[Samba] NSLCD works, do I need RFC2307 extensions enabled in AD as well?
rowlandpenny at googlemail.com
Mon Apr 20 11:29:57 MDT 2015
On 20/04/15 17:45, john wrote:
> Is this wheezy ? if so, it might be an idea to use backports, this
> will get you 4.1.17 which is still in development, 3.6 is now EOL
OK, I understand a bit better where your problems lie. I would still use
backports, supported code is (hopefully) better code :-)
> I'd be willing to do that if it got me support for UPN names (see below)
> I installed NSLCD to allow users in AD to authenticate against
> my linux
> server per
> Why use nlscd ? why not use winbind, see:
> My impression from this thread
> is that Winbind doesn't support UPN names. This was my lame-brain
> attempt to "work around" that issue.
I use winbind and using the UPN seems to work for smbclient:
smbclient \\\\xp.example.com\\shared -Urowland at example.com
Enter rowland at example.com's password:
Domain=[EXAMPLE] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]
Is this the way you mean ?
> getent passwd and getent group returns domain users with UID
> mappings like:
> tempuser at vanguard.mydomain.org:*:16043:16043:temp
> Well, that's wrong for a start, you seem to be getting the users
> principal name, it should look like:
> I need to support UPN names for my scheme to work.
> Those same users can log into the linux box with their domain
> via ssh and create files owned by them
> However I can't figure out how to configure Samba to allow
> these same users
> to access a samba file share via a windows 7 client. I thought
> that Samba
> would check /etc/nsswitch.conf like other services and use
> ldap just like
> ssh would.
> No, this is down to whatever you are using for authentication. Can
> you post your smb.conf ?
> Here is my non-working smb.conf file for reference.
> Thanks for your help.
> workgroup = VANGUARD
> server string = sserve
> passdb backend = ldapsam:ldap://kram.vanguard.mydomain.org
> username map = /etc/samba/smbusers
> syslog = 0
> log file = /var/log/samba/%m
> smb ports = 139 445
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> name cache timeout = 3600
> max stat cache size = 16384
> domain logons = Yes
> preferred master = Auto
> domain master = No
> wins support = Yes
> ldap idmap suffix = ou=Idmap
> idmap config * : range = 10000-200000
> ldapsam:trusted = yes
> idmap config * : backend = ldap:ldap://kram.vanguard.mydomain.org
> map acl inherit = Yes
> path = /home/ALLSTUDENTS
> admin users = "@VANGUARD\domain admins"
> read only = No
> create mask = 0700
> directory mask = 0700
> delete readonly = Yes
More information about the samba