[Samba] Winbind and nss-ldap
Harry Jede
walk2sun at arcor.de
Fri Oct 19 10:09:41 UTC 2018
Am Mittwoch, 3. Oktober 2018, 16:01:29 CEST schrieb Rob Thoman via
samba:
> Hi Guys,
>
> Have some issues with winbind and nss-ldap in LDAP based NT4
> BDC/fileserver
>
> The DC has the LDAP server role and the BDC connects to it for
> authentication.
>
> smb.conf of the BDC
>
> netbios name = TRAC5
> local master = no
> domain master = no
> preferred master = no
> domain logons = no
MUST be yes. Read: man smb.conf
> passdb backend = ldapsam:ldap://trac15.ste.com
> ldap admin dn = cn=admin,dc=ste,d=com
Invalid, should be:
ldap admin dn = cn=admin,dc=ste,dc=com
> ldap suffix = dc=ste
Invalid, should be:
ldap suffix = dc=ste,d=com
> ldap group suffix = ou=groups
> ldap machine suffix = ou=computers
> ldap user suffix = ou=users
> idmap backend = ldap
Deprecated, rtm
> ldap idmap suffix = ou=idmap
> idmap config * : ldap_url = ldap://trac15.ste
Invalid, should be:
idmap config * : ldap_url = ldap://trac15.ste,dc=com/
> idmap config * : ldap_base_dn = ou=idmap,dc=ste,dc=com
> idmap config * : ldap_user_dn = cn=admin,dc=ste,dc=com
> ldap delete dn = no
> ldap ssl = start tls
Default
>
> We've setup libnss-ldap in the servers (both trac15 and trac5)
>
> When we enable winbind service, we get the following error
> user 'asmith' (from session setup) not permitted to access this share
> (dataldap). In the actual client when you open the share, it prompts
> for the login creds again and again
>
> When the winbind is disabled,
> The user is able to login and access the shares. The issue seems to be
> with the folder permissions. The /home drive is setup with 700 as the
> mask and the folder permission in smb.conf. The user can create
> folders but not rename them. They can create a text file but not
> rename them. It comes with the You need permission from a the
> following user to make changes. The SID presented is the SID of the
> user in LDAP
>
> We have removed and added back the user in the /etc/passwd file in the
> fileserver. If we remove it the getent passwd doesn't recoginse the
> user. Our nsswitch.conf has files ldap
>
> So basically at this stage we are disabling winbind to get LDAP
> working
>
> Thank you,
>
> RT
--
Gruss
Harry Jede
More information about the samba
mailing list