Re: [Samba] Samba4 AD/LDAP question
Hi, as far as I know samba4 does not support local users yet. So your linux boxes must use samba winbind in some kind. I don't think that a samba ads to ldap sync is working by now. However on some linux boxes esp. suse I think has the support to manage ads auth by yast. This should be working against samba 4 ads or windows ads. Good Luck Danile --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Aly Khimji Gesendet: Montag, 4. April 2011 02:24 An: samba@lists.samba.org Betreff: [Samba] Samba4 AD/LDAP question Hi guys, First time poster so I do apologize if this question has been asked before. In a test set up we are trying to use samba4 to authenticate a small network with Linux, Win, and OSX clients. I have successfully deployed samba4 in domain controller mode, can attach windows machines to it, manage the DC via windows tools. We can also join Linux servers to the domain, however my problem is as follows, When attempting to log into a Linux server, excluding local users, the only directory user that can log in is the Administrator. Any other directory user that attempts to log in gets a No Logon Servers, however if move that same user into the Domain Admins group they can log in with no issues (yes as UID=0) as reported in /var/log/secure. Can someone please explain why this happens, and what step have i missed that would allow regular users to log in? That being said, my second question is, if it possible to have the samba4 server in domain controller mode, but have Linux clients authenticate via ldap as appose to winbind? For example, when configuring an authentication method if it would possible to use LDAP instead of samba/winbind? I tried to configure LDAP (correct base, host, uri, etc..) but when it doesn't seem to pull any info? eg id or getent doesn't work. Any pointers are greatly appreciated, I am just testing out the capabilities of 4, i understand its still in Alpha but hope you guys might have some experience with it. Thanks Aly -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 AD/LDAP question
Hi guys, First time poster so I do apologize if this question has been asked before. In a test set up we are trying to use samba4 to authenticate a small network with Linux, Win, and OSX clients. I have successfully deployed samba4 in domain controller mode, can attach windows machines to it, manage the DC via windows tools. We can also join Linux servers to the domain, however my problem is as follows, When attempting to log into a Linux server, excluding local users, the only directory user that can log in is the Administrator. Any other directory user that attempts to log in gets a No Logon Servers, however if move that same user into the Domain Admins group they can log in with no issues (yes as UID=0) as reported in /var/log/secure. Can someone please explain why this happens, and what step have i missed that would allow regular users to log in? That being said, my second question is, if it possible to have the samba4 server in domain controller mode, but have Linux clients authenticate via ldap as appose to winbind? For example, when configuring an authentication method if it would possible to use LDAP instead of samba/winbind? I tried to configure LDAP (correct base, host, uri, etc..) but when it doesn't seem to pull any info? eg id or getent doesn't work. Any pointers are greatly appreciated, I am just testing out the capabilities of 4, i understand its still in Alpha but hope you guys might have some experience with it. Thanks Aly -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 AD/LDAP question
On 04/03/2011 07:24 PM, Aly Khimji wrote: Hi guys, First time poster so I do apologize if this question has been asked before. In a test set up we are trying to use samba4 to authenticate a small network with Linux, Win, and OSX clients. I have successfully deployed samba4 in domain controller mode, can attach windows machines to it, manage the DC via windows tools. We can also join Linux servers to the domain, however my problem is as follows, When attempting to log into a Linux server, excluding local users, the only directory user that can log in is the Administrator. Any other directory user that attempts to log in gets a No Logon Servers, however if move that same user into the Domain Admins group they can log in with no issues (yes as UID=0) as reported in /var/log/secure. Can someone please explain why this happens, and what step have i missed that would allow regular users to log in? In smb.conf set template shell = /bin/bash That being said, my second question is, if it possible to have the samba4 server in domain controller mode, but have Linux clients authenticate via ldap as appose to winbind? You have to use winbind or you will not get the right id mapping. [global] workgroup = EXAMPLE realm = EXAMPLE.COM security = ADS password server = 192.168.173.10 log file = /var/log/samba/samba3.log ldap ssl = no idmap backend = idmap_rid:EXAMPLE=500-400 idmap uid = 500-400 idmap gid = 500-400 template homedir = /home/%U template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind offline logon = Yes For example, when configuring an authentication method if it would possible to use LDAP instead of samba/winbind? I tried to configure LDAP (correct base, host, uri, etc..) but when it doesn't seem to pull any info? eg id or getent doesn't work. In /etc/nsswitch.conf passwd: files winbind shadow: files winbind group: files winbind and link 2 modules, these are for a 64 bit system, if yours is not just remove 64 from the links ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib64/libnss_winbind.so ln -s /usr/local/samba/lib/pam_winbind.so /lib64/security/pam_winbind.so Any pointers are greatly appreciated, I am just testing out the capabilities of 4, i understand its still in Alpha but hope you guys might have some experience with it. Thanks Aly -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 AD/LDAP question
Hi John, thanks for the feed back, I continued to have issues, then I realized I was missing the library in question and after a quick google realized I had samba/samba-winbind installed from repo but it was an older version. Samba3x in the RHEL/Centos repo contained the proper library and authentication now works for all users. So thank you very much. Samba4 in domain controller mode, is the only way for a Linux client to authenticate against it via winbind? can regular LDAP authentication not be used? Base DN, URI, etc..? Please advise Thanks Aly On Sun, Apr 3, 2011 at 9:00 PM, Taylor, Jonn jo...@taylortelephone.comwrote: On 04/03/2011 07:24 PM, Aly Khimji wrote: Hi guys, First time poster so I do apologize if this question has been asked before. In a test set up we are trying to use samba4 to authenticate a small network with Linux, Win, and OSX clients. I have successfully deployed samba4 in domain controller mode, can attach windows machines to it, manage the DC via windows tools. We can also join Linux servers to the domain, however my problem is as follows, When attempting to log into a Linux server, excluding local users, the only directory user that can log in is the Administrator. Any other directory user that attempts to log in gets a No Logon Servers, however if move that same user into the Domain Admins group they can log in with no issues (yes as UID=0) as reported in /var/log/secure. Can someone please explain why this happens, and what step have i missed that would allow regular users to log in? In smb.conf set template shell = /bin/bash That being said, my second question is, if it possible to have the samba4 server in domain controller mode, but have Linux clients authenticate via ldap as appose to winbind? You have to use winbind or you will not get the right id mapping. [global] workgroup = EXAMPLE realm = EXAMPLE.COM security = ADS password server = 192.168.173.10 log file = /var/log/samba/samba3.log ldap ssl = no idmap backend = idmap_rid:EXAMPLE=500-400 idmap uid = 500-400 idmap gid = 500-400 template homedir = /home/%U template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind offline logon = Yes For example, when configuring an authentication method if it would possible to use LDAP instead of samba/winbind? I tried to configure LDAP (correct base, host, uri, etc..) but when it doesn't seem to pull any info? eg id or getent doesn't work. In /etc/nsswitch.conf passwd: files winbind shadow: files winbind group: files winbind and link 2 modules, these are for a 64 bit system, if yours is not just remove 64 from the links ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib64/libnss_winbind.so ln -s /usr/local/samba/lib/pam_winbind.so /lib64/security/pam_winbind.so Any pointers are greatly appreciated, I am just testing out the capabilities of 4, i understand its still in Alpha but hope you guys might have some experience with it. Thanks Aly -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba