[Samba] Samba PDC/LDAP Questions

[Brett Stevens]

On 27/5/04 04:52, "Wendell Smith" <wendels at castlebranch.com> wrote:

> Howdy all...
> 
> I am trying to use two different samba servers in a test environment
> such that a Win98 SE user logs into his/her workstation,
> authenticates/authorizes themself via the PDC, and then mounts a
> different samba server to store his/her files. By files I *guess* I mean
> profile as this is where I assume that this user's personal files will
> end up.
> 
> Question 1: Is this assumption that a users working files are stored
> with their profile correct?
Not entirely. Profile is used for settings and private info files are
relative to the path you set up. They save files where ever you set it to
such as, for example [customer] is mapped to /usr/local/samba/customer and
the drive letter for windows is F: then users would save all customer files
to the f: drive.
> 
> I am making use of an LDAP enabled samba compilation (samba-3.0.4) with
> respect to my PDC. When I utilize just this machine, my users working
> files/profile does indeed get stored in the PDC's profiles share.
> 
> I want my PDC to only be used for authentication/authorization in that I
> would like all of my users to be able to mount other samba file-servers
> to store their working files/profile.
> 
> Question 2: Do these other non-PDC samba servers need to be
> LDAP-enabled? 
They have to be member servers of your domain. And must still authenticate
using whatever method you have set up.
> 
> When I log my user on and off get this message in my log.smbd file:
> 
> [2004/05/26 14:04:40, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1369)
>   unable to open passdb database.
> 
> I had assumed that the PDC handled all of the
> authentication/authorization and am little confused as to why this
> file-server would be trying to access the passwd database.
Because it must authenticate the request somehow. Again it must be a member
of the domain to authenticate smb requests from users. Set up samba-ldap on
your pdc and then consult the doco for references on member servers.
> 

> I have been following the howto found at this url:
> http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html
> 
> It has been VERY helpful. When I got to the section entitled "A complex
> and real example", I am left unsure of how a user actually mounts this
> second non-PDC file-server. This info is seemingly left out.
> 
> Question 3: How are the following ldap attributes for a sambaSamAccount
> actually used to accomplish this?
> 
> sambaAcctFlags
> sambaHomePath
> sambaHomeDrive
> sambaProfilePath
> 
> Question 4: What about the smb.conf directives involved?
> 
> [global]
> logon path
> logon home
Check man smb.conf for a full description. These settings relate to profiles
and user home dirs.
> 
> [profiles]
> path
> 
> In the example there is no "profiles" share found on the non-PDC
> file-server. 
Not entirely necessary for the non-pdc unless you want to hold the files
there. This is a relative setting. Check (I'm not entirely sure and could be
quite wrong here ) but you possibly could set this using unc pathnames.
> 
> /me shrugs
> 
> I'm a little bewildered with all of this and would LOVE some help. I'm
> fairly good at RTFMing do if I have overlooked an important piece of
> documentation, by all means point it out to me and I will inhale it.
> I've tried looking at the ldap schema but didn't pull too much from it.
> 
Yes RTFM can be confusing at first. Go back to basics. Set up your PDC
first. With files on the pdc. Then add your member server. Then configure
your login scripts to point to the user shares you need. Then modify your
profile login home and logon path. Try each step by step.

> Any help you can offer will be greatly appreciated...
> 
> Regards,
> 
> Wendell
Good luck

Brett Stevens