Michael Gasch wrote: > cause samba relies in your setup probably on NSS, which has files, ldap > settings?!?! > > you could try to use "ldapsam:trusted (G)" or invalid users = root, > ldap, ... > > greez > > Anthony Messina wrote: >> I have an fc5 system running samba-3.0.22-1.fc5 and >> smbldap-tools-0.9.2-2.fc5. This server acts as my pdc (netbios name >> HOME) and a server for /home directories. I use ldapsam with openldap to >> store all account info. I noticed while troubleshooting something else >> that if I try to browse to the home directory of a system account, such >> as "ldap" at \\HOME\ldap -- I am presented with a username/password >> dialogue, even though the user "ldap" only exists in the systems >> /etc/passwd file and is not in my openldap directory. >> >> It seems as though I should get a "not found" message rather than >> confirmation that this account exists on the system. Why is samba also >> looking for users in the /etc/passwd file if I have specified that I >> want to use ldapsam? How do i stop this behavior? >> >> ldap passwd sync = no >> ldap admin dn = "uid=sambaroot,ou=People,dc=example,dc=com" >> passdb backend = ldapsam:ldap://127.0.0.1 >> ldap ssl = off >> ldap delete dn = yes >> ldap suffix = dc=example,dc=com >> ldap user suffix = ou=People >> ldap group suffix = ou=Group >> ldap machine suffix = ou=Computers >> ldap idmap suffix = ou=Idmap,dc=example,dc=com >> idmap backend = ldap:ldap://127.0.0.1 >> idmap uid = 16777216-33554431 >> idmap gid = 16777216-33554431
thank you kindly for your quick reply. i have been investigating the ldapsam:trusted = yes option. initially i was unsuccessful until i added the sambaGroupMapping objectclass to the cn=user,ou=Group... entry. is this the right place to do this? also, i enter the group type as "2", i think (for a domain group), but in the sambaSID in the group mapping, do i copy the individual user's sambaSID or the sambaPrimaryGroupSID from their entry in uid=user,ou=People... ? it works with ldapsam:trusted = yes if i do either, but i'm guessing that i should duplicate the user's sambaSID from their uid=user,ou=People entry into their cn=user,ou=Group entry. is this correct? again, thank you kindly. -a -- Anthony http://messinet.com http://messinet.com/~amessina/gallery 8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
signature.asc
Description: OpenPGP digital signature
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
