Suphakit wrote:
Thank you Mr.William, as you know I am a linux beginner ,meaning that I
am not familiar with technical terms that's why I can't get myself
understand the "howto" stuffs. The posted question is a myth to me which
I couldn't extract of out of many instruction found from website. I'll
be appreciate if you guys can just give a simple answer to my questions
,just "yes" or "no" and simple explanation. So that I can expand reading
"HowTo" .
Thank you and Best Regards,
Tom
Tom,
As for item 1: This is possible, however, CentOS-4.6 ships with
samba-3.0.12(ish... it's an older build with Red Hat's blessed patches),
for a Samba 3.0.25, you'll want to use CentOS-5.1, I believe. You can
use a never samba than the shipped version, but as a Linux newbie, I
wouldn't recommend it unless you feel very comfortable at a command
line. I've had a good deal of trouble with Fedora-DS, but I was
building from source, YMMV. I'm sure it's a great software package, but
I had to fight with it a bit.
On a side note, are you locked in to using CentOS and Fedora DS, and
having separate authentication, or can you "take baby steps" using the
builtin password and user files? You are taking on a great amount of
work and introducing yourself to a very steep learning curve with your
proposed setup. And, being new to Linux at the same time will only
compound this. I'm not trying to discourage you, quite the contrary, I
just think that trying to get right up to this level of server and
service sophistication might leave you with a very long uphill battle
ahead if you choose to take it head on like this.
Adam Williams wrote:
whoa you have so many things wrong its hard to decide even where to
start. read
http://www.iallanis.info/smbldap-tools/docs/samba-ldap-howto/, and
chapter 5 of samba 3 by example, and
http://directory.fedoraproject.org/wiki/Howto:Samba
suphakit Chamwuthipricha wrote:
Hi
I am new to linux & Samba. I would like to setup Samba as a
domain controller and using Fedora-ds for authentication.
I have read some documents from www.samba.org but I am still in
the mist.
Here is my dumb questions about Samba as follows.
1. Is CENTOS4.6+SAMBA3.0.25 as PDC +FEDORA-DS possible?
2. Is this HOWTO from
http://directory.fedoraproject.org/wiki/Howto:Samba sufficient
information? please suggest more
3. Since I tried to integrate Samba+Fedora-ds ,I am always stuck
at this step "net groupmap add".
Does these command need to be done? What will happen if we
skip them?
# net groupmap add rid=2512 ntgroup='Domain Admins'
unixgroup='Domain Admins'
# net groupmap add rid=2513 ntgroup='Domain Users'
unixgroup='Domain Users'
# net groupmap add rid=2514 ntgroup='Domain Guests'
unixgroup='Domain Guests'
# net groupmap add rid=2515 ntgroup='Domain Computers'
unixgroup='Domain Computers'
3.1 Linux won't allow me to add unix group name with space
like Domain Admins ,can we change to DomainAdmins (no space)
as I tried to add unix group DomainAdmins in linux box
and run the command , It is failed.
# net groupmap add rid=2512 ntgroup='Domain Admins'
unixgroup='DomainAdmins'
I also noticed that this somehow relates to smb.conf
file
Some source says:
ldap admin dn = cn=Directory Manager
or
ldap admin dn = cn=Directory Manager,dc=mycompany,dc=com
3.1.1 If I use this one ldap dn = cn=Directory Manager
The result of net groupmap show failed to add
group map
3.1.2 If I use this one ldap admin dn = cn=Directory
Manager,dc=mycompany,dc=com
The result of net groupmap show cannot find object
"cn=Directory Manager,dc=mycompany,dc=com"
3.2 Where does the command looks for ntgroup="Domain Admins'
to map with unixgroup=Domain Admins
3.3 Some source say the net group map should add type=d at
the end of the line ,is it true?
# net groupmap add rid=2512 ntgroup='Domain Admins'
unixgroup='Domain Admins' type=d
4. Does this line in my smb.conf look ok? (I installed Samba
& Fedora-ds in same machine)
passdb backend = ldapsam:ldap://192.168.100.7
5. Does these line need to be included in smb.conf file?
What will happen if we don't include them?
ldap idmap suffix = ou=Users
ldap passed sync = Yes
6. Does user add scripts need to be included in smb.conf
file?
How it works and when these lines are used.
What will happen if we don't include them.
# Useradd scripts
add user script =
/usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-useradd
-m %u
delete user script =
/usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-userdel
-r %u
add group script =
/usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-groupadd
%g
delete group script =
/usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-groupdel
%g
add user to group script
=/usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-groupmod
-G %g %u
add machine script =
/usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-useradd
-w %u
idmap uid = 15000-20000
idmap gid = 15000-20000
passwd program
=/usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-passwd %u
7. What does this command do? Do we have to do this with
every users?
# pdbedit -U $( net getlocalsid | sed 's/SID for
domain YOURWORKGROUP is: //' )-500 -u Administrator -r
8. In many HOWTO from website ,they state about PAM and NSS
config with ldap ,do we need it ,can we skip this?
9. I hardly find the instruction on how to set up Samba as
PDC + Fedora-ds ,please advise]
Thank you and Best Regards,
Tom
----------------------------------------------------------------------
Finally - A spam blocker that actually works.
http://www.bluebottle.com/tag/4
----------------------------------------------------------------------
Finally - A spam blocker that actually works.
http://www.bluebottle.com/tag/4
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
