Hello,
Recently, I've spent the last few days trying to get some unix client boxes to authenticate logins via winbind, so all of our unix system accounts can be maintained from active directory. So far, everything is working, and users can authenticate into the system, but they are assigned random uid/gid values, based on the smb.conf as well as the internal winbind_idmap.tdb file.
Anyways, since users' home directories are in NFS, the uid/gid need to be uniform across the network, which is where ldap comes in. So, we added a set of schema to active directory in windows, and now every user has two new fields, uidNumber and gidNumber. The only thing I need to do now is somehow get samba to get this information out of the AD via LDAP, and use it rather than letting samba make its own uid table.
I set up samba with all the relevant details of how to contact our AD server with LDAP (I should note that I can browse the uidNumber and gidNumber fields from a command line in unix with the ldapsearch tool). However, for whatever reason, samba can't seem to authenticate this way, and no information gets dumped to the error logs. Here's the smb.conf I've been working with:


[global]
        workgroup = WORKGROUP
        security = DOMAIN
        log level = 10
        log file = /var/adm/samba.log
        local master = No
        domain master = No
        wins server = leviathan
        ldap server = zurg
        ldap suffix = dc=example,dc=com
        ldap user suffix = ou=Employees
        ldap group suffix = ou=Groups
        ldap filter = (uidNumber=%u)
        ldap admin dn = cn=Administrator,cn=Users,dc=example,dc=com
        ldap ssl = no
        idmap backend = ldap:ldap://zurg
        idmap uid = 1000-2000
        idmap gid = 600-1000
        template primary group = employee
        template homedir = /home/%U
        template shell = /bin/bash
        winbind use default domain = Yes

Here, zurg is our AD server (running windows 2003 server). The only thing that I can think of that might be bad is that it won't allow anonymous binds... yet I haven't seen any place to put in a bind password for LDAP. Does anyone know how I might be able to get this up and running?

Thanks,
Nik

--
// Nik Reiman || [EMAIL PROTECTED] || http://www.aboleo.net \\

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Reply via email to