[Samba] Samba4 binding LDAP Server
steve
steve at steve-ss.com
Sun Jun 1 16:10:57 MDT 2014
On Sun, 2014-06-01 at 21:43 +0100, Rowland Penny wrote:
> On 01/06/14 20:29, Marc Muehlfeld wrote:
> > Am 01.06.2014 18:11, schrieb Danilo Mussolini:
> >> * Samba Version?
> >> 4.1.7
> >>
> >> * Self compiled / Package (from where) / ...?
> >> Self compiled
> >>
> >> * Do you use Winbind or how you get the domain users from your LDAP server?
> >> I don't use winbindd. Here are the LDAP settings:
> >> passdb backend = ldapsam:"ldap://192.168.8.9 ldap://192.168.8.7"
> >> ldap suffix = dc=o2pos,dc=com
> >> ldap user suffix = ou=people
> >> ldap group suffix = ou=groups
> >> ldap machine suffix = ou=Computers
> >> ldap idmap suffix = ou=Idmap
> >> ldap admin dn = cn=admin,dc=o2pos,dc=com
> >> ldap ssl = no
> >> name resolve order = lmhosts host wins bcast
> >> security = user
> >>
> >> * Please show the ACLs on the folder.
> >> I don't use ACL because the filesystem (ZFS) still doesn't support that on
> >> Linux.
> >> Here is an example of the shared folder permissions:
> >> drwxrwsr-x 4 o2pos o2pos 6 May 29 20:08 Publicidade
> >>
> >> * Your complete smb.conf would be helpful to.
> >> There you go:
> >>
> >> [global]
> >>> server string = Samba Server Version %v
> >>>
> >>> netbios name = o2pos
> >>>
> >>> log file = /var/log/samba/log.%m
> >>>
> >>> max log size = 50
> >>>
> >>> log level = 5
> >>>
> >>> load printers = no
> >>>
> >>> cups options = raw
> >>>
> >>>
> >>>
> >>> passdb backend = ldapsam:"ldap://192.168.8.9 ldap://192.168.8.7"
> >>>
> >>> ldap suffix = dc=o2pos,dc=com
> >>>
> >>> ldap user suffix = ou=people
> >>>
> >>> ldap group suffix = ou=groups
> >>>
> >>> ldap machine suffix = ou=Computers
> >>>
> >>> ldap idmap suffix = ou=Idmap
> >>>
> >>> ldap admin dn = cn=admin,dc=o2pos,dc=com
> >>>
> >>> ldap ssl = no
> >>>
> >>> name resolve order = lmhosts host wins bcast
> >>>
> >>> security = user
> >>>
> >>>
> >>> [Publicidade]
> >>>
> >>> comment = Publicidade
> >>>
> >>> path = /Storage/Publicidade
> >>>
> >>> read only = no
> >>>
> >>>
> >>> [Test]
> >>>
> >>> comment = test
> >>>
> >>> path = /u01
> >>>
> >>> read only = no
> >>>
> >>>
> >> I have a mixed environment involving MacOS, Windows and Linux clients. So I
> >> don't need to administer the permissions from Windows. The important to me
> >> is the group owner, so the users in this group will have permissions to
> >> write in this share, and this will be so in the subfolders and files. There
> >> is no need to custom or change permissions in the share.
> >
> > Could it be possible that this is a standalone server or a PDC and not a
> > Member Server (the config doesn't look like a Member Server).
> I agree this is not a member server, it also not a PDC, no domain lines!
> it can only be a standalone server.
> The OP probably calls it a member server, but it isn't, well not in my
> opinion.
>
> Rowland
So it must be E, none of the above. Our money is on: 'computer of some
sort'. How did we do?!
>
> >
> > I sadly have no PDC with openLDAP backend in my test environment here
> > and run a standalone with LDAP backend. So I can't give your config a
> > short try. Sorry.
> >
> >
> > The following is a working share configuration from my production
> > (4.1.7, AD Member Server, that uses only Linux ACLs):
> > [packages]
> > path = /srv/samba/Packages
> > browsable = no
> > force create mode = 0664
> > force directory mode = 2775
> > guest ok = no
> > valid users = +MUC\packages
> > invalid users =
> > wide links = yes
> >
> >
> >
> >
> >
> > Regards,
> > Marc
>
More information about the samba
mailing list