Results 1 to 10 of 16

Thread: Samba LDAP Server

Hybrid View

  1. #1
    Join Date
    Jan 2011
    Location
    India
    Beans
    253
    Distro
    Kubuntu 12.04 Precise Pangolin

    Samba LDAP Server

    Hello Everyone,

    I have installed ubuntu 11.04 server edition on my server. Now, I want to create the SAMBA LDAP server. I have followed several guide on the Internet, but it is not working.
    I am very new to linux and not able to tackle the problem as needed. I need a guide, so please help me.

    In my office, there are 10 ubuntu machines and 10 windows machines (XP, Vista and Seven).

  2. #2
    Join Date
    Aug 2009
    Beans
    16

    Re: Samba LDAP Server

    Hello
    I spend 2 weeks to build my own PDC server and folder redirection with Ubuntu 11.04
    at the end I have done it , follow this guide here at this link
    but first you have to change your server hostname and add FQDN
    If you did it the new LDAP installation will work fine with, as happen with me
    I hope you make it

  3. #3
    Join Date
    Jan 2011
    Location
    India
    Beans
    253
    Distro
    Kubuntu 12.04 Precise Pangolin

    Re: Samba LDAP Server

    Thank You for helping.
    I already followed this guide but it gives me error -

    root@openserver:/etc/samba# smbldap-groupadd -a admindomain
    Cannot confirm gidNumber 1000 is free: checking for the next one
    Cannot confirm gidNumber 1001 is free: checking for the next one
    Cannot confirm gidNumber 1002 is free: checking for the next one
    Cannot confirm gidNumber 1003 is free: checking for the next one
    Cannot confirm gidNumber 1004 is free: checking for the next one
    Cannot confirm gidNumber 1005 is free: checking for the next one
    Cannot confirm gidNumber 1006 is free: checking for the next one
    Cannot confirm gidNumber 1007 is free: checking for the next one
    Cannot confirm gidNumber 1008 is free: checking for the next one
    Cannot confirm gidNumber 1009 is free: checking for the next one
    root@openserver:/etc/samba# smbldap-useradd -am -g admindomain admindomain
    Cannot confirm uidNumber 1000 is free: checking for the next one
    Cannot confirm uidNumber 1001 is free: checking for the next one
    Cannot confirm uidNumber 1002 is free: checking for the next one
    Cannot confirm uidNumber 1003 is free: checking for the next one
    Cannot confirm uidNumber 1004 is free: checking for the next one
    Cannot confirm uidNumber 1005 is free: checking for the next one
    Cannot confirm uidNumber 1006 is free: checking for the next one
    Cannot confirm uidNumber 1007 is free: checking for the next one
    Cannot confirm uidNumber 1008 is free: checking for the next one
    Cannot confirm uidNumber 1009 is free: checking for the next one
    root@openserver:/etc/samba# smbldap-passwd admindomain
    Changing UNIX and samba passwords for admindomain
    New password:
    Retype new password:
    root@openserver:/etc/samba# su - domainadmin
    Unknown id: domainadmin
    root@openserver:/etc/samba#

    My smb.conf file is

    # Global parameters
    [global]
    workgroup = NEXUSONE.LOCAL
    netbios name = openserver
    security = user
    enable privileges = yes
    #interfaces = 192.168.5.11
    #username map = /etc/samba/smbusers
    server string = Samba Server %v
    #security = ads
    encrypt passwords = Yes
    #min passwd length = 3
    #pam password change = no
    #obey pam restrictions = No

    # method 1:
    #unix password sync = no
    #ldap passwd sync = yes

    # method 2:
    unix password sync = yes
    ldap passwd sync = yes
    passwd program = /usr/sbin/smbldap-passwd -u "%u"
    passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n"

    log level = 0
    syslog = 0
    log file = /var/log/samba/log.%U
    max log size = 100000
    time server = Yes
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    mangling method = hash2
    Dos charset = CP932
    Unix charset = UTF-8

    logon script = logon.bat
    logon drive = H:
    logon home =
    logon path =

    domain logons = Yes
    domain master = Yes
    os level = 65
    preferred master = Yes
    wins support = yes
    # passdb backend = ldapsam:"ldap://ldap1.company.com ldap://ldap2.company.com"
    passdb backend = ldapsam:ldap://192.168.1.5/
    ldap admin dn = cn=admin,dc=nexusone,dc=local
    #ldap admin dn = cn=samba,ou=DSA,dc=company,dc=com
    ldap suffix = dc=nexusone,dc=local
    ldap group suffix = ou=groups
    ldap user suffix = ou=people
    ldap machine suffix = ou=Computers
    #ldap idmap suffix = ou=Idmap
    add user script = /usr/sbin/smbldap-useradd -m "%u"
    #ldap delete dn = Yes
    delete user script = /usr/sbin/smbldap-userdel "%u"
    add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
    add group script = /usr/sbin/smbldap-groupadd -p "%g"
    delete group script = /usr/sbin/smbldap-groupdel "%g"
    add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
    delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
    set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
    admin users = admindomain
    ldap ssl = no
    # printers configuration
    #printer admin = @"Print Operators"
    load printers = Yes
    create mask = 0640
    directory mask = 0750
    #force create mode = 0640
    #force directory mode = 0750
    nt acl support = No
    printing = cups
    printcap name = cups
    deadtime = 10
    guest account = nobody
    map to guest = Bad User
    dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
    show add printer wizard = yes
    ; to maintain capital letters in shortcuts in any of the profile folders:
    preserve case = yes
    short preserve case = yes
    case sensitive = no

    [netlogon]
    path = /home/netlogon/
    browseable = No
    read only = yes

    [profiles]
    path = /home/profiles
    read only = no
    create mask = 0600
    directory mask = 0700
    browseable = No
    guest ok = Yes
    profile acls = yes
    csc policy = disable
    # next line is a great way to secure the profiles
    #force user = %U
    # next line allows administrator to access all profiles
    #valid users = %U "Domain Admins"

    [printers]
    comment = Network Printers
    #printer admin = @"Print Operators"
    guest ok = yes
    printable = yes
    path = /home/spool/
    browseable = No
    read only = Yes
    printable = Yes
    print command = /usr/bin/lpr -P%p -r %s
    lpq command = /usr/bin/lpq -P%p
    lprm command = /usr/bin/lprm -P%p %j
    # print command = /usr/bin/lpr -U%U@%M -P%p -r %s
    # lpq command = /usr/bin/lpq -U%U@%M -P%p
    # lprm command = /usr/bin/lprm -U%U@%M -P%p %j
    # lppause command = /usr/sbin/lpc -U%U@%M hold %p %j
    # lpresume command = /usr/sbin/lpc -U%U@%M release %p %j
    # queuepause command = /usr/sbin/lpc -U%U@%M stop %p
    # queueresume command = /usr/sbin/lpc -U%U@%M start %p

    [print$]
    path = /home/printers
    guest ok = No
    browseable = Yes
    read only = Yes
    valid users = @"Print Operators"
    write list = @"Print Operators"
    create mask = 0664
    directory mask = 0775

    [public]
    path = /tmp
    guest ok = yes
    browseable = Yes
    writable = yes

    I have followed all the steps correctly.

  4. #4
    Join Date
    Jan 2011
    Location
    India
    Beans
    253
    Distro
    Kubuntu 12.04 Precise Pangolin

    Re: Samba LDAP Server

    Please Help Me..................

  5. #5
    Join Date
    Aug 2009
    Beans
    16

    Re: Samba LDAP Server

    do this command
    # getent group
    it should be look like this
    ################################################## #####################
    Domain Admins:*:512:root
    Domain Users:*:513:
    Domain Guests:*:514:
    Domain Computers:*:515:
    Administrators:*:544:root
    Account Operators:*:548:
    Print Operators:*:550:
    Backup Operators:*:551:
    Replicators:*:552:
    ################################################## #####################

  6. #6
    Join Date
    Jun 2007
    Beans
    1,941

    Re: Samba LDAP Server

    As was stated in the other thread you posted in.

    www.zentyal.com - makes things much easier if you don't want to learn how to do it on your own. It'll also make training other admins easier...

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •