[Samba] Samba4 AD/LDAP question
aly.khimji at gmail.com
Sun Apr 3 19:47:19 MDT 2011
thanks for the feed back, I continued to have issues, then I realized I was
missing the library in question and after a quick google realized I had
samba/samba-winbind installed from repo but it was an older version. Samba3x
in the RHEL/Centos repo contained the proper library and authentication now
works for all users. So thank you very much.
Samba4 in domain controller mode, is the only way for a Linux client to
authenticate against it via winbind? can regular LDAP authentication not be
used? Base DN, URI, etc..?
On Sun, Apr 3, 2011 at 9:00 PM, Taylor, Jonn <jonnt at taylortelephone.com>wrote:
> On 04/03/2011 07:24 PM, Aly Khimji wrote:
> > Hi guys,
> > First time poster so I do apologize if this question has been asked
> > In a test set up we are trying to use samba4 to authenticate a small
> > with Linux, Win, and OSX clients. I have successfully deployed samba4 in
> > domain controller mode, can attach windows machines to it, manage the DC
> > windows tools.
> > We can also join Linux servers to the domain, however my problem is as
> > follows, When attempting to log into a Linux server, excluding local
> > the only directory user that can log in is the Administrator. Any other
> > directory user that attempts to log in gets a "No Logon Servers", however
> > move that same user into the Domain Admins group they can log in with no
> > issues (yes as UID=0) as reported in /var/log/secure.
> > Can someone please explain why this happens, and what step have i missed
> > that would allow regular users to log in?
> In smb.conf set
> template shell = /bin/bash
> > That being said, my second question is, if it possible to have the samba4
> > server in domain controller mode, but have Linux clients authenticate via
> > ldap as appose to winbind?
> You have to use winbind or you will not get the right id mapping.
> workgroup = EXAMPLE
> realm = EXAMPLE.COM
> security = ADS
> password server = 192.168.173.10
> log file = /var/log/samba/samba3.log
> ldap ssl = no
> idmap backend = idmap_rid:EXAMPLE=500-4000000
> idmap uid = 500-4000000
> idmap gid = 500-4000000
> template homedir = /home/%U
> template shell = /bin/bash
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> winbind offline logon = Yes
> > For example, when configuring an authentication method if it would
> > to use LDAP instead of samba/winbind? I tried to configure LDAP (correct
> > base, host, uri, etc..) but when it doesn't seem to pull any info? eg id
> > getent doesn't work.
> In /etc/nsswitch.conf
> passwd: files winbind
> shadow: files winbind
> group: files winbind
> and link 2 modules, these are for a 64 bit system, if yours is not just
> remove 64 from the links
> ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib64/libnss_winbind.so
> ln -s /usr/local/samba/lib/pam_winbind.so /lib64/security/pam_winbind.so
> > Any pointers are greatly appreciated, I am just testing out
> > the capabilities of 4, i understand its still in Alpha but hope you guys
> > might have some experience with it.
> > Thanks
> > Aly
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba