[Samba] 2nd smb server

Sascha tdy_shadow at yahoo.com
Tue Jun 10 14:04:34 GMT 2008 

Hi,

thanks for the help. I just got stuck in one problem: I joined the Samba Domain. Everything runs well execpt that i can't see/use the domain groups. If I add a share on the 2nd samba and define valid users = user1, the user can connect to that share. But if I add a group, e.g. @admins, that won't work. I don't understand why. I can even see that my PDC accepts and authenticates the user. Do I have to use Idmap? Please help. I'm despaired.

Thanks and best regards

----- Original Message ----
From: Sascha Bieler <sascha.bieler at radiogong.de>
To: Sven Buchstaller <ask at quickline.de>; samba at lists.samba.org
Sent: Tuesday, June 10, 2008 12:45:54 PM
Subject: RE: [Samba] 2nd smb server

Ah ok, but it should work as you described.


> -----Original Message-----
> From: samba-bounces+sascha.bieler=radiogong.de at lists.samba.org
> [mailto:samba-bounces+sascha.bieler=radiogong.de at lists.samba.org] On
> Behalf Of Sven Buchstaller
> Sent: Tuesday, June 10, 2008 12:39 PM
> To: samba at lists.samba.org
> Subject: AW: [Samba] 2nd smb server
> 
>  Hi Sasha
> 
> I think Sacha aka tdy_shadow mean somthing else, i have setup this
> scenario
> for some weeks but i have some trouble, when you look
> In my ask in this list like "second samba pdc".
> First he must setup the second PDC on a seperate physikal machine, with
> newest samba version for "trusted domains" ...
> Then you must do on the LDAP the groupmaps for the second PDC for
> windows
> and unix, you can't use the same from the 1 PDC.
> After them you can add user host groups.
> Dont forget the SIDs must be the same from the hosts users and groups
> for an
> domain, only the RIDs must be not the same.
> Then add the infos in your smb.conf, i use wins for netbios.
> Winbind do you only when you authentifikate on Windows Server.
> Thats was a crash info when you need more help send me an Email, today
> i
> have not much time sorry.
> 
> P.S. The Second Domain works here
> 
> Mit freundlichen Grüßen
> 
> Sven
> 
> Sorry for bad english
> 
> 
> 
> > -----Ursprüngliche Nachricht-----
> > Von: samba-bounces+ask=quickline.de at lists.samba.org
> > [mailto:samba-bounces+ask=quickline.de at lists.samba.org] Im
> > Auftrag von Sascha Bieler
> > Gesendet: Dienstag, 10. Juni 2008 12:15
> > An: 'Sascha'; samba at lists.samba.org
> > Betreff: RE: [Samba] 2nd smb server
> >
> > Take this as a hint:
> >
> > [global]
> >    interfaces = lo eth0
> >    bind interfaces only = Yes
> >    name resolve order = wins bcast lmhosts host
> >    printing = cups
> >    printcap name = cups
> >    printcap cache time = 750
> >    cups options = raw
> >    load printers = Yes
> >    unix charset = UTF-8
> >    display charset = UTF-8
> >    workgroup = DOMAIN
> >    netbios name = NETBIOSNAME
> >    admin users = @"Domain Admins"
> >    guest account = gast
> >    server string = FileServer %v
> >    security = user
> >    encrypt passwords = Yes
> >    log level = 1 vfs:1
> >    log file = /var/log/samba/log.%m
> >    syslog = 0
> >    max log size = 100000
> >    domain logons = No
> >    os level = 32
> >    preferred master = No
> >    domain master = No
> >    local master = No
> >    wins server = 192.168.10.1
> >    dns proxy = Yes
> >    time server = Yes
> >    #ldap##
> >    passdb backend = ldapsam:"ldap://192.168.10.1"
> >    ldap admin dn = cn=admin,dc=domain,dc=name
> >    ldap suffix = dc=domain,dc=name
> >    ldap group suffix = ou=Groups
> >    ldap user suffix = ou=Users
> >    ldap machine suffix = ou=Computers
> >    ldap idmap suffix = ou=Users
> >    ldap ssl = no
> >    ldap delete dn = Yes
> >    ldap passwd sync = Yes
> >    utmp = Yes
> >    idmap uid = 1000-20000
> >    idmap gid = 1000-20000
> >    idmap backend = ldap:"ldap://192.168.10.1"
> >    shutdown script = /sbin/shutdown
> >    abort shutdown script = /sbin/shutdown -c
> >    nt acl support = yes
> >    kernel oplocks = yes
> >    enable privileges = Yes
> >    template shell = /bin/false
> >    ldap passwd sync = Yes
> >    utmp = Yes
> >    idmap uid = 1000-20000
> >    idmap gid = 1000-20000
> >    idmap backend = ldap:"ldap://192.168.10.1"
> >    shutdown script = /sbin/shutdown
> >    abort shutdown script = /sbin/shutdown -c
> >    nt acl support = yes
> >    kernel oplocks = yes
> >    enable privileges = Yes
> >    template shell = /bin/false
> >    logon script =
> >    logon path =
> >    logon home =
> >
> >
> >
> >
> > ############################
> > /etc/samba/smbldap.conf
> > ############################
> > slaveLDAP="192.168.10.1"
> > slavePort="389"
> >
> > masterLDAP="192.168.10.1"
> > masterPort="389"
> >
> >
> > Also set your ldap.conf and nsswitch.conf to the appropiate values.
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> >
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list