[Samba] CENTOS4.6+SAMBA3.0.25+FEDORA-DS
suphakit Chamwuthipricha
suphakit at bluebottle.com
Wed Mar 5 06:32:14 GMT 2008
Hi
I am new to linux & Samba. I would like to setup Samba as a
domain controller and using Fedora-ds for authentication.
I have read some documents from www.samba.org but I am still in
the mist.
Here is my dumb questions about Samba as follows.
1. Is CENTOS4.6+SAMBA3.0.25 as PDC +FEDORA-DS possible?
2. Is this HOWTO from
http://directory.fedoraproject.org/wiki/Howto:Samba sufficient
information? please suggest more
3. Since I tried to integrate Samba+Fedora-ds ,I am always stuck
at this step "net groupmap add".
Does these command need to be done? What will happen if we
skip them?
# net groupmap add rid=2512 ntgroup='Domain Admins'
unixgroup='Domain Admins'
# net groupmap add rid=2513 ntgroup='Domain Users'
unixgroup='Domain Users'
# net groupmap add rid=2514 ntgroup='Domain Guests'
unixgroup='Domain Guests'
# net groupmap add rid=2515 ntgroup='Domain Computers'
unixgroup='Domain Computers'
3.1 Linux won't allow me to add unix group name with space
like Domain Admins ,can we change to DomainAdmins (no space)
as I tried to add unix group DomainAdmins in linux box
and run the command , It is failed.
# net groupmap add rid=2512 ntgroup='Domain Admins'
unixgroup='DomainAdmins'
I also noticed that this somehow relates to smb.conf file
Some source says:
ldap admin dn = cn=Directory Manager
or
ldap admin dn = cn=Directory Manager,dc=mycompany,dc=com
3.1.1 If I use this one ldap dn = cn=Directory Manager
The result of net groupmap show failed to add
group map
3.1.2 If I use this one ldap admin dn = cn=Directory
Manager,dc=mycompany,dc=com
The result of net groupmap show cannot find object
"cn=Directory Manager,dc=mycompany,dc=com"
3.2 Where does the command looks for ntgroup="Domain Admins'
to map with unixgroup=Domain Admins
3.3 Some source say the net group map should add type=d at
the end of the line ,is it true?
# net groupmap add rid=2512 ntgroup='Domain Admins'
unixgroup='Domain Admins' type=d
4. Does this line in my smb.conf look ok? (I installed Samba
& Fedora-ds in same machine)
passdb backend = ldapsam:ldap://192.168.100.7
5. Does these line need to be included in smb.conf file?
What will happen if we don't include them?
ldap idmap suffix = ou=Users
ldap passed sync = Yes
6. Does user add scripts need to be included in smb.conf file?
How it works and when these lines are used.
What will happen if we don't include them.
# Useradd scripts
add user script =
/usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-useradd -m %u
delete user script =
/usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-userdel -r %u
add group script =
/usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-groupadd %g
delete group script =
/usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-groupdel %g
add user to group script
=/usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-groupmod
-G %g %u
add machine script =
/usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-useradd -w %u
idmap uid = 15000-20000
idmap gid = 15000-20000
passwd program
=/usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-passwd %u
7. What does this command do? Do we have to do this with
every users?
# pdbedit -U $( net getlocalsid | sed 's/SID for
domain YOURWORKGROUP is: //' )-500 -u Administrator -r
8. In many HOWTO from website ,they state about PAM and NSS
config with ldap ,do we need it ,can we skip this?
9. I hardly find the instruction on how to set up Samba as
PDC + Fedora-ds ,please advise]
Thank you and Best Regards,
Tom
----------------------------------------------------------------------
Finally - A spam blocker that actually works.
http://www.bluebottle.com/tag/4
More information about the samba
mailing list