Michael Gasch wrote: > cause samba relies in your setup probably on NSS, which has files, ldap > settings?!?! > > you could try to use "ldapsam:trusted (G)" or invalid users = root, > ldap, ... > > greez > > Anthony Messina wrote: >> I have an fc5 system running samba-3.0.22-1.fc5 and >> smbldap-tools-0.9.2-2.fc5. This server acts as my pdc (netbios name >> HOME) and a server for /home directories. I use ldapsam with openldap to >> store all account info. I noticed while troubleshooting something else >> that if I try to browse to the home directory of a system account, such >> as "ldap" at \\HOME\ldap -- I am presented with a username/password >> dialogue, even though the user "ldap" only exists in the systems >> /etc/passwd file and is not in my openldap directory. >> >> It seems as though I should get a "not found" message rather than >> confirmation that this account exists on the system. Why is samba also >> looking for users in the /etc/passwd file if I have specified that I >> want to use ldapsam? How do i stop this behavior? >> >> Any help or direction would be appreciated. My smb.conf and smbusers >> file are below: >> >> ### /etc/samba/smb.conf ### >> [global] >> workgroup = example.com >> netbios name = home >> server string = Samba Domain Server >> hosts allow = 127.0.0.1 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 >> hosts deny = 0.0.0.0/0 >> interfaces = lo eth0 >> bind interfaces only = yes >> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 >> >> printcap name = /etc/printcap >> load printers = no >> printing = cups >> cups options = raw >> >> guest account = nobody >> >> log file = /var/log/samba/samba.log >> max log size = 1024 >> log level = 1 >> security = user >> lanman auth = no >> client ntlmv2 auth = yes >> enable privileges = yes >> >> ldap passwd sync = no >> ldap admin dn = "uid=sambaroot,ou=People,dc=example,dc=com" >> passdb backend = ldapsam:ldap://127.0.0.1 >> ldap ssl = off >> ldap delete dn = yes >> ldap suffix = dc=example,dc=com >> ldap user suffix = ou=People >> ldap group suffix = ou=Group >> ldap machine suffix = ou=Computers >> ldap idmap suffix = ou=Idmap,dc=example,dc=com >> idmap backend = ldap:ldap://127.0.0.1 >> idmap uid = 16777216-33554431 >> idmap gid = 16777216-33554431 >> >> add user script = /usr/sbin/smbldap-useradd -m "%u" >> delete user script = /usr/sbin/smbldap-userdel "%u" >> add machine script = /usr/sbin/smbldap-useradd -w "%u" >> add group script = /usr/sbin/smbldap-groupadd -p "%g" >> delete group script = /usr/sbin/smbldap-groupdel "%g" >> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" >> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" >> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" >> >> encrypt passwords = yes >> unix password sync = Yes >> passwd program = /usr/bin/passwd %u >> passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n >> *passwd:*all*authentication*tokens*updated*successfully* >> >> username map = /etc/samba/smbusers >> >> local master = yes >> os level = 33 >> domain master = yes >> preferred master = yes >> domain logons = yes >> >> logon script = %U.bat >> logon drive = H: >> logon home = \\%L\%U >> >> name resolve order = wins lmhosts bcast >> wins support = yes >> wins proxy = no >> dns proxy = no >> >> preserve case = yes >> >> nt acl support = yes >> >> template shell = /bin/false >> winbind use default domain = no >> >> [homes] >> comment = Home Directory for %U >> csc policy = disable >> browseable = no >> writable = yes >> valid users = %S >> hide files = /Desktop.ini/desktop.ini/RECYCLER/Thumbs.db/ >> >> [netlogon] >> comment = Network Logon Service >> path = /etc/samba/netlogon >> guest ok = yes >> writable = no >> browseable = no >> share modes = no >> >> ### /etc/samba/smbusers ### >> #(all users are commented out) >> #root = administrator admin >> #nobody = guest >>
ok, i have my pdc and bdc working with ldapsam:trusted = yes, and the same issue occurs. i then added invalid users = root, ldap, ... and it continues to occur. what am i missing? samba wants to hand out home directories for any user in /etc/passwd even with invalid users and ldapsam:trusted set. -- Anthony http://messinet.com http://messinet.com/~amessina/gallery 8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
signature.asc
Description: OpenPGP digital signature
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
