[Samba] Samba/LDAP Question
Hector Blanco
white.lists at gmail.com
Thu Feb 28 17:26:11 GMT 2008
It doesn't seem to be that, in my case... I removed the smb.conf lines
that told Samba in which Ldaps "tables" (or OUs) had to look for the
users and so, and it isn't working...
Just in case, there goes my new smb.conf
Thanks
-------------------------- smb.conf ----------------------------
[global]
#Configuracion basica
workgroup = JOME
security = user
netbios name = xxxx
server string = xxxx PDC server Version %v
encrypt passwords = yes
#Configuración para ser el PDC maestro
os level = 65
preferred master = yes
local master = yes
domain master = yes
domain logons = yes
wins support=yes
#Configuracion de logs
log level = 4
debug level=3
syslog = 3
log file = /var/log/samba/samba.log
max log size = 1000
#Configuracion LDAP
ldap admin dn = cn=Admin,dc=jome
ldap delete dn = no
passdb backend = ldapsam:ldap://xxxx/
# ldap user suffix = ou=People
# ldap group suffix = ou=Group
# ldap machine suffix = ou=Hosts
# ldap idmap suffix = ou=Idmap
ldap passwd sync = Yes
ldap suffix =dc=jome
ldap delete dn = No
local master=Yes
os level=65
domain master=yes
preferred master=yes
domain logons=yes
logon path = \\%L\%U\Profiles
#Configuracion programas varios
add machine script =/usr/sbin/smbldap-useradd -w %u
# add user script = /usr/sbin/smbldap-useradd -a -m '%u'
# delete user script = /usr/sbin/smbldap-userdel -r %u
# add group script = /usr/sbin/smbldap-groupadd -p '%g'
# delete group script = /usr/sbin/smbldap-groupdel '%g'
# add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
# delete user from group script = /usr/sbin/smbldap-groupmod
-x '%u' '%g'
# set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
passwd program = /usr/sbin/smbldap-passwd '%u'
printing = cups
printcap name = CUPS
logon script = scripts\logon.bat
logon path = \\%L\profiles\%U
logon drive = H:
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = Yes
locking = No
[profiles]
comment = Profile Share
path = /var/lib/samba/profiles
read only = No
profile acls = Yes
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
browseable = yes
guest ok = no
read only = yes
write list = Administrator
------------------------------------------------
2008/2/28, Adam Tauno Williams <adamtaunowilliams at gmail.com>:
> > mmmm... I can see something in your Ldifs that I don't have: The
> > "objectClass: sambaSamAccount"... I bet this is important in order to
> > have Samba working!! Hehe... I'll keep working on this line... :)
>
>
> The add user / account process should add the sambaSamAccount
> objectclass and related attributes. If Samba can't find the new new
> object to modify then that is the problem. We have a Samba LDAP PDC and
> joining machines and adding users works fine. I think you problem is -
>
>
> ldap machine suffix = ou=computers
> ldap user suffix = ou=People
>
>
> Specifying these causes problems, it is up to the add script where to
> create the account object. Just make use that creates the object where
> you want it and Samba will modify the object in-place. Remove these two
> directives.
>
> You said in your original message: ":samba is trying to find that entry
> in ou=people instead of ou=computers.". That is your problem.
>
> --
> Adam Tauno Williams, Network & Systems Administrator
> Consultant - http://www.whitemiceconsulting.com
> Developer - http://www.opengroupware.org
>
>
> --
>
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list