[Samba] CENTOS4.6+SAMBA3.0.25+FEDORA-DS

Suphakit suphakit at bluebottle.com
Thu Mar 6 01:30:01 GMT 2008 

Thank you Mr.William, as you know I am a linux beginner ,meaning that I
am not familiar with technical terms that's why I can't get myself
understand the "howto" stuffs. The posted question is a myth to me which
I couldn't extract of out of  many instruction found from website. I'll
be appreciate if you guys can just give a simple answer to my questions
,just "yes" or "no" and simple explanation. So that I can expand reading
"HowTo" .
Thank you and Best Regards,
Tom

Adam Williams wrote:
> whoa you have so many things wrong its hard to decide even where to
> start.  read
> http://www.iallanis.info/smbldap-tools/docs/samba-ldap-howto/, and
> chapter 5 of samba 3 by example, and
> http://directory.fedoraproject.org/wiki/Howto:Samba
>
> suphakit Chamwuthipricha wrote:
>> Hi
>>          I am new to linux & Samba. I would like to setup Samba as a
>> domain controller and using Fedora-ds for authentication.
>>          I have read some documents from www.samba.org but I am still in
>> the mist.
>>
>>          Here is  my dumb questions about Samba as follows.
>>
>>         1. Is CENTOS4.6+SAMBA3.0.25 as PDC +FEDORA-DS possible?
>>         2. Is this  HOWTO from
>> http://directory.fedoraproject.org/wiki/Howto:Samba  sufficient
>> information? please suggest more
>>         3. Since I tried to integrate Samba+Fedora-ds ,I am always stuck
>> at this step "net groupmap add".
>>             Does these command need to be done? What will happen if we
>> skip them?
>>             # net groupmap add rid=2512 ntgroup='Domain Admins'
>> unixgroup='Domain Admins'
>>             # net groupmap add rid=2513 ntgroup='Domain Users'
>> unixgroup='Domain Users'
>>             # net groupmap add rid=2514 ntgroup='Domain Guests'
>> unixgroup='Domain Guests'
>>             # net groupmap add rid=2515 ntgroup='Domain Computers'
>> unixgroup='Domain Computers'
>>
>>             3.1 Linux won't allow me to add unix group name with space
>> like Domain Admins ,can we change to DomainAdmins (no space)
>>                   as I tried to add unix group DomainAdmins in linux box
>> and run the command , It is failed.
>>                   # net groupmap add rid=2512 ntgroup='Domain Admins'
>> unixgroup='DomainAdmins'    
>>                 I also noticed that this somehow relates to smb.conf
>> file
>>                  Some source says:
>>                 ldap admin dn = cn=Directory Manager
>>                 or
>>                 ldap admin dn = cn=Directory Manager,dc=mycompany,dc=com
>>  
>>                3.1.1 If I use this one  ldap dn = cn=Directory Manager
>>                         The result of net groupmap show failed to add
>> group map
>>                 3.1.2 If I use this one ldap admin dn = cn=Directory
>> Manager,dc=mycompany,dc=com
>>                 The result of net groupmap show cannot find object
>> "cn=Directory Manager,dc=mycompany,dc=com"
>>             3.2 Where does the command looks for ntgroup="Domain Admins'
>> to map with unixgroup=Domain Admins
>>             3.3 Some source say the net group map should add type=d at
>> the end of the line ,is it true?
>>                    # net groupmap add rid=2512 ntgroup='Domain Admins'
>> unixgroup='Domain Admins' type=d
>>             4. Does this line in my smb.conf look ok? (I installed Samba
>> & Fedora-ds in same machine)
>>                 passdb backend = ldapsam:ldap://192.168.100.7
>>
>>             5. Does these line need to be included in smb.conf file?
>> What will happen if we don't include them?
>>                 ldap idmap suffix = ou=Users
>>                 ldap passed sync = Yes
>>             6. Does user add scripts need to be included in smb.conf
>> file?
>>                 How it works and when these lines are used.
>>                 What will happen if we don't include them.
>>
>>                 # Useradd scripts
>>                     add user script =
>> /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-useradd
>> -m %u
>>                     delete user script =
>> /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-userdel
>> -r %u
>>                     add group script =
>> /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-groupadd
>> %g
>>                     delete group script =
>> /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-groupdel
>> %g
>>                     add user to group script
>> =/usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-groupmod
>> -G %g %u
>>                     add machine script =
>> /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-useradd
>> -w %u
>>                     idmap uid = 15000-20000
>>                     idmap gid = 15000-20000
>>                     passwd program
>> =/usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-passwd %u
>>
>>             7.  What does this command do?  Do  we have to do this with
>> every users?
>>                    # pdbedit -U $( net getlocalsid | sed 's/SID for
>> domain YOURWORKGROUP is: //' )-500 -u Administrator -r
>>             8. In many HOWTO from website ,they state about PAM and NSS
>> config with ldap ,do we need it ,can we skip this?
>>
>>             9. I hardly find the instruction on how to set up Samba as
>> PDC + Fedora-ds ,please advise]
>>
>> Thank you and Best Regards,
>> Tom
>>
>> ----------------------------------------------------------------------
>> Finally - A spam blocker that actually works.
>> http://www.bluebottle.com/tag/4
>>
>>   
>
>

----------------------------------------------------------------------
Finally - A spam blocker that actually works.
http://www.bluebottle.com/tag/4

More information about the samba mailing list