[Samba] debian wheezy 4.1.11 ldap backend / uid/gid resolving
Florian Lohoff
f at zz.de
Fri Jan 9 09:09:17 MST 2015
On Fri, Jan 09, 2015 at 03:42:53PM +0000, Rowland Penny wrote:
> On 09/01/15 15:23, Florian Lohoff wrote:
> >Hi,
> >
> >i am transitioning from a samba3 to a samba4 installation and while at
> >it i noticed that on samba4 every file access querys the LDAP (openldap)
> >backend for uid/gid names.
> >
> >With samba3 on Debian/Squeeze i dont see this happening. My assumption
> >was that nscd would cache away those querys which it doesnt on the
> >samba4 wheeze installation.
> >
> >[2015/01/09 15:21:46.331508, 3] ../source3/smbd/dir.c:1226(smbd_dirptr_get_entry)
> > smbd_dirptr_get_entry mask=[*] found shared/Software/windows/MC861_Full_CD/Drivers/NOR fname=NOR (NOR)
> >[2015/01/09 15:21:46.332434, 2] ../source3/passdb/pdb_ldap.c:524(init_sam_from_ldap)
> > init_sam_from_ldap: Entry found for user: flo
> >[2015/01/09 15:21:46.333609, 2] ../source3/passdb/pdb_ldap.c:2311(init_group_from_ldap)
> > init_group_from_ldap: Entry found for group: 1000
>
> Hi, can you post your smb.conf, also did you use the same one on samba3 ?
Nope - fresh installation
[global]
workgroup = VC
netbios name = VC
dns proxy = no
log level = 3 passdb:5 auth:10 winbind:5
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
server role = standalone server
passdb backend = ldapsam:"ldap://gtso1-srv5.net.domain.de"
ldap admin dn = cn=samba,ou=apps,dc=domain,dc=de
ldap ssl = start tls
ldap suffix = dc=domain,dc=de
ldap group suffix = ou=posixgroups
ldap user suffix = ou=staff
ldap machine suffix = ou=machines
ldap idmap suffix = ou=idmap
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
unix password sync = no
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = yes
follow symlinks = yes
wide links = yes
unix extensions = no
[homes]
path = /data/samba/homes/%u
root preexec = /usr/local/sbin/samba-checkuserhome %u %H
guest ok = No
browseable = Yes
create mask = 0664
directory mask = 0775
writeable = yes
hide unreadable = yes
--
Florian Lohoff f at zz.de
We need to self-defense - GnuPG/PGP enable your email today!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20150109/b79ef031/attachment.pgp>
More information about the samba
mailing list