John, Wbinfo -u lists all my NT user and wbinfo -g lists all my NT groups.
Here is a copy of my smb.conf, I took it from a working Redhat 9.0 machine I built. [global] # LDAP stuff for the idmap backend ldap admin dn = cn=root,dc=uk,dc=trt,dc=thales ldap suffix = dc=uk,dc=trt,dc=thales ldap idmap suffix = ou=idmap # Winbind stuff winbind separator = - idmap uid = 10000-20000 winbind uid = 10000-20000 idmap gid = 10000-20000 winbind gid = 10000-20000 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes #template homedir = /home/%D/%U #template homedir = /home/%U template homedir = /mnt/spare/%U template shell = /bin/bash idmap backend = ldap:ldap://lnxs001 # workgroup = NT-Domain-Name or Workgroup-Name workgroup = DOMAIN # server string is the equivalent of the NT Description field server string = SUN001 # if you want to automatically load your printer list rather # than setting them up individually then you'll need this printcap name = /etc/printcap load printers = yes # this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/log.%m # Put a capping on the size of the log files (in Kb). max log size = 50 # Security mode. Most people will want user level security. See # security_level.txt for details. security = user # Use password server option only with security = server ; password server = <NT-Server-Name> # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply local master = no # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both wins server = 192.168.224.25 # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The built-in default for versions 1.9.17 is yes, # this has been changed in version 1.9.18 to no. dns proxy = no Thanks, Sapan -----Original Message----- From: John H Terpstra [mailto:[EMAIL PROTECTED] Sent: 08 January 2004 16:58 To: Ganguly, Sapan Cc: '[EMAIL PROTECTED]' Subject: RE: [Samba] How do I get Winbind accounts in LDAP? Sapan, I recently installed Samba-3 on Solaris 9 and had no problem with PAM and NSS functionality. Logons using domain users worked well. As I do not have a Sun box it is a little difficult for me to help you directly. What output do you get from: wbinfo -u wbinfo -g Please send me your smb.conf file so I can see what may be going on. - John T. On Thu, 8 Jan 2004, Ganguly, Sapan wrote: > > Yep, I've done that, I basically followed the Solaris 9 HOWTO from the > main HOWTO collection that comes with Samba 3.0, the only difference > is that I used an /etc/pam.conf for Solaris 9 posted on the list by > Patrik Gustavsson. I haven't managed to get hold of him, he says he > has made it work on Solaris 9. I also want to get pam_mkhomedir work > but I have to get past this bit first. > >From his email signature it looks like he work for Sun in Sweden but > >even > the Sun helpdesk in the UK hasn't been able to get hold of him yet. > > -----Original Message----- > From: John H Terpstra [mailto:[EMAIL PROTECTED] > Sent: 08 January 2004 15:54 > To: Ganguly, Sapan > Cc: 'ww m-pubsyssamba'; '[EMAIL PROTECTED]' > Subject: RE: [Samba] How do I get Winbind accounts in LDAP? > > > On Thu, 8 Jan 2004, Ganguly, Sapan wrote: > > > > > I'm doing the same thing but with NT4 so I'm not using active > > directory. The only thing you haven't mentioned that I can think of > > is nsswitch.conf, you should have - > > > > Passwd: files winbind > > Group: files winbind > > > > Getent works for me, I'm stuck with getting log ons to the Solaris > > machine with NT usernames to work. > > If you want to log onto the Sun machine using Windows networking > credentials you must configure PAM to support the use of > pam_winbind.so. Have you done that? > > - John T. > > > > They seem to have changed something in Solaris 9, even Sun hasn't > > been able to help me! > > > > -----Original Message----- > > From: ww m-pubsyssamba [mailto:[EMAIL PROTECTED] > > Sent: 08 January 2004 13:45 > > To: Ganguly, Sapan ; [EMAIL PROTECTED] > > Subject: RE: [Samba] How do I get Winbind accounts in LDAP? > > > > > > Hi Sapan/All, > > > > ok this is all in my test/dev environment. I have a Sun Sparc > > workstation running Solaris 9 and an Intel server running Windows > > 2000 server acting as a Native mode AD DC. My Sparc system has Samba > > 3.0.1 installed and is successfully joined to the AD domain, I can > > authenticate via kerberos and wbinfo -u lists domain users etc. All > > I need LDAP for is centralising the IDMAP mappings across our > > theoretical Samba server infrastructure. > > > > On the same sparc system I also have SunONE DS 5.2 installed, this > > has the schema for Samba 3.0.1 successfully loaded. I have created > > the idamap OU in the directory and I have configured my smb.conf to > > use LDAP for idmap data, file attached. And I have set the LDAP > > admin account password with "smbpasswd -w". I have also disabled > > nscd from starting up & installed patch 113476-05 which is required > > for Solaris 9. I can also see winbindd establishing a connection to > > Sun LDAP in its access log. > > > > As I was writing this mail I have noticed that a getent for users > > and groups is not displaying any AD users/groups but is exiting with > > a status 0, this is despite the fact that wbinfo is correctly > > displaying all my AD users/groups!? I can see from a snoop and truss > > run on the getent that it is making LDAP calls to the AD DC but it's > > not returning anything!?! I have had this running on a Solaris 8 > > system in my test environment successfully and can't think of > > anything I've done differently. > > > > If anyone can help I'd greatly appreciate it, > > > > many thanks Andy. > > > > -----Original Message----- > > From: Ganguly, Sapan [mailto:[EMAIL PROTECTED] > > Posted At: 07 January 2004 16:44 > > Posted To: Samba > > Conversation: [Samba] How do I get Winbind accounts in LDAP? > > Subject: RE: [Samba] How do I get Winbind accounts in LDAP? > > > > > > > > Andy, > > > > Tell us a bit more, I'm doing a similar thing I think. I'm not > > using Sun's LDAP service, I have OpenLDAP running on a Redhat 9.0 > > box and I'm logging into my Solaris 9.0 machine running winbind, > > with my NT username and password which creates an idmap in the > > openldap database on the Redhat box....well, that's what it is > > supposed to do anyway...it works fine on Redhat, Solaris is proving > > to be a little more tricky. > > > > Is this what you are doing? > > > > -----Original Message----- > > From: ww m-pubsyssamba [mailto:[EMAIL PROTECTED] > > Sent: 07 January 2004 14:23 > > To: [EMAIL PROTECTED] > > Subject: RE: [Samba] How do I get Winbind accounts in LDAP? > > > > > > Hi John/List, > > > > I'm attemtpting this (idmap in LDAP) with samba3.0.1 and Sun DS 5.2 > > but without any success. I've tried what John T has suggested below > > but my idmap OU is still empty (adapted LDAP commnads for Sun DS). I > > cannot see any errors in either Samba or Sun DS logs, does anyone > > have any troubleshooting tips to help work out why this isn't > > working? > > > > many thanks Andy. > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] > > Behalf Of John H Terpstra Posted At: 03 January 2004 23:54 Posted > > To: Samba > > Conversation: [Samba] How do I get Winbind accounts in LDAP? > > Subject: Re: [Samba] How do I get Winbind accounts in LDAP? > > > > > > Kent, > > > > Did you create the container for the ou=Idmap in your LDAP database? > > The IDMAP entries are automatically added to LDAP - IF the container > > exists, and so long as Samba can access that database. > > > > Also, I suggest you store your machine accounts in the Users > > container and not in the Computers container. Samba does not at this > > time search the Computers container correctly. > > > > Execute the following to find out if your LDAP database has an IDMAP > > container: > > slapcat | grep -i IDMAP > > > > > > If nothing is returned, execute this: > > > > ldapadd -x -D "cn=admin,dc=tow,dc=net" -w 'password' << EOR > > dn: ou=Idmap,dc=abmas,dc=biz > > objectClass: organizationalunit > > ou: idmap > > structuralObjectClass: organizationalunit > > EOR > > > > Now you must stop samba, delete the winbind*tdb files, restart > > samba, > > run: > > wbinfo -u > > And that should automatically populate your LDAP IDMAP database. > > > > Cheers, > > John T. > > > > > > > > BBCi at http://www.bbc.co.uk/ > > > > This e-mail (and any attachments) is confidential and may contain > > personal views which are not the views of the BBC unless > > specifically stated. If you have received it in error, please delete > > it from your system. Do not use, copy or disclose the information in > > any way nor act in reliance on it and notify the sender immediately. > > Please note that the BBC monitors e-mails sent or received. Further > > communication will signify your consent to this. > > > > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba