Matt Hoyt wrote:
It still doesn't work. Do I need to download padl.com tools for transfering /etc/passwd and /etc/group to openldap? Here is my nsswitch.conf file and the last few lines for syslog showing openldap calls.
Well you don't really have to add the posix info to ldap, but it's really counterintuitive to split your samba storage and posix info, at least in a pure *NIX controlled world. You would also need to configure your nsswitch to auth by ldap, and not winbind!!
Craig made a good point that your LDIF doesn't have any groups, but then again, if you're trying to keep it in /etc/group that makes sense.
I suggest you back up and take a run at it like so.
1. Get your system authenticating with ldap data store
- read a bit of documentation on LDAP
- take out the user/group info you added from /etc/passwd and /etc/group (and maybe /etc/shadow).
- move said info to ldap
- do what the docs say to do for getting auth to work
2. Add samba
That's the end of the on task suggestions, I was going to make a rant, but I'll save that for another day, when I'm not sunburned :-P and therefore can handle the flamewar.
/etc/nsswitch.conf:
# $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/nsswitch.conf,v 1.4 2002/11/18 19:39:22 azarah Exp $
passwd: files winbind shadow: files group: files winbind
# passwd: db files nis # shadow: db files nis # group: db files nis
hosts: files dns networks: files wins
services: db files protocols: db files rpc: db files ethers: db files netmasks: files netgroup: files bootparams: files
automount: files aliases: files
Jul 31 12:21:39 backup slapd[13506]: conn=525 op=37 SRCH attr=sambaSID uidNumber gidNumber objectClass
Jul 31 12:21:39 backup slapd[13506]: conn=525 op=37 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jul 31 12:21:39 backup slapd[13506]: conn=525 op=38 SRCH base="ou=Groups,dc=sovereign" scope=2 filter="(&(objectClass=sambaGroupMapping)(gidNumber=441))"
Jul 31 12:21:39 backup slapd[13506]: conn=525 op=38 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jul 31 12:21:39 backup slapd[13506]: conn=525 op=38 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jul 31 12:21:39 backup slapd[13506]: conn=525 op=39 SRCH base="ou=Groups,dc=sovereign" scope=2 filter="(&(|(objectClass=posixGroup)(objectClass=sambaIdmapEntry))(gidNumber=441))"
Jul 31 12:21:39 backup slapd[13506]: conn=525 op=39 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jul 31 12:21:39 backup slapd[13506]: conn=525 op=39 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jul 31 12:21:39 backup slapd[13506]: conn=525 op=40 SRCH base="ou=People,dc=sovereign" scope=2 filter="(&(objectClass=sambaIdmapEntry)(gidNumber=441))"
Jul 31 12:21:39 backup slapd[13506]: conn=525 op=40 SRCH attr=sambaSID uidNumber gidNumber objectClass
Jul 31 12:21:39 backup slapd[13506]: conn=525 op=40 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jul 31 12:21:39 backup slapd[13483]: conn=525 fd=24 closed
Matt Hoyt
>From: Paul Gienger <[EMAIL PROTECTED]>
>To: Matt Hoyt <[EMAIL PROTECTED]>,MailingList_Samba <[EMAIL PROTECTED]>
>Subject: Re: [Samba] Openldap samba 3.0.5 net group add does not work
>Date: Sat, 31 Jul 2004 01:23:56 -0500
>
>I'm going to make an assumption here that you aren't using any
>Active Directory...
>
>Changes below (after correspoding lines):
>
>>[global]
>>workgroup = WORKGROUP
>>netbios name = backup
>>#username map = /etc/samba/smbusers
>
>
>>add user script = /usr/sbin/useradd -m %u
>>delete user script = /usr/sbin/useradd -r %u
>>add group script = /usr/sbin/groupadd %g
>>delete group script = /usr/sbin/groupadd %g
>>add user to group script = /usr/sbin/usermod -G %g %u
>>add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null
>>-g machines %u
>
>Add quotes around your % arguments here. Even though you quote them
>on the command line that doesn't mean they get to the scripts that
>way
>
>>preferred master = yes
>>domain master = yes
>>local master = yes
>>security = users
>>domain logons = yes
>>os level = 35
>>logon path = \\%L\profiles\%u
>>logon drive = H:
>>logon home = \\%L\%u\winprofile
>>logon script = /etc/samba/logon/scripts
>
>Unrelated to your issue, but you need to specify an absolute script
>here, it appears you're just pointing to a directory. Either point
>to a global script (logon.bat) or maybe a user/group script
>(%u.bat). This path will also be relative to your netlogon share.
>
>>#idmap backend = ldapsam:ldap://localhost
>
>Good to comment this out, but remove it and any idmap related
>entries.
>
>>ldap suffix = dc=sovereign
>>ldap admin dn = "cn=Manager,ou=People,dc=sovereign"
>>ldap ssl = no
>>passdb backend = ldapsam:ldap://localhost
>>ldap delete dn = no
>>ldap user suffix = ou=People
>>ldap group suffix = ou=Groups
>>ldap machine suffix = ou=Computers
>
>Depending on your nss configuration, change this to ou=People.
>Search the archives for an explanation, you can search for me if you
>wish, I've responded more times than I wish to remember.
>
>>ldap idmap suffix = ou=Idmap
>>winbind separator = +
>>winbind enum users = yes
>
>These 3 should go bye bye, as well as any other winbind related
>entries, at least for your PDC.
>
>>template homedir = /home/winnt/%D/%U
>>template shell = /bin/bash
>>idmap uid = 10000-20000
>>idmap gid = 10000-20000
>
>delete 2x.
>
>>
>>Here is the ldap-init.ldif
>># Samba openldap configuration file
>># -------------------------------------------
>># Organization for Samba Base
>>dn: dc=sovereign
>>objectclass: dcObject
>>objectclass: organization
>>dc: sovereign
>>o: sovereign network test
>>description: ldap configuration
>>
>># Organizational Role for Directory Management
>>dn: cn=Manager,dc=sovereign
>>objectclass: organizationalRole
>>cn: Manager
>>description: Manager
>>
>># Setting up container for users
>>dn: ou=People,dc=sovereign
>>objectclass: top
>>objectclass: organizationalUnit
>>ou: People
>>
>># Setting up admin handle for people
>>dn: cn=admin,ou=People,dc=sovereign
>>cn: admin
>>objectclass: top
>>objectclass: organizationalRole
>>objectclass: simpleSecurityObject
>>userPassword: *********************************
>>
>># Setting up container for groups
>>dn: ou=Groups,dc=sovereign
>>objectclass: top
>>objectclass: organizationalUnit
>>ou: Groups
>>
>># Setting up admin for Groups ou
>>dn: cn=admin,ou=Groups,dc=sovereign
>>cn: admin
>>objectclass: top
>>objectclass: organizationalRole
>>objectclass: simpleSecurityObject
>>userPassword: *********************************
>>
>># Setting up container for computers
>>dn: ou=Computers,dc=sovereign
>>objectclass: top
>>objectclass: organizationalUnit
>>ou: Computers
>>
>># Setting up admin handle for Computers OU
>>dn: cn=admin,ou=Computers,dc=sovereign
>>cn: admin
>>objectclass: top
>>objectclass: organizationalRole
>>objectclass: simpleSecurityObject
>>userPassword: ***********************************
>>
>># Setting up container for idmap
>>dn: ou=Idmap,dc=sovereign
>>objectclass: top
>>objectclass: organizationalUnit
>>ou: Idmap
>>
>># Setting up admin for Groups ou
>>dn: cn=admin,ou=Idmap,dc=sovereign
>>cn: admin
>>objectclass: top
>>objectclass: organizationalRole
>>objectclass: simpleSecurityObject
>>userPassword: **********************************
>>
>>Gentoo box running kernel 2.6.7
>>
>>I am able to add users and machine accounts. If I use tdbsam net
>>groupmap works.
>
>Curious how you have your nss configured, or if logging on actually
>works if you haven't toyed with it. Although chances are that if you
>are running gentoo you toyed with EVERYTHING.
>
>--
>Paul Gienger Office: 701-281-1884
>Applied Engineering Inc. Information Systems Consultant
>Fax: 701-281-1322
>URL: www.ae-solutions.com mailto: [EMAIL PROTECTED]
>
>
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc. Information Systems Consultant Fax: 701-281-1322
URL: www.ae-solutions.com mailto: [EMAIL PROTECTED]
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
