[Samba] ldap user login issue

Rowland Penny rpenny at samba.org
Sun Aug 21 19:33:08 UTC 2016 

On Sun, 21 Aug 2016 19:09:25 +0000
Parag Khuraswar <parag_k at citilindia.com> wrote:

> Hi Rowland,
> 
> I followed below link to configure samba PDC
> 
> http://suresh-chandra.blogspot.in/2014/08/samba4-as-active-directory-domain.html
> 
> My original smb.conf file is:-
> 
> --------------------------------------------------
> # Global parameters
> [global]
>         netbios name = CONLDAP
>         realm = <MY DOMAIN>
>         workgroup = <DOMAIN>
>         dns forwarder = 192.168.1.11
>         server role = active directory domain controller
> 
> [netlogon]
>         path = /usr/local/samba/var/locks/sysvol/arde.in/scripts
>         read only = No
> 
> [sysvol]
>         path = /usr/local/samba/var/locks/sysvol
>         read only = No
> ---------------------------------------------------
> I tried other options when this did not work for me.
> 
> Please share any appropriate document to configure SAMBA PDC with
> Openldap at backend if this is not the proper way to configure it.
> 

OK, after reading the link you posted, you have an AD DC, this comes
with its own version of ldap, it does not use openldap.

If you use AD, you can have multiple DCs, they will all be the same,
apart from the FSMO roles and any DC can hold a FSMO role.

A PDC is not a DC, a PDC is a Primary Domain Controller for an
NT4-style domain and this is very different from an Active Directory
domain.

If you are setting up a new domain, I would go for an AD domain, it
seems as if microsoft (and this is only my opinion) is trying to make
it harder and harder for win10 to work with an NT4-style domain.

Can I suggest you read the samba wiki:

 https://wiki.samba.org/index.php/Main_Page

Pay particular attention to this page:

https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller

I think you may decide to re-provision after reading the above page'

If you are going to allow your users to log into the DC (by any
method), you would do well to read and follow this:

 https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member#libnss_winbind

Rowland

More information about the samba mailing list