[Samba] CENTOS4.6+SAMBA3.0.25+FEDORA-DS

Adam Williams awilliam at mdah.state.ms.us
Wed Mar 5 18:12:35 GMT 2008 

whoa you have so many things wrong its hard to decide even where to 
start.  read 
http://www.iallanis.info/smbldap-tools/docs/samba-ldap-howto/, and 
chapter 5 of samba 3 by example, and 
http://directory.fedoraproject.org/wiki/Howto:Samba

suphakit Chamwuthipricha wrote:
> Hi
>          I am new to linux & Samba. I would like to setup Samba as a
> domain controller and using Fedora-ds for authentication.
>          I have read some documents from www.samba.org but I am still in
> the mist.
>
>          Here is  my dumb questions about Samba as follows.
>
>         1. Is CENTOS4.6+SAMBA3.0.25 as PDC +FEDORA-DS possible?
>         2. Is this  HOWTO from
> http://directory.fedoraproject.org/wiki/Howto:Samba  sufficient
> information? please suggest more
>         3. Since I tried to integrate Samba+Fedora-ds ,I am always stuck
> at this step "net groupmap add".
>             Does these command need to be done? What will happen if we
> skip them?
>             # net groupmap add rid=2512 ntgroup='Domain Admins'
> unixgroup='Domain Admins'
>             # net groupmap add rid=2513 ntgroup='Domain Users'
> unixgroup='Domain Users'
>             # net groupmap add rid=2514 ntgroup='Domain Guests'
> unixgroup='Domain Guests'
>             # net groupmap add rid=2515 ntgroup='Domain Computers'
> unixgroup='Domain Computers'
>
>             3.1 Linux won't allow me to add unix group name with space
> like Domain Admins ,can we change to DomainAdmins (no space)
>                   as I tried to add unix group DomainAdmins in linux box
> and run the command , It is failed.
>                   # net groupmap add rid=2512 ntgroup='Domain Admins'
> unixgroup='DomainAdmins'   
>  
>                 I also noticed that this somehow relates to smb.conf file
>                  Some source says:
>                 ldap admin dn = cn=Directory Manager
>                 or
>                 ldap admin dn = cn=Directory Manager,dc=mycompany,dc=com
>  
>                3.1.1 If I use this one  ldap dn = cn=Directory Manager
>                         The result of net groupmap show failed to add
> group map
>                 3.1.2 If I use this one ldap admin dn = cn=Directory
> Manager,dc=mycompany,dc=com
>                 The result of net groupmap show cannot find object
> "cn=Directory Manager,dc=mycompany,dc=com"
>             3.2 Where does the command looks for ntgroup="Domain Admins'
> to map with unixgroup=Domain Admins
>             3.3 Some source say the net group map should add type=d at
> the end of the line ,is it true?
>                    # net groupmap add rid=2512 ntgroup='Domain Admins'
> unixgroup='Domain Admins' type=d
>             4. Does this line in my smb.conf look ok? (I installed Samba
> & Fedora-ds in same machine)
>                 passdb backend = ldapsam:ldap://192.168.100.7
>
>             5. Does these line need to be included in smb.conf file?
> What will happen if we don't include them?
>                 ldap idmap suffix = ou=Users
>                 ldap passed sync = Yes
>             6. Does user add scripts need to be included in smb.conf file?
>                 How it works and when these lines are used.
>                 What will happen if we don't include them.
>
>                 # Useradd scripts
>                     add user script =
> /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-useradd -m %u
>                     delete user script =
> /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-userdel -r %u
>                     add group script =
> /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-groupadd %g
>                     delete group script =
> /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-groupdel %g
>                     add user to group script
> =/usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-groupmod
> -G %g %u
>                     add machine script =
> /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-useradd -w %u
>                     idmap uid = 15000-20000
>                     idmap gid = 15000-20000
>                     passwd program
> =/usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-passwd %u
>
>             7.  What does this command do?  Do  we have to do this with
> every users?
>                    # pdbedit -U $( net getlocalsid | sed 's/SID for
> domain YOURWORKGROUP is: //' )-500 -u Administrator -r 
>
>             8. In many HOWTO from website ,they state about PAM and NSS
> config with ldap ,do we need it ,can we skip this?
>
>             9. I hardly find the instruction on how to set up Samba as
> PDC + Fedora-ds ,please advise]
>
> Thank you and Best Regards,
> Tom
>
> ----------------------------------------------------------------------
> Finally - A spam blocker that actually works.
> http://www.bluebottle.com/tag/4
>
>

More information about the samba mailing list