable = no
>     writeable = yes
>     public = no
>     only user = no
>     path = /home/samba/profiles/
>     create mode = 0600
>     directory mode = 070
>
> [netlogon]
>     comment = Servicio Autentificacion
>     path = /home/samba/netlogon
>     guest ok = yes
>     writable = no
>     share modes = no
>     browsable = no
> [profiles]
>     comment = Perfil de Usuario
>     path = /home/samba/profiles
>     create mode = 0600
>     directory mode = 0700
>     writable = yes
>     browsable = no
>
> # SHARED OPCIONALES
>
> --
> =========================================================================
> Gabriel D´iaz L´opez de la Llave
> Ip6 Seguridad S.L         gabidiaz at ip6seguridad.com
> c: Zurbaran 28            tlf : 91 700 01 84 ext 165
> 28010 Madrid              fax : 91 700 01 73
> http://www.ip6seguridad.com
> =========================================================================



More information about the samba-ntdom mailing list