Hi Daniel -------- Original - Text --------
I have to say I run on OpenSUSE 11.4 and I hate it for doing things not transparent to the user like shown in the config file below. > Did you getent passwd and getent group. > And all ldap users and groups are shown up? I can confirm this. > Did you do at least install an ldap-client and ldapauth on your linux box? Yes for the ldap-client and no for ldapauth - haven't even heard of it so far. I am able to log in using a ldap user which is not locally defined at the samba box, if this answers the background of your question. > Do you talk to ldap with winbind, ldapsam:editposix? > It is ldapsam, here is an extract of my smb.conf: passdb backend = ldapsam:ldap://ldap.mytld.de set primary group script = ldapsmb -m -u "%u" -gid "%g" add machine script = /sbin/yast /usr/share/YaST2/data/add_machine.ycp %m$ logon path = \\%L\profiles\.msprofile logon drive = P: logon home = \\%L\%U\.9xprofile domain logons = Yes os level = 65 preferred master = Yes domain master = Yes ldap admin dn = cn=Manager,dc=mytld,dc=de ldap group suffix = ou=Group ldap machine suffix = ou=Computers ldap passwd sync = yes ldap suffix = dc=mytld,dc=de ldap ssl = no #testing only ldap user suffix = ou=People Your answer opened my eyes and I started wondering about the "add machine script" and the "set primary group script" entries in my config. I even do not have the ldapsmb rpm installed on the file server, but it is installed (automatically by YaST) at the ldap box. I never used it, it must have been installed and configured by YaST automatically. Also it is not clear to me, why one need the add machine scpript. I digged into the code and saw that it will read my smb.conf, get the password from secret.tdb, do a connection to my ldap server, add a user and a machine below Computers in the DIT. [snip] map<string,any> config_map = $[ "bind_pw" : passwd, "bind_dn" : bind_dn, "user_base" : ldap_machine_suffix+","+ldap_suffix, "type" : "ldap", "plugins": [ "UsersPluginLDAPAll", "UsersPluginSamba" ], ]; map<string,any> data_map = $[ "uid" : value, "givenName" : "Machine", "cn" : value, "sn" : "Machine", "userPassword" : "*", "loginShell" : "/bin/false", "homeDirectory" : "/var/lib/nobody", "create_home" : false, ]; // add the user y2milestone (YaPI::USERS::UserAdd (config_map, data_map) ); [snip] Please tell me what is going on in the background so that I am able to understand what to do. As said before, connecting the ldap server and gathering information from there seems to work since I am able to see it in the smb logs. Is there a maybe a sequence diagramm available about what is going on when a share wants to be opened? I saw something for winbind with unix UID to samba SID but I got confused. It is not clear to me, when using winbind. Also your Question "Do you talk to ldap with winbind, ldapsam:editposix? " in this context is not clear to me. Does it mean either winbind or ldapsam should be used or are they used together? I guess I go and find me a serious job... Thanks. -fuz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
