[Samba] Samba4 AD/LDAP question

Taylor, Jonn jonnt at taylortelephone.com
Sun Apr 3 19:00:25 MDT 2011

On 04/03/2011 07:24 PM, Aly Khimji wrote:
> Hi guys,
> First time poster so I do apologize if this question has been asked before.
> In a test set up we are trying to use samba4 to authenticate a small network
> with Linux, Win, and OSX clients. I have successfully deployed samba4 in
> domain controller mode, can attach windows machines to it, manage the DC via
> windows tools.
> We can also join Linux servers to the domain, however my problem is as
> follows, When attempting to log into a Linux server, excluding local users,
> the only directory user that can log in is the Administrator. Any other
> directory user that attempts to log in gets a "No Logon Servers", however if
> move that same user into the Domain Admins group they can log in with no
> issues (yes as UID=0) as reported in /var/log/secure.
> Can someone please explain why this happens, and what step have i missed
> that would allow regular users to log in?
In smb.conf set
template shell = /bin/bash
> That being said, my second question is, if it possible to have the samba4
> server in domain controller mode, but have Linux clients authenticate via
> ldap as appose to winbind?
You have to use winbind or you will not get the right id mapping.
    workgroup =  EXAMPLE
    realm = EXAMPLE.COM
    security = ADS
    password server =
    log file = /var/log/samba/samba3.log
    ldap ssl = no
    idmap backend = idmap_rid:EXAMPLE=500-4000000
    idmap uid = 500-4000000
    idmap gid = 500-4000000
    template homedir = /home/%U
    template shell = /bin/bash
    winbind enum users = Yes
    winbind enum groups = Yes
    winbind use default domain = Yes
    winbind offline logon = Yes

> For example, when configuring an authentication method if it would possible
> to use LDAP instead of samba/winbind? I tried to configure LDAP (correct
> base, host, uri, etc..) but when it doesn't seem to pull any info? eg id or
> getent doesn't work.
In /etc/nsswitch.conf
passwd:     files winbind
shadow:     files winbind
group:      files winbind

and link 2 modules, these are for a 64 bit system, if yours is not just
remove 64 from the links

ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib64/libnss_winbind.so

ln -s /usr/local/samba/lib/pam_winbind.so /lib64/security/pam_winbind.so

> Any pointers are greatly appreciated, I am just testing out
> the capabilities of 4, i understand its still in Alpha but hope you guys
> might have some experience with it.
> Thanks
> Aly

More information about the samba mailing list