[Samba] Samba4 AD/LDAP question

Aly Khimji aly.khimji at gmail.com
Sun Apr 3 19:47:19 MDT 2011


Hi John,
thanks for the feed back, I continued to have issues, then I realized I was
missing the library in question and after a quick google realized I had
samba/samba-winbind installed from repo but it was an older version. Samba3x
in the RHEL/Centos repo contained the proper library and authentication now
works for all users. So thank you very much.

Samba4 in domain controller mode, is the only way for a Linux client to
authenticate against it via winbind? can regular LDAP authentication not be
used? Base DN, URI, etc..?

Please advise

Thanks

Aly

On Sun, Apr 3, 2011 at 9:00 PM, Taylor, Jonn <jonnt at taylortelephone.com>wrote:

> On 04/03/2011 07:24 PM, Aly Khimji wrote:
> > Hi guys,
> >
> > First time poster so I do apologize if this question has been asked
> before.
> >
> > In a test set up we are trying to use samba4 to authenticate a small
> network
> > with Linux, Win, and OSX clients. I have successfully deployed samba4 in
> > domain controller mode, can attach windows machines to it, manage the DC
> via
> > windows tools.
> > We can also join Linux servers to the domain, however my problem is as
> > follows, When attempting to log into a Linux server, excluding local
> users,
> > the only directory user that can log in is the Administrator. Any other
> > directory user that attempts to log in gets a "No Logon Servers", however
> if
> > move that same user into the Domain Admins group they can log in with no
> > issues (yes as UID=0) as reported in /var/log/secure.
> >
> > Can someone please explain why this happens, and what step have i missed
> > that would allow regular users to log in?
> >
> In smb.conf set
> template shell = /bin/bash
> > That being said, my second question is, if it possible to have the samba4
> > server in domain controller mode, but have Linux clients authenticate via
> > ldap as appose to winbind?
> You have to use winbind or you will not get the right id mapping.
> [global]
>    workgroup =  EXAMPLE
>    realm = EXAMPLE.COM
>    security = ADS
>    password server = 192.168.173.10
>    log file = /var/log/samba/samba3.log
>    ldap ssl = no
>    idmap backend = idmap_rid:EXAMPLE=500-4000000
>    idmap uid = 500-4000000
>    idmap gid = 500-4000000
>    template homedir = /home/%U
>    template shell = /bin/bash
>    winbind enum users = Yes
>    winbind enum groups = Yes
>    winbind use default domain = Yes
>    winbind offline logon = Yes
>
> > For example, when configuring an authentication method if it would
> possible
> > to use LDAP instead of samba/winbind? I tried to configure LDAP (correct
> > base, host, uri, etc..) but when it doesn't seem to pull any info? eg id
> or
> > getent doesn't work.
> In /etc/nsswitch.conf
> passwd:     files winbind
> shadow:     files winbind
> group:      files winbind
>
> and link 2 modules, these are for a 64 bit system, if yours is not just
> remove 64 from the links
>
> ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib64/libnss_winbind.so
>
> ln -s /usr/local/samba/lib/pam_winbind.so /lib64/security/pam_winbind.so
>
> > Any pointers are greatly appreciated, I am just testing out
> > the capabilities of 4, i understand its still in Alpha but hope you guys
> > might have some experience with it.
> >
> > Thanks
> >
> > Aly
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list