[Samba] CENTOS4.6+SAMBA3.0.25+FEDORA-DS
Scott Lovenberg
scott.lovenberg at gmail.com
Thu Mar 6 01:55:50 GMT 2008
Suphakit wrote:
> Thank you Mr.William, as you know I am a linux beginner ,meaning that I
> am not familiar with technical terms that's why I can't get myself
> understand the "howto" stuffs. The posted question is a myth to me which
> I couldn't extract of out of many instruction found from website. I'll
> be appreciate if you guys can just give a simple answer to my questions
> ,just "yes" or "no" and simple explanation. So that I can expand reading
> "HowTo" .
> Thank you and Best Regards,
> Tom
>
>
Tom,
As for item 1: This is possible, however, CentOS-4.6 ships with
samba-3.0.12(ish... it's an older build with Red Hat's blessed patches),
for a Samba 3.0.25, you'll want to use CentOS-5.1, I believe. You can
use a never samba than the shipped version, but as a Linux newbie, I
wouldn't recommend it unless you feel very comfortable at a command
line. I've had a good deal of trouble with Fedora-DS, but I was
building from source, YMMV. I'm sure it's a great software package, but
I had to fight with it a bit.
On a side note, are you locked in to using CentOS and Fedora DS, and
having separate authentication, or can you "take baby steps" using the
builtin password and user files? You are taking on a great amount of
work and introducing yourself to a very steep learning curve with your
proposed setup. And, being new to Linux at the same time will only
compound this. I'm not trying to discourage you, quite the contrary, I
just think that trying to get right up to this level of server and
service sophistication might leave you with a very long uphill battle
ahead if you choose to take it head on like this.
> Adam Williams wrote:
>
>> whoa you have so many things wrong its hard to decide even where to
>> start. read
>> http://www.iallanis.info/smbldap-tools/docs/samba-ldap-howto/, and
>> chapter 5 of samba 3 by example, and
>> http://directory.fedoraproject.org/wiki/Howto:Samba
>>
>> suphakit Chamwuthipricha wrote:
>>
>>> Hi
>>> I am new to linux & Samba. I would like to setup Samba as a
>>> domain controller and using Fedora-ds for authentication.
>>> I have read some documents from www.samba.org but I am still in
>>> the mist.
>>>
>>> Here is my dumb questions about Samba as follows.
>>>
>>> 1. Is CENTOS4.6+SAMBA3.0.25 as PDC +FEDORA-DS possible?
>>> 2. Is this HOWTO from
>>> http://directory.fedoraproject.org/wiki/Howto:Samba sufficient
>>> information? please suggest more
>>> 3. Since I tried to integrate Samba+Fedora-ds ,I am always stuck
>>> at this step "net groupmap add".
>>> Does these command need to be done? What will happen if we
>>> skip them?
>>> # net groupmap add rid=2512 ntgroup='Domain Admins'
>>> unixgroup='Domain Admins'
>>> # net groupmap add rid=2513 ntgroup='Domain Users'
>>> unixgroup='Domain Users'
>>> # net groupmap add rid=2514 ntgroup='Domain Guests'
>>> unixgroup='Domain Guests'
>>> # net groupmap add rid=2515 ntgroup='Domain Computers'
>>> unixgroup='Domain Computers'
>>>
>>> 3.1 Linux won't allow me to add unix group name with space
>>> like Domain Admins ,can we change to DomainAdmins (no space)
>>> as I tried to add unix group DomainAdmins in linux box
>>> and run the command , It is failed.
>>> # net groupmap add rid=2512 ntgroup='Domain Admins'
>>> unixgroup='DomainAdmins'
>>> I also noticed that this somehow relates to smb.conf
>>> file
>>> Some source says:
>>> ldap admin dn = cn=Directory Manager
>>> or
>>> ldap admin dn = cn=Directory Manager,dc=mycompany,dc=com
>>>
>>> 3.1.1 If I use this one ldap dn = cn=Directory Manager
>>> The result of net groupmap show failed to add
>>> group map
>>> 3.1.2 If I use this one ldap admin dn = cn=Directory
>>> Manager,dc=mycompany,dc=com
>>> The result of net groupmap show cannot find object
>>> "cn=Directory Manager,dc=mycompany,dc=com"
>>> 3.2 Where does the command looks for ntgroup="Domain Admins'
>>> to map with unixgroup=Domain Admins
>>> 3.3 Some source say the net group map should add type=d at
>>> the end of the line ,is it true?
>>> # net groupmap add rid=2512 ntgroup='Domain Admins'
>>> unixgroup='Domain Admins' type=d
>>> 4. Does this line in my smb.conf look ok? (I installed Samba
>>> & Fedora-ds in same machine)
>>> passdb backend = ldapsam:ldap://192.168.100.7
>>>
>>> 5. Does these line need to be included in smb.conf file?
>>> What will happen if we don't include them?
>>> ldap idmap suffix = ou=Users
>>> ldap passed sync = Yes
>>> 6. Does user add scripts need to be included in smb.conf
>>> file?
>>> How it works and when these lines are used.
>>> What will happen if we don't include them.
>>>
>>> # Useradd scripts
>>> add user script =
>>> /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-useradd
>>> -m %u
>>> delete user script =
>>> /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-userdel
>>> -r %u
>>> add group script =
>>> /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-groupadd
>>> %g
>>> delete group script =
>>> /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-groupdel
>>> %g
>>> add user to group script
>>> =/usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-groupmod
>>> -G %g %u
>>> add machine script =
>>> /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-useradd
>>> -w %u
>>> idmap uid = 15000-20000
>>> idmap gid = 15000-20000
>>> passwd program
>>> =/usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-passwd %u
>>>
>>> 7. What does this command do? Do we have to do this with
>>> every users?
>>> # pdbedit -U $( net getlocalsid | sed 's/SID for
>>> domain YOURWORKGROUP is: //' )-500 -u Administrator -r
>>> 8. In many HOWTO from website ,they state about PAM and NSS
>>> config with ldap ,do we need it ,can we skip this?
>>>
>>> 9. I hardly find the instruction on how to set up Samba as
>>> PDC + Fedora-ds ,please advise]
>>>
>>> Thank you and Best Regards,
>>> Tom
>>>
>>> ----------------------------------------------------------------------
>>> Finally - A spam blocker that actually works.
>>> http://www.bluebottle.com/tag/4
>>>
>>>
>>>
>>
>
> ----------------------------------------------------------------------
> Finally - A spam blocker that actually works.
> http://www.bluebottle.com/tag/4
>
>
More information about the samba
mailing list