Hi, I have noticed a strange behavior regarding samba 3 domain member servers:
I have a LDAP based Samba3 PDC + BDC setup running and want to add a
third machine as "Domain member server" (name: HILBERT ).
Problem:
When I look up the file ownership from a W2K Workstation Client both PDC
and BDC show the owners account to be a domain account:
e.g.: DOMAIN\schlegel
Hilbert behaves differently. It shows local users and mapped group in
the form:
HILBERT\[local user on hilbert|centrally mapped group]
and ldap-users like this:
HILBERT\(the Users SID)
I expect it to at least show mapped groups and ldap users in the form
DOMAIN\username.
I am also not quite sure whether I should run the server in "domain" or
"user" security mode, but I found out I have to use the LDAP backend to
get the central group mapping. I also found out that both setups work
and that the domain setup is talking to the PDC while the user setup
does not. This is like I expected it.
However, the behavior regarding hostname vs. domainname is the same.
nss_ldap + pam_ldap work fine, the UIDs are mapped on the OS level.
Environment software is openldap 2.1.22, nss_ldap 202, RedHat 9.
can anyone help me? I attached testparm -s output of hilbert.
regards, Gunther
--
Gunther Schlegel Riege Software International GmbH
Manager System Administration Mollsfeld 10
40670 Meerbusch, Germany
Email: [EMAIL PROTECTED] Phone: +49-2159-9148-0
Fax: +49-2159-9148-11
---------------------------------------------------------------------
Disclaimer:
You may grab my GPG key from http://www.keyserver.net .
A nonproportional font is recommended for reading.
Processing section "[procars]"
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
# Global parameters
[global]
workgroup = RIEGE
server string = Development Server
passdb backend = ldapsam:ldap://XXXXXXXXXXXXXXXXXXXXXXX, guest
lanman auth = No
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
log level = 2
min protocol = NT1
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
wins server = XXXXXXXXXXXX
ldap suffix = ou=Riege Software,dc=riege,dc=com
ldap machine suffix = ou=SMB Machines,ou=Accounts,ou=Riege
Software,dc=riege,dc=com
ldap user suffix = ou=RSIDUS,ou=Accounts,ou=Riege Software,dc=riege,dc=com
ldap group suffix = ou=Groups,ou=Riege Software,dc=riege,dc=com
ldap idmap suffix = ou=Riege Software,dc=riege,dc=com
ldap admin dn = "cn=XXXXXXXXXXXXXXXXXXXXXXXXXXXX,ou=Riege
Software,dc=riege,dc=com"
ldap ssl = start tls
ldap passwd sync = Yes
idmap backend = ldapsam:ldap://XXXXXXXXXXXXXXXXXXXXXXX
hosts allow = XXXXXXXXXXXXXXX, 127.0.0.1
hosts deny = 0.0.0.0/0
hide special files = Yes
veto files = /lost+found/
delete readonly = Yes
dos filetimes = Yes
[procars]
comment = Development PROCARS installations
path = /opt/rsi
valid users = @develop
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
