[Samba] Samba 3.0 + LDAP

Gonzalo Servat gonzalo at unixpac.com.au
Tue May 28 22:00:02 GMT 2002


On Wed, 2002-05-29 at 14:29, abartlet at samba.org wrote:
> On Wed, May 29, 2002 at 02:14:13PM +1000, Gonzalo Servat wrote:
> > On Tue, 2002-05-28 at 18:10, abartlet at samba.org wrote:
> > > On Tue, May 28, 2002 at 10:09:12AM +1000, Gonzalo Servat wrote:
> > > > Hi All
> > > > 
> > > > I've compiled Samba 3.0 alpha 17 using --with-ldapsam. In smb.conf I've
> > > > got:
> > > > 
> > > > passdb backend = ldapsam
> > > > ldap admin dn = "cn=Manager,o=Sambatest,c=AU"
> > > > ldap suffix = c=AU
> > > > ldap ssl = off
> > > > 
> > > > ... and the admin dn password is in the secrets.tdb file.
> > > > 
> > > > Other than missing an "n" in "backend", :), is there anything clearly
> > > > wrong with my setup? Am I missing a configuration directive in smb.conf?
> > > 
> > > You need to set that to 'passdb backend= ldapsam:ladp://ldap.server:port
> > 
> > Ah ha! Thanks. That did it...
> > 
> > Another question. I've mapped the group 'domadm' (using smbgroupedit) to
> > 'Domain Admins'. In my /etc/group, I have:
> > 
> > domadm: smbadmin
> > 
> > ... and smbadmin is a user in the LDAP tree. I've confirmed that I can
> > successfully map a share on the samba server using smbadmin.
> > 
> > I tried to join my samba domain (it's a Win2k box) and I get prompted
> > for a login/password of a user that has enough privileges to join the
> > domain. I entered 'smbadmin' and the password and I get 'Access is
> > denied'. I noticed in the logs that it tries various combinations of the
> > name 'smbadmin' before giving up with this error:
> 
> You can only join with ROOT.  The user being a 'domain admin' is only for
> the benifit of the windows clients.  In Samba 3.0, you can use set
> 
> admin users = @domadm
> 
> to get a similar effect - but remeber that all actions of those uses will be
> as root, not just joins etc.
> 

Ah, right. So even if I do 'admin users = @domadm' I still need to
create a 'root' user in the ldap tree?

Why would I use the 'admin users = @domadm' if I can use smbgroupedit to
map a NT group to a Unix group? Out of curiosity..

Thanks again for your help so far.

Regards,

Gonzalo.

> Andrew Bartlett






More information about the samba mailing list