[Samba] Samba 3 member server connected to Samba 4 DC (using nslcd)

Chris Alavoine chrisa at acs-info.co.uk
Tue Jul 9 06:58:10 MDT 2013 

Update.

Have tried creating an Ubuntu 12.04 domain member fileserver following
these docs here:

https://wiki.samba.org/index.php/Samba4/Domain_Member

With some minor package name changes all seems to work ok... except when I
create a share the permissions appear to be being read from the *nix side.
I'm seeing this:

Everyone
root (Unix User\root)
root (Unix Group\root)

Which looks very much like the posix perms on the member server.

If I try and add my own permissions from the DC I get "Access Denied" when
applying the security changes.

Has anyone encountered this before?

Thanks,
Chris.







On 9 July 2013 11:37, Chris Alavoine <chrisa at acs-info.co.uk> wrote:

> Hi Daniel,
>
> This is what I have so far:
>
> - /etc/nslcd.conf should look like this:
>
>  # /etc/nslcd.conf
>
> # nslcd configuration file. See nslcd.conf(5)
>
> # for details.
>
> # The user and group nslcd should run as.
>
> uid nslcd
>
> gid nslcd
>
> # The location at which the LDAP server(s) should be reachable.
>
> uri ldap://10.30.54.2
>
> # The search base that will be used for all queries.
>
> base dc=test,dc=internal,dc=com
>
>  binddn cn=nslcd-service,cn=Users,dc=essence,dc=internal,dc=com
>
> bindpw XXXXXX (commented out!)
>
> pagesize 1000
> referrals off
>
> # users
>
> map passwd uid sAMAccountName
>
> map passwd gidNumber primaryGroupID
>
> map passwd homeDirectory unixHomeDirectory
>
> # groups
>
> map group cn sAMAccountName
>
> map    group  uniqueMember     member
>
>
>
>
> - Add this to top of /etc/pam.d/common-sessions:
>
> session     required      pam_mkhomedir.so skel=/etc/skel umask=0022
>
>
> - I also needed to remove nscd otherwise groups were not being updated
> correctly:
>
> apt-get remove nscd
>
>
> This works fine for the *nix side of things, am having further
> difficulties getting the Samba side to work. So much so, that I'm
> considering building a new Samba member server from scratch using Samba 4
> instead of 3.
>
> Thanks,
> Chris.
>
>
>
>
> On 9 July 2013 11:30, Daniel Müller <mueller at tropenklinik.de> wrote:
>
>> How about post your nslcd-config? This would be a great help for other
>> users.
>>
>> Greetings
>> Daniel
>>
>> -----------------------------------------------
>> EDV Daniel Müller
>>
>> Leitung EDV
>> Tropenklinik Paul-Lechler-Krankenhaus
>> Paul-Lechler-Str. 24
>> 72076 Tübingen
>>
>> Tel.: 07071/206-463, Fax: 07071/206-499
>> eMail: mueller at tropenklinik.de
>> Internet: www.tropenklinik.de
>> -----------------------------------------------
>> -----Ursprüngliche Nachricht-----
>> Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
>> Im
>> Auftrag von Chris Alavoine
>> Gesendet: Montag, 8. Juli 2013 19:13
>> An: Marc Muehlfeld
>> Cc: samba at lists.samba.org
>> Betreff: Re: [Samba] Samba 3 member server connected to Samba 4 DC (using
>> nslcd)
>>
>> Hi Marc,
>>
>> I've had many many problems with Winbind and after a few weeks of
>> dead-ends
>> I decided to switch to nslcd and everything started working very nicely,
>> so
>> I haven't looked back.
>>
>> I've just had a major success on getting getent passwd to work by adding
>> this to my nslcd.conf:
>>
>> # users
>> map passwd uid sAMAccountName
>> map passwd gidNumber primaryGroupID
>> map passwd homeDirectory unixHomeDirectory
>>
>> # groups
>> map group cn sAMAccountName
>> map    group  uniqueMember     member
>>
>> This now lets me see all users and groups via getent. Just doing some more
>> testing now, but I think this may be fixed.
>>
>> Typical, you spend all day on something, finally decided to post on samba
>> lists and then fix it 5 mins later :)
>>
>> Thanks for the swift reply though!
>>
>> Cheers,
>> c:)
>>
>>
>>
>>
>>
>> On 8 July 2013 18:05, Marc Muehlfeld <samba at marc-muehlfeld.de> wrote:
>>
>> > Hello Chris,
>> >
>> > Am 08.07.2013 18:54, schrieb Chris Alavoine:
>> >
>> >  My problem is that I have a Samba 3 member server (fileserver) that
>> > I'm
>> >> trying to get to get work in this scenario. I've installed nslcd and
>> >> am using the following conf file:
>> >>
>> >
>> > Why don't you use winbind on your member server?
>> > http://wiki.samba.org/index.**php/Samba4/Domain_Member<http://wiki.sam
>> > ba.org/index.php/Samba4/Domain_Member>
>> >
>> >
>> >
>> >
>> >
>> >
>> >  If I then do a "getent group" I get success and can see all the
>> > groups,
>> >> however "getent passwd" fails and I see this in the logs:
>> >>
>> >> Jul  8 17:51:46 test-fs-001 nslcd[4587]: [8e1f29] passwd entry
>> >> CN=ice,CN=Users,DC=test,DC=**internal,DC=com does not contain uid
>> >> value
>> >>
>> >
>> > Does this account have an "uid" attribute in AD?
>> >
>> >
>> >
>> > Regards,
>> > Marc
>> >
>>
>>
>>
>> --
>> ACS (Alavoine Computer Services Ltd)
>> Chris Alavoine
>> mob +44 (0)7724 710 730
>> www.alavoinecs.co.uk
>> http://twitter.com/#!/alavoinecs
>> http://www.linkedin.com/pub/chris-alavoine/39/606/192
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>
>
> --
> ACS (Alavoine Computer Services Ltd)
> Chris Alavoine
> mob +44 (0)7724 710 730
> www.alavoinecs.co.uk
> http://twitter.com/#!/alavoinecs
> http://www.linkedin.com/pub/chris-alavoine/39/606/192
>



-- 
ACS (Alavoine Computer Services Ltd)
Chris Alavoine
mob +44 (0)7724 710 730
www.alavoinecs.co.uk
http://twitter.com/#!/alavoinecs
http://www.linkedin.com/pub/chris-alavoine/39/606/192

More information about the samba mailing list