[Samba] problem with secondary groups and OpenLDAP or Multiple ou's
Jeff Hafer
jeff.hafer at btdinc.net
Tue Apr 27 19:35:38 GMT 2004
I am trying to implement the following structure in OpenLDAP
for a backend to Samba 3:
/ ou=People
/ou=Internal-----<- ou=Groups
dc=btd,dc=com ---< \ ou=Computers
\ou=External
I have been able to authenticate users but they are only able to
access shares based on their primary group. I am wondering if Samba
is having trouble with the multiple ou's necessary to reach Groups
and People with secondary groups???
Here's my smb.conf file: (Only included a single share)
[global]
add group script = /usr/sbin/groupadd '%g'
add machine script = /usr/sbin/useradd -g machines -c "Samba
Machine" -d /dev/null -s /bin/false '%u'
add share command = /usr/local/bin/addshare
add user script = /usr/sbin/useradd -g samba -c "Samba User" -d
/home/users/'%u' -m -s /bin/false '%u' -g allusers
add user to group script = /usr/sbin/usermod -G `/usr/bin/id -G '%u'
|/bin/sed 's/ /,/g'`,'%g' '%u'
addprinter command = /usr/bin/addprinterf
admin users = root, Administrator, domadm
auth methods = winbind, guest, sam
client lanman auth = no
client ntlmv2 auth = yes
client plaintext auth = no
dns proxy = no
domain logons = yes
domain master = yes
encrypt passwords = yes
idmap gid = 10000-20000
idmap uid = 10000-20000
ldap admin dn = cn=Manager,dc=btd,dc=com
ldap filter = (&(uid=%u)(objectClass=sambaSamAccount))
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap passwd sync = yes
ldap ssl = no
ldap suffix = dc=btd,dc=com
ldap user suffix = ou=People
load printers = yes
log file = /var/lib/samba/%m.log
log level = 10
logon drive = u:
logon home = \\N%\home\users\%U
logon path = \\N%\home\users\%U\profile
logon script = everyone.bat
max log size = 50
netbios name = btdvfile1
nt acl support = yes
ntlm auth = yes
obey pam restrictions = yes
os level = 40
passdb backend = ldapsam:ldap://btdvinfr1
passwd chat = *new*password* %n\n *new*password* %n\n *successfully*
path = /var/spool/samba
preferred master = yes
printcap name = cups
printer = purchlaser
printing = cups
profile acls = yes
security = user
server string = Linux Samba Server btdvfile1
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
template homedir = /home/users/%D/%U
time server = yes
unix charset =
unix password sync = no
username level = 5
username map = /etc/samba/smbusers
wins partners = 10.100.100.2
wins support = no
wins proxy = no
wins server = 10.100.100.2
workgroup = BTD
writeable = yes
create mask = 0777
directory mask = 6777
force create mode = 0777
force directory mode = 6777
inherit permissions = yes
[home]
comment = Home Folders
path = /home
read only = No
[homes]
comment = Home Folders
path = /home
read only = No
[netlogon]
comment = Net Logon Share
path = /usr/local/samba/netlogon
browsable = Yes
admin users = @admins
read list = @allusers
write list = @admins
############################################################
### Shared Folders ###
############################################################
[accountingfiles]
comment = Accounting Department
path = /home/depts/accountingfiles
browseable = yes
recycle:repository = recycle
recycle:keeptree = yes
vfs objects = vscan-sophos recycle
vscan-sophos: config-file = /etc/samba/vscan-sophos.conf
admin users = @admins @accounting
valid users = @admins @accounting
write list = @admins @accounting
More information about the samba
mailing list