[Samba] CENTOS4.6+SAMBA3.0.25+FEDORA-DS
Suphakit
suphakit at bluebottle.com
Thu Mar 6 02:49:30 GMT 2008
Thank you very much Mr.Lovenberg for the item number1 at least I am
clearer about the version. If you have time please kindly answers the
other questions,no rush. Although I am a newbie to Linux but I don't
fear to climb the steep learning curve. I understand that this is kinda
jump start for me. As your suggestion to take a builtin password for the
authentication. I have made success with basic setup for Fedora core 7 +
Samba 3.0.28fc7 with builtin password and user files. I was able to join
Linux domain with WindowsXp and Windows2000 machine That's why I would
like to take further step to the Ldap authentication. I understand that
this'll be tough for me. I would like to have a feeling of the setup
this system myself whether it will suit our environment before hiring a
consultant.
Thank you and Best Regards,
tom
Scott Lovenberg wrote:
> Tom,
> As for item 1: This is possible, however, CentOS-4.6 ships with
> samba-3.0.12(ish... it's an older build with Red Hat's blessed
> patches), for a Samba 3.0.25, you'll want to use CentOS-5.1, I
> believe. You can use a never samba than the shipped version, but as a
> Linux newbie, I wouldn't recommend it unless you feel very comfortable
> at a command line. I've had a good deal of trouble with Fedora-DS,
> but I was building from source, YMMV. I'm sure it's a great software
> package, but I had to fight with it a bit.
>
> On a side note, are you locked in to using CentOS and Fedora DS, and
> having separate authentication, or can you "take baby steps" using the
> builtin password and user files? You are taking on a great amount of
> work and introducing yourself to a very steep learning curve with your
> proposed setup. And, being new to Linux at the same time will only
> compound this. I'm not trying to discourage you, quite the contrary,
> I just think that trying to get right up to this level of server and
> service sophistication might leave you with a very long uphill battle
> ahead if you choose to take it head on like this.
>
>
>> Adam Williams wrote:
>>
>>> whoa you have so many things wrong its hard to decide even where to
>>> start. read
>>> http://www.iallanis.info/smbldap-tools/docs/samba-ldap-howto/, and
>>> chapter 5 of samba 3 by example, and
>>> http://directory.fedoraproject.org/wiki/Howto:Samba
>>>
>>> suphakit Chamwuthipricha wrote:
>>>
>>>> Hi
>>>> I am new to linux & Samba. I would like to setup Samba as a
>>>> domain controller and using Fedora-ds for authentication.
>>>> I have read some documents from www.samba.org but I am still in
>>>> the mist.
>>>>
>>>> Here is my dumb questions about Samba as follows.
>>>>
>>>> 1. Is CENTOS4.6+SAMBA3.0.25 as PDC +FEDORA-DS possible?
>>>> 2. Is this HOWTO from
>>>> http://directory.fedoraproject.org/wiki/Howto:Samba sufficient
>>>> information? please suggest more
>>>> 3. Since I tried to integrate Samba+Fedora-ds ,I am always stuck
>>>> at this step "net groupmap add".
>>>> Does these command need to be done? What will happen if we
>>>> skip them?
>>>> # net groupmap add rid=2512 ntgroup='Domain Admins'
>>>> unixgroup='Domain Admins'
>>>> # net groupmap add rid=2513 ntgroup='Domain Users'
>>>> unixgroup='Domain Users'
>>>> # net groupmap add rid=2514 ntgroup='Domain Guests'
>>>> unixgroup='Domain Guests'
>>>> # net groupmap add rid=2515 ntgroup='Domain Computers'
>>>> unixgroup='Domain Computers'
>>>>
>>>> 3.1 Linux won't allow me to add unix group name with space
>>>> like Domain Admins ,can we change to DomainAdmins (no space)
>>>> as I tried to add unix group DomainAdmins in linux box
>>>> and run the command , It is failed.
>>>> # net groupmap add rid=2512 ntgroup='Domain Admins'
>>>> unixgroup='DomainAdmins'
>>>> I also noticed that this somehow relates to smb.conf
>>>> file
>>>> Some source says:
>>>> ldap admin dn = cn=Directory Manager
>>>> or
>>>> ldap admin dn = cn=Directory Manager,dc=mycompany,dc=com
>>>>
>>>> 3.1.1 If I use this one ldap dn = cn=Directory Manager
>>>> The result of net groupmap show failed to add
>>>> group map
>>>> 3.1.2 If I use this one ldap admin dn = cn=Directory
>>>> Manager,dc=mycompany,dc=com
>>>> The result of net groupmap show cannot find object
>>>> "cn=Directory Manager,dc=mycompany,dc=com"
>>>> 3.2 Where does the command looks for ntgroup="Domain Admins'
>>>> to map with unixgroup=Domain Admins
>>>> 3.3 Some source say the net group map should add type=d at
>>>> the end of the line ,is it true?
>>>> # net groupmap add rid=2512 ntgroup='Domain Admins'
>>>> unixgroup='Domain Admins' type=d
>>>> 4. Does this line in my smb.conf look ok? (I installed Samba
>>>> & Fedora-ds in same machine)
>>>> passdb backend = ldapsam:ldap://192.168.100.7
>>>>
>>>> 5. Does these line need to be included in smb.conf file?
>>>> What will happen if we don't include them?
>>>> ldap idmap suffix = ou=Users
>>>> ldap passed sync = Yes
>>>> 6. Does user add scripts need to be included in smb.conf
>>>> file?
>>>> How it works and when these lines are used.
>>>> What will happen if we don't include them.
>>>>
>>>> # Useradd scripts
>>>> add user script =
>>>> /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-useradd
>>>> -m %u
>>>> delete user script =
>>>> /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-userdel
>>>> -r %u
>>>> add group script =
>>>> /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-groupadd
>>>> %g
>>>> delete group script =
>>>> /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-groupdel
>>>> %g
>>>> add user to group script
>>>> =/usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-groupmod
>>>> -G %g %u
>>>> add machine script =
>>>> /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-useradd
>>>> -w %u
>>>> idmap uid = 15000-20000
>>>> idmap gid = 15000-20000
>>>> passwd program
>>>> =/usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-passwd %u
>>>>
>>>> 7. What does this command do? Do we have to do this with
>>>> every users?
>>>> # pdbedit -U $( net getlocalsid | sed 's/SID for
>>>> domain YOURWORKGROUP is: //' )-500 -u Administrator -r
>>>> 8. In many HOWTO from website ,they state about PAM and NSS
>>>> config with ldap ,do we need it ,can we skip this?
>>>>
>>>> 9. I hardly find the instruction on how to set up Samba as
>>>> PDC + Fedora-ds ,please advise]
>>>>
>>>> Thank you and Best Regards,
>>>> Tom
>>>>
>>>> ----------------------------------------------------------------------
>>>> Finally - A spam blocker that actually works.
>>>> http://www.bluebottle.com/tag/4
>>>>
>>>>
>>>>
>>>
>>
>> ----------------------------------------------------------------------
>> Finally - A spam blocker that actually works.
>> http://www.bluebottle.com/tag/4
>>
>>
>
----------------------------------------------------------------------
Get a free email account with anti spam protection.
http://www.bluebottle.com/tag/2
More information about the samba
mailing list