I believe yes. W8pro client can connect to it and access shared folders. I used this tutorial to allow simple bind within nslcd:
http://www.linuxgfx.co.uk/karoshi/do...Samba4_Testing
I can run:
Code:
Kinit Administrator@ODM.LAN
ldapsearch -D ODM\Administrator -w Pa$$w0rd -b "dc=odm,dc=lan" -H ldap://10.1.1.1 -Y GSSAPI
This works only with:
Code:
apt-get install libsasl2-modules-gssapi-heimdal
However getent passwd does not work. No samba4 ldap users in list.
In addition, this:
Code:
/usr/lib/squid3/squid_ldap_auth -u cn -b "cn=Users,dc=odm,dc=lan" 10.1.1.1
Administrator Pa$$w0rd
OK
Works too but only for Administrator. Squid_ldap_group doesn’t work at all (ERR success)
The U12.04.2 has now Samba 4.0.1. (My bad)
My smb.conf:
Code:
# Global parameters
[global]
workgroup = ODM
realm = ODM.LAN
netbios name = ODM-GW-SRV01
server role = domain controller
server services = smb, s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate
idmap_ldb:use rfc2307 = yes
acl:search = false
interfaces = 10.1.1.1/24 LAN lo 127.0.0.1
bind interfaces only = yes
allow dns updates = True
dcerpc endpoint servers = +winreg +srvsvc
wins support = yes
wins proxy = yes
template shell = /bin/bash
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind expand groups = 4
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind offline logon = yes
winbind normalize names = Yes
idmap config HOME:schema_mode = rfc2307
idmap config HOME:range = 20000-3100000
idmap config HOME:backend = ad
idmap config *:range = 1100-2000
idmap config *:backend = tdb
[netlogon]
path = /var/lib/samba/sysvol/odm.lan/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[profiles]
comment = Users Profile Directories
path = /data/profiles
read only = no
create mask = 0600
directory mask = 0700
#profile acls = yes
[homes]
comment = Users Homes Directories
path = /data/homes
read only = no
create mask = 0600
directory mask = 0700
#profile acls = yes
[printers]
comment = All Printers
path = /data/print/spool
#guest ok = yes
printable = yes
read only = no
[shares]
comment = Global share for all users
path = /data/global
read only = No
directory mask = 0777
create mask = 0777
Suggestions?
Thank you.
PS: getent passwd, is working now but only with Administrator in nslcd.conf. It looks not safe to me. I would like to use a specific ldap user.
Bookmarks