i need to know a few things about Sama TNg 0.6 + Netscape LDAP 4.1 +
PDC
Paul Kennedy
pkennedy at loudcloud.com
Tue Feb 29 19:45:39 GMT 2000
muchos wrote:
> I'm not configure LDAP, but i know that netscape directory have a parameter or
> something that is called "ntuser", someone knows if it is enought for samba
> authentification?
The Netscape Directory Server defines different schema from Samba for NT user attributes.
Netscape's schema is used by the Netscape NT Directory Synchronization Service, to
propagate NT users and groups to the LDAP server and from then on keep the SAM and LDAP
directory synchronized.
In order to use Samba with the Netscape Directory Server 4.0 or later, you'll need to add
the following schema to the file NSHOME/slapd-'your-serverid-here'/slapd.user_oc.conf
objectclass sambaAccount
requires
ObjectClass,
uid,
uidNumber,
ntuid,
rid
allows
gidNumber,
grouprid,
nickname,
userpassword,
ou,
description,
lmPassword,
ntPassword,
pwdLastSet,
smbHome,
homeDrive,
script,
profile,
workstations,
acctFlags,
pwdCanChange,
pwdMustChange,
logonTime,
logoffTime,
kickoffTime,
cn
objectclass sambaGroup
requires
cn,
rid
allows
ntuid,
member,
description
objectclass sambaBuiltin
requires
cn,
sid
allows
ntuid,
rid,
member,
description
objectclass sambaConfig
requires
id
allows
nextrid
and add these attribute definitions to the file
NSHOME/slapd-'your-serverid-here'/slapd.user_at.conf
attribute uidNumber cis
attribute ntUid cis
attribute rid cis
attribute nextRid cis
attribute grouprid cis
attribute nickname cis
attribute lmpassword cis
attribute ntpassword cis
attribute pwdLastSet cis
attribute smbHome cis
attribute homeDrive cis
attribute script cis
attribute profile cis
attribute workstations cis
attribute acctFlags cis
attribute pwdCanChange cis
attribute pwdMustChange cis
attribute sid cis
attribute id cis
attribute logonTime cis
attribute logoffTime cis
attribute kickoffTime cis
Then restart the server, these config files are read once only, at server startup.
Then you should re-read Ignacio Coupeau's very helpful note.
Pk.
>
>
> I read Samba-PDC LDAP TNG howto made by Ignacio Coupeau at University of
> Navarra, but i find it a bit confuse or may be not clear for me.
>
> Well, i want to know if i must use smbpasswd if all the accounts are in the ldap
> server now, and i must add a machines account in the smbpasswd or in ldap
> directory?
>
> I think that my smb.conf is ok (i pasted below), but i don't know the
> requirements of LDAP (Netscape server)
>
> I'm using the Netscape LDAP with that parameter and Samba TNG 0.6 as a PDC
>
> ---------------------------------------------------------------------------------------
> [global]
>
> # LDAP
> ldap suffix = "o=Root_Ldap"
> ldap bind as = "uid=root, o=Root_Ldap"
> ldap passwd file = /usr/local/samba/private/ldappasswd
> ldap server = localhost
> ldap port = 389
>
> # DOMAIN SERVER
> domain groups = ROOT_NT
> workgroup = ROOT_NT
> server string = Servidor Primario de Dominios
> domain master = yes
> domain logons = yes
> preferred master = yes
> comment = Linux sever Samba 2.1
>
> # PRINTERS GLOBAL SETUP
> load printers = yes
> printcap name = /etc/printcap
>
> # LOG SETUP
> log file = /var/log/samba/log.%m
> max log size = 500
>
> # PASSWORD SETUP
> security = user
> encrypt passwords = yes
> smb passwd file = /etc/smbpasswd
> unix password sync = yes
> passwd program = /bin/passwd %u
> password level = 0
> # OPTIONS
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>
> # Netbios Setup
> logon script = %U.bat
> logon path = \\%L\profiles\%U
> netbios name = diablo
> logon path = \\diablo\profiles\%U
> # Options
> map to guest = never
> null passwords = no
> os level = 34
> wins support = yes
> dead time = 0
> debug level = 20
> admin users = smbadmin
>
> # SHARES PARA EL PDC
>
> [homes]
> comment = Directorios Personales
> browseable = no
> writeable = yes
> public = no
> only user = no
> path = /home/samba/profiles/
> create mode = 0600
> directory mode = 070
>
> [netlogon]
> comment = Servicio Autentificacion
> path = /home/samba/netlogon
> guest ok = yes
> writable = no
> share modes = no
> browsable = no
> [profiles]
> comment = Perfil de Usuario
> path = /home/samba/profiles
> create mode = 0600
> directory mode = 0700
> writable = yes
> browsable = no
>
> # SHARED OPCIONALES
>
> --
> =========================================================================
> Gabriel D´iaz L´opez de la Llave
> Ip6 Seguridad S.L gabidiaz at ip6seguridad.com
> c: Zurbaran 28 tlf : 91 700 01 84 ext 165
> 28010 Madrid fax : 91 700 01 73
> http://www.ip6seguridad.com
> =========================================================================
More information about the samba-ntdom
mailing list