Phil Burrow wrote:
Bjoern Tore Sund wrote:
> No Windows here, this is the cifs disk server for 800 Linux clients.
> None of which are members of the domain in any meaningful way. I just
> want all the servers to authenticate against the same LDAP server, the
> domain is irrelevant for functionality. Hmmm. Which means that I
might
> just get away with setting the same SID on all four domains and
leave it
> at that... ?
>
> -BT
Makes sense if thats all you need and theres no Windows stuff to
break, yep :) Sorry for being presumptuous about your setup!
You would need to remove three of the sambaDomainName entries if you
only want a single domain though, and ensure that the only one present
is sambaDomainName=UNIX.
When you do net getlocalsid, it should be looking up the details for
the domain you specified in smb.conf (UNIX) in your LDAP directory.
Check your logs, see if it's happening and see what questions it's
asking your LDAP server, that way you can see where it's getting its
unusual SID information from and why it may not be setting the SID
like it should.
i.e. on one of my broken systems that I use for playing about with
stuff, I just booted to test it and I can see that if I do net
getlocalsid its looking for:
smbldap_search_domain_info: Query was: dc=mydomain,dc=co,dc=uk,
(&(objectClass=sambaDomain)(sambaDomainName=MYDOMAINFROMSMB-CONF))
Just feedback, since things are working ok now.
The domain question isn't relevant, so I really don't care whether I
have one or four. Which is just as well, because the servers all ignore
the domainName=UNIX entry. If I delete their LDAP entry, they'll simply
create a new one. Which is consistent with documentation, with
security=user, any workgroup- or realm-setting is ignored, and with
security=anything-but-user, ldapsam doesn't work. I've checked and
confirmed that 'net lookup sid' in all cases return the local domain and
as long as I have no need to connect the domains I'm fine.
Thanks for your help!
Bjørn
--
Bj¯rn Tore Sund Phone: 555-84894 Email: [EMAIL PROTECTED]
IT department VIP: 81724 Support: http://bs.uib.no
Univ. of Bergen
When in fear and when in doubt, run in circles, scream and shout.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
