[Samba] Updated 99samba-schema-netscapeds5.ldif
Anyone have the latest 99samba-schema-netscapeds5.ldif for SunOne/iPlanet. The latest one is only from 1/2005. I need one that has the attributes for 3.0.21. I will convert the latest openldap one but just wanted to see if anyone has already done it. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Account deactivations
Is there a way to turn off deactivation of accounts when too many failed password attempts kick in and deatcivates the account by putting the D flag in sambaAcctflags. How about a way to increase the number to lets say 10 instead of 3. Just looking for a way w/o going into the source. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: University's using samba and ldap
You almost said what I wanted to hear :) The problem here is that we have 50k accounts in ldap and almost everything authenticates off of it. We started out w/ Samba and one DC in 2 small test labs. Now were looking at putting into a mega lab for 700 machines and hopefully control a bunch of stuff using samba. The problem is that now all the other small colleges (departments) want to have their own control and possibly own domain. Plus I dont want to administer their systems. My first thought was the SID issue but it seems that it worked for you. I've decided to get a consultant in here for like 10 hours to just help may lay out the basic architecture just make sure were doing everything right from the get go before samba gets to big on campus. Oh yeh.. We also have a Tru 64 box that everyone has an account on. It has samba running on it and I joined it o the domain so evryone now gets their files mapped when they log in. We also created a web gui so users can get their files when their off campus. I hope all of this work doesnt go to waste because we looking at syncing up our AD w/ ldap so then all of these labs would just use AD. I would like to say screw AD but I dont see us kicking it to the curb. Original message Date: Wed, 12 Jan 2005 07:03:20 -0500 (EST) From: William Jojo [EMAIL PROTECTED] Subject: Re: [Samba] Re: University's using samba and ldap To: Alexander E. Patrakov [EMAIL PROTECTED] Cc: samba@lists.samba.org [EMAIL PROTECTED] wrote: Is there anyone out there from other university's that would be willing to talk to me about you samba layout. We already have it in place but we other colleges within the university that want to start using our setup but want there own domains. I'm kind of confused how this would all work. I'd like to offer our success story from Hudson Valley Community College in New York, USA. We are using Samba as DC for authentication with file and print services. Our setup is a bit different from most, I would gather. Setup: 3 - AIX 5.2 boxes with Samba 3.0.10 each with different domain names, but the same SID. This was done to have all three servers share the same identical LDAP backend. Eventually we'll be one domain, but for now this works better than we could have hoped for. The LDAP server is a fourth AIX box with OpenLDAP 2.2.20 using BerkeleyDB 4.2. I spent much time reading Gerald Carter's LDAP System Administration book. We used to be an smbpasswd type setup. This didn't scale well as we have 19000+ accounts in the database (yes I said 19,000). Also we used to NFS mount the smbpasswd file from one server to the other two so they shared the password info. This was simply to offer a single sign on feature and allowed machines to be in one domain and then have a technician move it to another at will. We didn't use the PADL scripts. They are good scripts, but didn't offer the flexibility we needed to have complete control of the database (this was truly a control issue :-) ) and there were additional attributes we needed to add for sanity checks and reconciliation of users against SCT Banner. So we wrote our own library of functions and scripts in ksh (sorry all you perl fans). Essentially we build user accounts outside of AIX and Samba by creating the entries ourselves. We built a C program to search for the next free unix uid in the LDAP database (which is range tunable to assist in rapid scripting of user generation) We also wrote a piece of C code to migrate the user databases from flat files to ldif format to preserve all values and add a few more for in-house maintenance. We used the algorithmic methods of computing the user and group rid's which is what Samba was doing internally using the smbpasswd file for authentication info. So why did we set the SID's the same? We knew that eventually we'd be a single domain installation and we knew that moving to LDAP was only months away, so we set up all the domains that way and rejoined everything in preparation. With assistance from John Terpstra who commented on my plans (posted here several months ago) who said in theory it looked good, we set forth on this mission. (Many hours were spent reading his Samba 3 by Example book as well) We were lucky to also have a four server development area at the time, so we built everything just like production. We joined the machines using flat files, migrated to LDAP and pointed the server to the LDAP master andamazinglyit all still worked - roaming profiles and all. One thing to note is we also do not use winbindd. AIX uses LDAP internally for the users and we create the IDMAP entries at the time we create the users and we have scripts to add the sambagroupmappings when we create a unix group. So everything is integrated at the point of LDAP. No pam or nss is involved at all. We use secldapclntd which is part of AIX that allows us to tell AIX to listen
[Samba] Trying different domain
I have a quick question. We currently have our main domain setup and use ldap. I have another department that would like to use samba but I dont want them to use the same SID that we use and dont want to add anything else to ldap. They will run their own server and I wasnt to allow them to use our ldap info and also want them to kind of have there own domain features without adding more stuff to ldap. Anyone havve a good way to go about this?? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] University's using samba and ldap
Is there anyone out there from other university's that would be willing to talk to me about you samba layout. We already have it in place but we other colleges within the university that want to start using our setup but want there own domains. I'm kind of confused how this would all work. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] start tls problem
I dont use the openldap service so I dont think setting it here would matter. Only the libraries. My Sun One systems are on other box's. Anyone else know where to put this CA cert for when samba uses tls? Original message Date: Mon, 30 Aug 2004 11:48:10 -0700 From: Jeff Saxton [EMAIL PROTECTED] Subject: RE: [Samba] start tls problem To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] For openldap it is (usually) specified in /usr/local/openldap/etc/openldap/ldap.conf WATCH OUT: if you have the padl stuff installed there are ( usually ) 2 ldap.conf files, one for openldap and 1 for padl These have very different syntaxes. You can use the following command to see which file is being used by openldap: # strace ldapsearch -x -D 'cn=manager,dc=example,dc=com' -b 'ou=people,dc=example.dc=com' -w secret | grep ldap.conf I believe that the config file directive is: TLS_CACERT /path/to/ca/cert.pem Jeff Saxton Sr. Support Engineer Addamark Technologies, Inc. http://www.addamark.com mailto:[EMAIL PROTECTED] CELL: +1 415-640-6392 -Original Message- From: [EMAIL PROTECTED] [mailto:samba- [EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, August 30, 2004 11:38 AM To: [EMAIL PROTECTED] Subject: [Samba] start tls problem I'm having trouble getting tls working. It used to work until I changed the smb.conf file to to poing to a different host. I think I have tracked it down to ldap servers ssl cert issuer(CA). I keep getting errors like self signed certificate in certificate chain while using openssl commands or a ldapsearch w/ tls and debug mode. So my question is... Where can I put a copy of my CA's cert. Everything workes fine with openssl command when I throw it a file the ca certs in it. What does samba/ldap use. Do I need to put it in the openssl stuff? Any help is appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba-Ldap Help -- URGENT
I had everything working great but we needed to switch our PDC and File server to connect to the production ldap server farm. They were both using tls with NO PROBLEM. So I switched the ldap host name and now both are not secure :( This is one of the weirdest thing I've see. With TLS turned on --- The PDC wont try to bind as the dn specified. So the server cant see any attributes due to the aci's. The File Server returns the ..SSL routines:SSL3_GET_SERVER_CERTIFICATE...cant verify.. error I am stumped all I did was change the host in my smb.conf. Any ideas??? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] file server using ldap
I have a pdc set up using ldap and everything works great. All it does is is authenticate user for a lab environment. I have also set up another samba server to just act as a file server for users home directories. Everything works fine but I see errors in my logs. I have security = user. I see that it keeps trying to add itself to ldap as a sambaDomainName. I know that it cant add it because I didnt give that system access to add anything to ldap. My question is that why it trying to add itself as a domain. I dont want it to be a domain. I dont think I'm understanding it correctly. Could someone give me quick 123 on what you would do to set my configuration up. All I want this system to do is act like a file server while getting its info from ldap. Do I need to do setlocalsid on this system? Maybe that would solve it. Thanks in advance!! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3 on tru64
I cant get paased this step no matter what I try. I'm running tru64 and have no problems running samba 2*. Any ideas? Compiling dynconfig.c cc: Error: include/proto.h, line 554: Ill-formed parameter type list. (parmtyplist) LDAP_CONST char *reqoid, struct berval *reqdata, ---^ *** Exit 1 Stop. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Ldap Question
Do I have to add all my users to the default user group in ldap. I have over 50k accounts and it seems like a nightmare to keep track of. The same thing for the computer group? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba group question
How do I get around adding all of my users and computers to a group. They are all assigned their appropriate groups and I dont want to have the user group with 50k member uid's in it? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Different domains
Can users/computer be part of different Domains? I've noticed that the user/computer needs that DC Sid in it. I would like for users/computers to be part of different Domains at any given time. Is this possible and how within the same ldap entry. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP authentication problem
First thing that I noticed was that you need to change your search to include sambaSamAccount not sambaAccount. What does that users whole ebtry look like? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] deny unix login
I have 50k accounts in ldap and I'm using samba 3 and pam/nsswitch for authentication and user info. I basically dont want user logging directly into the box. I did this by turning the authentication part off in pam. Am I missing something or could anything cause me problems down the road. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Minimum ldap config
I currently have samba3 authenticating off of my ldap server but now I want to just do the minimum. We currently have an ldap farm that is the backbone of almost everything at our university but we want to allow authentication in the labs. What are the minimum samba posix attributes that I can get away with. All I want is to allow authentication into a lab worksation, some printing, and a temp space. I dont need to do anything else at this time. Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba as a file server
I currently have samba 3.0.2 working with ldap as a filer sever Only. My question is how would I get samba working as file server that would handle 50k users. My main concern is that I want reliability. I would also like to be able to build horizantally if needed. I was first thing some type of cluster connecting to a SAN but I would rather do it like we do our webservices. We have x numer of small systems behind an alteon. Could I do something like this with samba as just a file server. Any recomendations on the setup? I also plan on looking into having samba doing some authentication for the different domains around our campus. Would you make our Samba file server a PDC Excuse my limited knoweledge on all this domain and winblows stuff. I still have a lot more reading to do. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba, pdc, ldap question
Sorry about the email addy. I was testing something and forgot to switch it back. I could join someones windows domain here at the university but all of the that is useless to me or altleast the data in there is. Our main source of user info and the only one that is reliable is in our ldap server. It is used throughout the univeristy is our central means of authentication. I would like to get samba up and running as a file server so users can mount there shares. I guesse my main question is how do I get all the needed samba info into ldap fo rall my existing 50k users. I also have /etc/* on my true64 system which holds all uids/passwords and groups if needed to get the needed samba data and windows passwords into ldap. Whats the best way to do this in an existing ldap environment. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba, pdc, ldap question
Do I need them in cleartext? All I have are all of them in {crypt}. Also.. Do I actually need the posix stuff as well. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] ldap help
I'm having problems getting my iplanet ds 5.1 sp2 working w/ samba. I have a bunch of question but I cant find it in the documentation. I'm running samba 3.0 and have an existing ldap server w/ 100K entries. 1.Do you really need all of the attributes in the samba schmema. It sure seems like its going to junk up all my entries? 2. Is there any really good documentation out there? 3. Why is it that when I use tls I dont bind as the admin. When I turn it off then I bind. 4. I'm having troubles adding users since I already have them in ldap. What is the best way to just add the need info into each entry? 5. When I try to add a user to ldap w/ smbpasswd, it keep trying to add the entry to a entry dn: SambaDomainEntry=Hostname,dc=temple,dc=edu. Why wont it add it to my people sub-tree. Thanks in advance I have many more questions but I cant think of any now. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba