Thank you Mr.William, as you know I am a linux beginner ,meaning that I am not familiar with technical terms that's why I can't get myself understand the "howto" stuffs. The posted question is a myth to me which I couldn't extract of out of many instruction found from website. I'll be appreciate if you guys can just give a simple answer to my questions ,just "yes" or "no" and simple explanation. So that I can expand reading "HowTo" . Thank you and Best Regards, Tom
Adam Williams wrote: > whoa you have so many things wrong its hard to decide even where to > start. read > http://www.iallanis.info/smbldap-tools/docs/samba-ldap-howto/, and > chapter 5 of samba 3 by example, and > http://directory.fedoraproject.org/wiki/Howto:Samba > > suphakit Chamwuthipricha wrote: >> Hi >> I am new to linux & Samba. I would like to setup Samba as a >> domain controller and using Fedora-ds for authentication. >> I have read some documents from www.samba.org but I am still in >> the mist. >> >> Here is my dumb questions about Samba as follows. >> >> 1. Is CENTOS4.6+SAMBA3.0.25 as PDC +FEDORA-DS possible? >> 2. Is this HOWTO from >> http://directory.fedoraproject.org/wiki/Howto:Samba sufficient >> information? please suggest more >> 3. Since I tried to integrate Samba+Fedora-ds ,I am always stuck >> at this step "net groupmap add". >> Does these command need to be done? What will happen if we >> skip them? >> # net groupmap add rid=2512 ntgroup='Domain Admins' >> unixgroup='Domain Admins' >> # net groupmap add rid=2513 ntgroup='Domain Users' >> unixgroup='Domain Users' >> # net groupmap add rid=2514 ntgroup='Domain Guests' >> unixgroup='Domain Guests' >> # net groupmap add rid=2515 ntgroup='Domain Computers' >> unixgroup='Domain Computers' >> >> 3.1 Linux won't allow me to add unix group name with space >> like Domain Admins ,can we change to DomainAdmins (no space) >> as I tried to add unix group DomainAdmins in linux box >> and run the command , It is failed. >> # net groupmap add rid=2512 ntgroup='Domain Admins' >> unixgroup='DomainAdmins' >> I also noticed that this somehow relates to smb.conf >> file >> Some source says: >> ldap admin dn = cn=Directory Manager >> or >> ldap admin dn = cn=Directory Manager,dc=mycompany,dc=com >> >> 3.1.1 If I use this one ldap dn = cn=Directory Manager >> The result of net groupmap show failed to add >> group map >> 3.1.2 If I use this one ldap admin dn = cn=Directory >> Manager,dc=mycompany,dc=com >> The result of net groupmap show cannot find object >> "cn=Directory Manager,dc=mycompany,dc=com" >> 3.2 Where does the command looks for ntgroup="Domain Admins' >> to map with unixgroup=Domain Admins >> 3.3 Some source say the net group map should add type=d at >> the end of the line ,is it true? >> # net groupmap add rid=2512 ntgroup='Domain Admins' >> unixgroup='Domain Admins' type=d >> 4. Does this line in my smb.conf look ok? (I installed Samba >> & Fedora-ds in same machine) >> passdb backend = ldapsam:ldap://192.168.100.7 >> >> 5. Does these line need to be included in smb.conf file? >> What will happen if we don't include them? >> ldap idmap suffix = ou=Users >> ldap passed sync = Yes >> 6. Does user add scripts need to be included in smb.conf >> file? >> How it works and when these lines are used. >> What will happen if we don't include them. >> >> # Useradd scripts >> add user script = >> /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-useradd >> -m %u >> delete user script = >> /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-userdel >> -r %u >> add group script = >> /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-groupadd >> %g >> delete group script = >> /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-groupdel >> %g >> add user to group script >> =/usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-groupmod >> -G %g %u >> add machine script = >> /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-useradd >> -w %u >> idmap uid = 15000-20000 >> idmap gid = 15000-20000 >> passwd program >> =/usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-passwd %u >> >> 7. What does this command do? Do we have to do this with >> every users? >> # pdbedit -U $( net getlocalsid | sed 's/SID for >> domain YOURWORKGROUP is: //' )-500 -u Administrator -r >> 8. In many HOWTO from website ,they state about PAM and NSS >> config with ldap ,do we need it ,can we skip this? >> >> 9. I hardly find the instruction on how to set up Samba as >> PDC + Fedora-ds ,please advise] >> >> Thank you and Best Regards, >> Tom >> >> ---------------------------------------------------------------------- >> Finally - A spam blocker that actually works. >> http://www.bluebottle.com/tag/4 >> >> > > ---------------------------------------------------------------------- Finally - A spam blocker that actually works. http://www.bluebottle.com/tag/4 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
