[Samba] Question about remote users and groups management
Ignacio Barrancos
ignacio.barrancos at gmail.com
Mon Aug 31 15:17:32 MDT 2009
Hi all,
I have a RHEL5-update 3 x86_64 system, and I installed Samba 3.2.14-40
(from http://ftp.sernet.com/pub/samba/tested/rhel/5/x86_64/ ). I'm
using OpenLDAP ( 2.3.43-3.el5 ,comes with RHEL5u3) as backend for
winbind+samba in my PDC. With samba-3.0.33 that comes with RHEL5u3, i
dont get that "eventlogadm" works how explain in
http://wiki.samba.org/index.php/Event_Logging: For this reason I
upgraded samba to 3.2.14-40.
And now, all works fine.
I have read http://wiki.samba.org/index.php/Ldapsam_Editposix and i
noticed the last section: "Managing your DB". Then, I have read
"Oreilly, Using Samba 3rd". In the 9th chapter (
http://book.opensourceproject.org.cn/sysadmin/samba/sambao3rd/opensource/0596007698/samba3-chp-9-sect-7.html
), section 7th, i can see tree figures: 9-14, 9-17 and 9-19, are shown
compmgmt.msc from a workstation Windows XP/2k3, connected remotely to
SLES9 computer (linux with samba3), and it shows the "Users and Groups
Management".
And ... here's my question: this should works in a PDC Samba 3.2 that
uses as backend LDAP+winbind? ... because I can't get works.
- From the console of Windows XP can create users and groups in my
domain, using NET USER/GROUP command perfectly.
- From Windows NT4SP6 can also create users and groups with user
management, as stated at chapter 9.2
(http://book.opensourceproject.org.cn/sysadmin/samba/sambao3rd/opensource/0596007698/samba3-chp-9-sect-2.html)
- From Windows 2003, when i run dsa.msc and try to connect to my PDC,
It can't connect to domain pre-windows 2000, which I expected, because
it seems that is a feature in Samba4.
... and I'm confused because i don't know if samba3.2 should work or
not, as shows these figures.
Here I show my samba configuration file for my PDC:
-----------8<----smb.conf-----8<--------------
# "Using samba 3", chapter 9.2
#
[global]
netbios name = DRAW
workgroup = OP.CARM.ES
security = user
encrypt passwords = yes
## Enable as PDC
domain master = yes
domain logons = yes
## Configure as master-browser
## See chapter 8.2.4, table 8.3
os level = 35
; os level = 34 ## For BDCs
preferred master = yes
local master = yes
## Enable management for Domain Admins
enable privileges = yes
## Wins configuration (enabled)
## See chapter 8, "Using Samba"
wins support = yes
; wins hook = /usr/local/bin/dns_update
## See 8.2.6 from the book
; remote browse sync = 147.84.32.76 147.84.32.77
## Default profile in logon
logon path =
; logon script = prueba.bat
; logon drive = Y:
## Some configurations
## /usr/share/doc/samba-3.0.33/Samba3-ByExample.pdf
## page 123
debug level = 1
log file = /var/log/samba/%m.log
max log size = 500
time server = yes
time offset = 60
load printers = no
printcap name = CUPS
socket options = SO_KEEPALIVE TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
## More Options
enhanced browsing = yes
; use spnego = yes
; client use spnego = yes
; client signing = auto
; server signing = auto
## Options proposed in
## http://wiki.samba.org/index.php/Ldapsam_Editposix
passdb backend = ldapsam
ldapsam:trusted=yes
ldapsam:editposix=yes
ldap admin dn = cn=admin,ou=op,o=carm,c=es
ldap delete dn = yes
ldap ssl = off
ldap idmap suffix = ou=idmap
ldap suffix = ou=domains,ou=op,o=carm,c=es
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap user suffix = ou=users
## I have commented this block, because winbind says
## WARNING: idmap backend and idmap domains are mutually exclusive!
##
# idmap domains = OP.CARM.ES
# idmap config OP.CARM.ES:backend = ldap
# idmap config OP.CARM.ES:readonly = no
# idmap config OP.CARM.ES:default = yes
# idmap config OP.CARM.ES:ldap_base_dn =
ou=idmap,ou=domains,ou=op,o=carm,c=es
# idmap config OP.CARM.ES:ldap_user_dn = cn=admin,ou=op,o=carm,c=es
# idmap config OP.CARM.ES:ldap_url = ldap://localhost
# idmap config OP.CARM.ES:range = 10000-20000
idmap alloc backend = ldap
idmap alloc config:ldap_base_dn = ou=idmap,ou=domains,ou=op,o=carm,c=es
idmap alloc config:ldap_user_dn = cn=admin,ou=op,o=carm,c=es
idmap alloc config:ldap_url = ldap://localhost
idmap alloc config:range = 10000-20000
## View RedHat Kbase:
## http://kbase.redhat.com/faq/docs/DOC-4844
## http://kbase.redhat.com/faq/docs/DOC-4822
winbind separator = +
winbind use default domain = no
winbind enum users = yes
winbind enum groups = yes
## From Orelly book, 10.5.2
winbind nested groups = yes
## Orelly book Cap 9.7.2
svcctl list = cups crond httpd syslog
## Orelly book Cap 9.7.3
## http://wiki.samba.org/index.php/Event_Logging
eventlog list = application system security syslog
[ netlogon ]
comment = Scripts de inicio de sesion
path = /var/lib/samba/netlogon
guest ok = yes
locking = no
writable = no
share modes = no
browseable = yes
-----------8<----smb.conf-----8<--------------
thanks for all in advance,
greetings,
Ignacio Barrancos.
More information about the samba
mailing list