[Samba] Access and group issues on domain member server (PDC is Samba as well)
Daniel Müller
mueller at tropenklinik.de
Wed Aug 1 05:42:10 MDT 2012
Did you miss this in your members smb.conf:
passdb backend = ldapsam:ldap://192.168.249.7/
So your ldapclient is working but Samba does not now where to auth?
Your config on memberserver:
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
[global]
unix charset = LOCALE
workgroup = ATV
server string = SRVFILE1
interfaces = 192.168.249.0/24, 127.0.0.1/8
security = DOMAIN
log level = 4 ads:10 auth:10 sam:10
syslog = 0
log file = /var/log/samba/%m.log
max log size = 50
smb ports = 139
name resolve order = wins bcast hosts
unix extensions = No
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 65
wins server = 192.168.249.1
ldap admin dn = cn=Manager,dc=at-visions,dc=com
ldap group suffix = ou=Groups,o=default
ldap idmap suffix = ou=Idmap,ou=Samba,ou=System
ldap machine suffix = ou=Computers,ou=Samba,ou=System
ldap suffix = dc=at-visions,dc=com
ldap ssl = no
ldap user suffix = ou=Users,o=default
case sensitive = No
veto files = /.*/
hide files = /.*/
locking = No
wide links = Yes
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
A hint, to make your samba a full featured wins-server( even in replication
with w2008) there is samba4wins: http://ftp.sernet.de/pub/samba4WINS/
-----------------------------------------------
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Ursprüngliche Nachricht-----
Von: Philipp Felix Hoefler [mailto:ph at at-visions.com]
Gesendet: Mittwoch, 1. August 2012 13:30
An: mueller at tropenklinik.de
Cc: samba at lists.samba.org
Betreff: Re: AW: [Samba] Access and group issues on domain member server
(PDC is Samba as well)
Hi Daniel,
thank you for you response.
[root at srvfile1 home]# id phoefler
uid=1663(phoefler) gid=1105(VISIONS) groups=1105(VISIONS),512(Domain
Admins),513(Domain Users),1103(IT),1069(Marketing),1079(TimeSheetReports)
This is working correctly. Also all other linux <-> LDAP stuff is working
without any problems.
Only Samba seems to be "unhappy" :(
best regards,
philipp
On 8/1/12 1:22 PM, Daniel Müller wrote:
> try : id youruser.ldap on the memberserver,
> ex.:
>
> [root at tuepdc ~]# id tester
> uid=1010(tester) gid=513(Domain Users) Gruppen=513(Domain
> Users),2154(orbis),34709(Dienstplan),61092(HS3),47140(DIFAEM),17162(ag
> fa),29
> 998(OpenHearts),26630(Personal),27525(pflege),19307(agaterm),46212(Ter
> minalS
> erver User)
>
> Should id not work there is something wrong.
> Maybe your ldapclient is not working properly.
>
More information about the samba
mailing list