On Thu, 8 Jan 2004, Ganguly, Sapan wrote: > > I'm doing the same thing but with NT4 so I'm not using active directory. > The only thing you haven't mentioned that I can think of is nsswitch.conf, > you should have - > > Passwd: files winbind > Group: files winbind > > Getent works for me, I'm stuck with getting log ons to the Solaris machine > with NT usernames to work.
If you want to log onto the Sun machine using Windows networking credentials you must configure PAM to support the use of pam_winbind.so. Have you done that? - John T. > They seem to have changed something in Solaris 9, even Sun hasn't been able > to help me! > > -----Original Message----- > From: ww m-pubsyssamba [mailto:[EMAIL PROTECTED] > Sent: 08 January 2004 13:45 > To: Ganguly, Sapan ; [EMAIL PROTECTED] > Subject: RE: [Samba] How do I get Winbind accounts in LDAP? > > > Hi Sapan/All, > > ok this is all in my test/dev environment. I have a Sun Sparc > workstation running Solaris 9 and an Intel server running Windows 2000 > server acting as a Native mode AD DC. My Sparc system has Samba 3.0.1 > installed and is successfully joined to the AD domain, I can authenticate > via kerberos and wbinfo -u lists domain users etc. All I need LDAP for is > centralising the IDMAP mappings across our theoretical Samba server > infrastructure. > > On the same sparc system I also have SunONE DS 5.2 installed, this has the > schema for Samba 3.0.1 successfully loaded. I have created the idamap OU in > the directory and I have configured my smb.conf to use LDAP for idmap data, > file attached. And I have set the LDAP admin account password with > "smbpasswd -w". I have also disabled nscd from starting up & installed patch > 113476-05 which is required for Solaris 9. I can also see winbindd > establishing a connection to Sun LDAP in its access log. > > As I was writing this mail I have noticed that a getent for users and > groups is not displaying any AD users/groups but is exiting with a status 0, > this is despite the fact that wbinfo is correctly displaying all my AD > users/groups!? I can see from a snoop and truss run on the getent that it is > making LDAP calls to the AD DC but it's not returning anything!?! I have had > this running on a Solaris 8 system in my test environment successfully and > can't think of anything I've done differently. > > If anyone can help I'd greatly appreciate it, > > many thanks Andy. > > -----Original Message----- > From: Ganguly, Sapan [mailto:[EMAIL PROTECTED] > Posted At: 07 January 2004 16:44 > Posted To: Samba > Conversation: [Samba] How do I get Winbind accounts in LDAP? > Subject: RE: [Samba] How do I get Winbind accounts in LDAP? > > > > Andy, > > Tell us a bit more, I'm doing a similar thing I think. I'm not using Sun's > LDAP service, I have OpenLDAP running on a Redhat 9.0 box and I'm logging > into my Solaris 9.0 machine running winbind, with my NT username and > password which creates an idmap in the openldap database on the Redhat > box....well, that's what it is supposed to do anyway...it works fine on > Redhat, Solaris is proving to be a little more tricky. > > Is this what you are doing? > > -----Original Message----- > From: ww m-pubsyssamba [mailto:[EMAIL PROTECTED] > Sent: 07 January 2004 14:23 > To: [EMAIL PROTECTED] > Subject: RE: [Samba] How do I get Winbind accounts in LDAP? > > > Hi John/List, > > I'm attemtpting this (idmap in LDAP) with samba3.0.1 and Sun DS 5.2 > but without any success. I've tried what John T has suggested below but my > idmap OU is still empty (adapted LDAP commnads for Sun DS). I cannot see any > errors in either Samba or Sun DS logs, does anyone have any troubleshooting > tips to help work out why this isn't working? > > many thanks Andy. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > John H Terpstra Posted At: 03 January 2004 23:54 Posted To: Samba > Conversation: [Samba] How do I get Winbind accounts in LDAP? > Subject: Re: [Samba] How do I get Winbind accounts in LDAP? > > > Kent, > > Did you create the container for the ou=Idmap in your LDAP database? The > IDMAP entries are automatically added to LDAP - IF the container exists, and > so long as Samba can access that database. > > Also, I suggest you store your machine accounts in the Users container and > not in the Computers container. Samba does not at this time search the > Computers container correctly. > > Execute the following to find out if your LDAP database has an IDMAP > container: > slapcat | grep -i IDMAP > > > If nothing is returned, execute this: > > ldapadd -x -D "cn=admin,dc=tow,dc=net" -w 'password' << EOR > dn: ou=Idmap,dc=abmas,dc=biz > objectClass: organizationalunit > ou: idmap > structuralObjectClass: organizationalunit > EOR > > Now you must stop samba, delete the winbind*tdb files, restart samba, > run: > wbinfo -u > And that should automatically populate your LDAP IDMAP database. > > Cheers, > John T. > > > > BBCi at http://www.bbc.co.uk/ > > This e-mail (and any attachments) is confidential and may contain personal > views which are not the views of the BBC unless specifically stated. If you > have received it in error, please delete it from your system. Do not use, > copy or disclose the information in any way nor act in reliance on it and > notify the sender immediately. Please note that the BBC monitors e-mails > sent or received. Further communication will signify your consent to this. > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba