Hi again,
I've tested the configuration suggested and found some other problems.
After applying the changes to ldap.conf I obtained again that users could logon
only to workstation that already had their profile on it (i.e. pc where they
already logon in the past).
Also I discovered the
Miguel Medalha wrote:
Based on your smb.conf, you must have the following entries in
/etc/ldap.conf
nss_base_passwdou=Users,dc=DOMAIN,dc=IT?one
nss_base_passwdou=Computers,dc=DOMAIN,dc=IT?one
nss_base_shadowou=Users,dc=DOMAIN,dc=IT?one
nss_base_group
nss_base_passwdou=Computers,dc=DOMAIN,dc=IT?one
should be
nss_base_hostsou=Computers,dc=DOMAIN,dc=IT?one
No, it shouldn't. From the point of view of a Windows domain, computers
are users too. The Samba manual even makes a joke about that, saying
that computers are
Did you install libnss-ldap and libpam-ldap? You need those.
Also, in /etc/nsswitch.conf:
passwd: files ldap
shadow: files ldap
group: files ldap
I found that Samba works better with the ldpasam:trusted = yes
parameter. In this case, your LDAP database MUST contain the entire
POSIX account
If I try to connect with a user that exist in both the LDAP and etc/passwd
files I cannot get it to authenticate (error user is invalid or bad
password) but I don't get any log in the samba files
It means that the error precedes Samba.
--
To unsubscribe from this list go to the following
Miguel Medalha wrote:
nss_base_passwdou=Computers,dc=DOMAIN,dc=IT?one
should be nss_base_hostsou=Computers,dc=DOMAIN,dc=IT?one
No, it shouldn't. From the point of view of a Windows domain,
computers are users too. The Samba manual even makes a joke about
that, saying
dogb...@infinito.it wrote:
Miguel Medalha wrote:
Based on your smb.conf, you must have the following entries in
/etc/ldap.conf
nss_base_passwdou=Users,dc=DOMAIN,dc=IT?one
nss_base_passwdou=Computers,dc=DOMAIN,dc=IT?one
nss_base_shadowou=Users,dc=DOMAIN,dc=IT?one
or are you saying nss_base_hosts
ou=Computers,dc=DOMAIN,dc=IT?one is wrong?
I don't know about NFS, but from the point of view of a Samba PDC the
above is wrong. Computers are also domain users and as such they must be
referred to the nss_base_passwd directive.
Quoting from
Miguel Medalha wrote:
or are you saying nss_base_hosts
ou=Computers,dc=DOMAIN,dc=IT?one is wrong?
I don't know about NFS, but from the point of view of a Samba PDC the
above is wrong. Computers are also domain users and as such they must
be referred to the nss_base_passwd
It's normal to have /etc/passwd entries in their that you'd need if your
ldap infrastructure died in the most horrible way.
Otherwise a small ldap problem can brick a machine.
Faye
dogb...@infinito.it wrote:
sorry... forgot to crosspost answer to the list:
I'm checking /etc/ldap.conf and
Yes, I followed the guides at Ubuntu site:
https://help.ubuntu.com/8.10/serverguide/C/network-authentication.html
and it included the installation of libnss_ldap
François Legal wrote:
Did you install the libnss_ldap package ?
On Mon, 11 May 2009 23:32:00 +0200, dogbert dogb...@infinito.it
Yes, but I'd like to keep the minimal user configurations in /etc/passwd to
allow system maintenance (root and a few local users). All the users related to
the microsoft network will reside on ldap.
Do you think that having all that users and machines in that directive can be
problematic ?
Hi,
I've migrated from an old samba installation (Samba as PDC) that used TDB
backend for password.
I've setup a box with ubuntu and samba 3 + ldap and I imported the old
users.
Old users works fine.
I have problems with new users and machines.
Old users works but they don't show up with
do you have ldap machine suffix = ou=Computers
in smb.conf?
dogb...@infinito.it wrote:
If I join a workstation (directly by the workstation) it is added to ldap db
but it doesn't see the domain until I manually add an entry for it in
/etc/passwd
--
To unsubscribe from this list go to
Yes, this is the [GLOBAL] section of my smb.conf
[global]
dos charset = 850
unix charset = ISO8859-1
workgroup = DOMAIN.IT
server string = SERVERNAME
map to guest = Bad User
passdb backend = ldapsam:ldap://localhost/
syslog = 0
log
is ADAM the username of a user or a machine account?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
awill...@mdah.state.ms.us
Cc: samba@lists.samba.org
Sent: Monday, 11 May, 2009 7:35:01
Subject: Re: [Samba] Users can't login on Samba+Ldap
Yes, this is the [GLOBAL] section of my smb.conf
[global]
dos charset = 850
unix charset = ISO8859-1
workgroup = DOMAIN.IT
sorry... forgot to crosspost answer to the list:
I'm checking /etc/ldap.conf and it seems that at the end of this file it was
added a line with the following directive:
nss_initgroups_ignoreusers
that included more or less every single entry contained in my /etc/passwd
file at the time of the
ADAM and BERENICE are fake username (I had to cover real username and domain
informations before posting)
is ADAM the username of a user or a machine account?
--
To unsubscribe from this list go to the following URL and read the
instructions:
Is this the section that has to be configured in ldap.conf?
#nss_base_passwdou=People,dc=padl,dc=com?one
#nss_base_shadowou=People,dc=padl,dc=com?one
#nss_base_group ou=Group,dc=padl,dc=com?one
#nss_base_hosts ou=Hosts,dc=padl,dc=com?one
#nss_base_services
...@infinito.it
To: ray klassen julius_ahenobar...@yahoo.co.uk; Adam Williams
awill...@mdah.state.ms.us
Cc: samba@lists.samba.org
Sent: Monday, 11 May, 2009 8:08:49
Subject: Re: [Samba] Users can't login on Samba+Ldap
Is this the section that has to be configured in ldap.conf?
#nss_base_passwd
Based on your smb.conf, you must have the following entries in
/etc/ldap.conf
nss_base_passwdou=Users,dc=DOMAIN,dc=IT?one
nss_base_passwdou=Computers,dc=DOMAIN,dc=IT?one
nss_base_shadowou=Users,dc=DOMAIN,dc=IT?one
nss_base_group ou=Groups,dc=DOMAIN,dc=IT?one
I've found somewhere (I'm looking again for the document) that from a certain
version it doesn't need anymore the file libnss_ldap.conf/secret because it's
all configured from ldap.conf/secret (and I don't have libnss_ldap files).
Anyway I checked with the getent command and I obtain only
Riccardo,
I use Debian, so setup should be similar to Ubuntu. Do you have
libnss-ldap and libpam-ldap installed? They were necessary for
Samba/ldap to work.
Have you modified nsswitch.conf and pam.d to use ldap? Note: Although
others have mentioned the possibility, I did not have to modify
Dale,
I followed the guide from ubuntu website adding some other detailed because it
seems that those info aren't complete:
https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html
at this point:
https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html#openldap-auth-config
I
can you post your /etc/nsswitch.conf?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Adam Williams wrote:
can you post your /etc/nsswitch.conf?
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc Name Service Switch' for information about this file.
27 matches
Mail list logo
