[Samba] Users can't login on Samba+Ldap
ray klassen
julius_ahenobarbus at yahoo.co.uk
Mon May 11 15:13:34 GMT 2009
add
nss_base_passwd ou=Computers,dc=padl,dc=com?one
where Computers is the organizational unit where you've got machine names stored. You'll end up with 2 nss_base_passwd entries, one for users, one for computers...
________________________________
From: "dogbert at infinito.it" <dogbert at infinito.it>
To: ray klassen <julius_ahenobarbus at yahoo.co.uk>; Adam Williams <awilliam at mdah.state.ms.us>
Cc: samba at lists.samba.org
Sent: Monday, 11 May, 2009 8:08:49
Subject: Re: [Samba] Users can't login on Samba+Ldap
Is this the section that has to be configured in ldap.conf?
#nss_base_passwd ou=People,dc=padl,dc=com?one
#nss_base_shadow ou=People,dc=padl,dc=com?one
#nss_base_group ou=Group,dc=padl,dc=com?one
#nss_base_hosts ou=Hosts,dc=padl,dc=com?one
#nss_base_services ou=Services,dc=padl,dc=com?one
#nss_base_networks ou=Networks,dc=padl,dc=com?one
#nss_base_protocols ou=Protocols,dc=padl,dc=com?one
#nss_base_rpc ou=Rpc,dc=padl,dc=com?one
#nss_base_ethers ou=Ethers,dc=padl,dc=com?one
#nss_base_netmasks ou=Networks,dc=padl,dc=com?ne
#nss_base_bootparams ou=Ethers,dc=padl,dc=com?one
#nss_base_aliases ou=Aliases,dc=padl,dc=com?one
#nss_base_netgroup ou=Netgroup,dc=padl,dc=com?one
because all the directives are commented excepted the following:
base dc=DOMAIN,dc=IT
binddn cn=anonymous,dc=DOMAIN,dc=IT
bindpw xxxxxxx
ldap_version 3
nss_initgroups_ignoreusers
pam_password md5
rootbinddn cn=admin,dc=dc=DOMAIN,dc=IT
uri ldap://127.0.0.1/
> /etc/ldap.conf has to include a lookup for passwd in the ou=Computers
section or machines have to be duplicated in /etc/passwdjust find the one
for Users and add a similar one for Computers.From: "dogbert at infinito.it"
<dogbert at infinito.it>To: Adam Williams
<awilliam at mdah.state.ms.us>Cc: samba at lists.samba.orgSent: Monday, 11
May, 2009 7:35:01Subject: Re: [Samba] Users can't login on Samba+LdapYes,
this is the [GLOBAL] section of my smb.conf[global]
dos charset = 850 unix charset =
ISO8859-1 workgroup = DOMAIN.IT
server string = SERVERNAME map to
guest = Bad User passdb backend =
ldapsam:ldap://localhost/ syslog = 0
log file = /var/log/samba/%m max
log size = 100000 smb ports = 3D 139
time server = Yes deadtime =
10 socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192 printcap name = cups
> add user script = /usr/sbin/smbldap-useradd -m
"%u" delete user script =
/usr/sbin/smbldap-userdel "%u" add group script =
/usr/sbin/smbldap-groupadd -p "%g" add user to
group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u""%g" set primary group script =
/usr/sbin/smbldap-usermod -g '%g' '%u' add
machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
logon script = logon.bat logon path
= logon drive = C:
logon home = domain logons = Yes
os level = 15 preferred
> master = Yes domain master = Yes
wins support = Yes ldap admin dn =
cn=admin,dc=DOMAIN,dc=IT ldap group suffix =
ou=Groups ldap machine suffix =
ou=Computers ldap passwd sync = Yes
ldap suffix = dc=DOMAIN,dc=IT ldap
user suffix = ou=Users create mask = 0640
directory mask = 0750 nt acl
support = No case sensitive = No
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd>
> > do you have ldap machine suffix = ou=Computers> in
smb.conf?> > dogbert at infinito.it wrote:> &gt;> &gt; If I
join a workstation (directly by the workstation) it is added toldap db>
&gt; but it doesn't see the domain until I manually add an entry for it
in> &gt; /etc/passwd> &gt;> &gt; > > -- To
unsubscribe from this list go to the following URL and read
theinstructions: https://lists.samba.org/mailman/options/samba
>
>
>
>
More information about the samba
mailing list