[Samba] Samba 3.0 + LDAP
Gonzalo Servat
gonzalo at unixpac.com.au
Tue May 28 22:00:02 GMT 2002
On Wed, 2002-05-29 at 14:29, abartlet at samba.org wrote:
> On Wed, May 29, 2002 at 02:14:13PM +1000, Gonzalo Servat wrote:
> > On Tue, 2002-05-28 at 18:10, abartlet at samba.org wrote:
> > > On Tue, May 28, 2002 at 10:09:12AM +1000, Gonzalo Servat wrote:
> > > > Hi All
> > > >
> > > > I've compiled Samba 3.0 alpha 17 using --with-ldapsam. In smb.conf I've
> > > > got:
> > > >
> > > > passdb backend = ldapsam
> > > > ldap admin dn = "cn=Manager,o=Sambatest,c=AU"
> > > > ldap suffix = c=AU
> > > > ldap ssl = off
> > > >
> > > > ... and the admin dn password is in the secrets.tdb file.
> > > >
> > > > Other than missing an "n" in "backend", :), is there anything clearly
> > > > wrong with my setup? Am I missing a configuration directive in smb.conf?
> > >
> > > You need to set that to 'passdb backend= ldapsam:ladp://ldap.server:port
> >
> > Ah ha! Thanks. That did it...
> >
> > Another question. I've mapped the group 'domadm' (using smbgroupedit) to
> > 'Domain Admins'. In my /etc/group, I have:
> >
> > domadm: smbadmin
> >
> > ... and smbadmin is a user in the LDAP tree. I've confirmed that I can
> > successfully map a share on the samba server using smbadmin.
> >
> > I tried to join my samba domain (it's a Win2k box) and I get prompted
> > for a login/password of a user that has enough privileges to join the
> > domain. I entered 'smbadmin' and the password and I get 'Access is
> > denied'. I noticed in the logs that it tries various combinations of the
> > name 'smbadmin' before giving up with this error:
>
> You can only join with ROOT. The user being a 'domain admin' is only for
> the benifit of the windows clients. In Samba 3.0, you can use set
>
> admin users = @domadm
>
> to get a similar effect - but remeber that all actions of those uses will be
> as root, not just joins etc.
>
Ah, right. So even if I do 'admin users = @domadm' I still need to
create a 'root' user in the ldap tree?
Why would I use the 'admin users = @domadm' if I can use smbgroupedit to
map a NT group to a Unix group? Out of curiosity..
Thanks again for your help so far.
Regards,
Gonzalo.
> Andrew Bartlett
More information about the samba
mailing list