Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 38

Thread: Authenticate new samba fileserver using existing Samba ldap PDC.

  1. #21
    Join Date
    Nov 2010
    Beans
    19
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Authenticate new samba fileserver using existing Samba ldap PDC.

    so.. do u want to set up fileserver in another pc? right?

    i think u don't need to set up LDAP anymore...
    just put these lines in your fileserver smb.conf

    and change ldapsam:ldap://hostname with your existing LDAP server..

    or u can use your existing smb.conf from your existing samba+ldap server...

    i think it should be work...

    passdb backend = ldapsam:ldap://hostname
    ldap suffix = dc=example,dc=com
    ldap user suffix = ou=People
    ldap group suffix = ou=Groups
    ldap machine suffix = ou=Computers
    ldap idmap suffix = ou=Idmap
    ldap admin dn = cn=admin,dc=example,dc=com
    ldap ssl = start tls
    ldap passwd sync = yes

  2. #22
    Join Date
    Sep 2010
    Location
    Indian Capital City
    Beans
    915
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Authenticate new samba fileserver using existing Samba ldap PDC.

    After asking you lots of question, hunting around the bush, wasting your time
    I would again go back to comment #8(as mentioned by s1nch4n too) and suggest that you don't need PAM and nsswitch configurations, just the LDAP + Samba config on your fileserver with the appropriate values
    When you have eliminated the impossible, whatever remains, however improbable, must be the truth !!
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Mark it [SOLVED] if the issue has been resolved

  3. #23
    Join Date
    Jul 2010
    Beans
    89

    Re: Authenticate new samba fileserver using existing Samba ldap PDC.

    Getting this error on the fileserver when i go to do the net getlocalsid

    Code:
    net getlocalsid
    [2010/11/04 19:02:42,  0] lib/smbldap.c:690(smb_ldap_start_tls)
      Failed to issue the StartTLS instruction: Protocol error
    [2010/11/04 19:02:43,  0] lib/smbldap.c:690(smb_ldap_start_tls)
      Failed to issue the StartTLS instruction: Protocol error
    [2010/11/04 19:02:44,  0] lib/smbldap.c:690(smb_ldap_start_tls)
      Failed to issue the StartTLS instruction: Protocol error
    [2010/11/04 19:02:45,  0] lib/smbldap_util.c:310(smbldap_search_domain_info)
      smbldap_search_domain_info: Adding domain info for NJ-FS failed with NT_STATUS_UNSUCCESSFUL
    SID for domain NJ-FS is: S-1-5-21-1482077221-1978466973-40240

  4. #24
    Join Date
    Sep 2010
    Location
    Indian Capital City
    Beans
    915
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Authenticate new samba fileserver using existing Samba ldap PDC.

    Have you set
    Code:
    # Make sure you have TLS setup on LDAP server if you are using this
    ldap ssl = start tls
    If you don't have TLS on LDAP server, change it
    Code:
    ldap ssl = off
    Then restart the service and again give it a try

    Also, post output for
    Code:
    testparm -s
    When you have eliminated the impossible, whatever remains, however improbable, must be the truth !!
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Mark it [SOLVED] if the issue has been resolved

  5. #25
    Join Date
    Jul 2010
    Beans
    89

    Re: Authenticate new samba fileserver using existing Samba ldap PDC.

    That did the trick...

    Question...
    In the samba config file, exactly how would i set permissions for people.... if the person logs in using testacct1 to the domain controller... In the smb.conf do i use testacct1 in the valid users, under a share?

  6. #26
    Join Date
    Nov 2010
    Beans
    19
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Authenticate new samba fileserver using existing Samba ldap PDC.

    Quote Originally Posted by david.garceau View Post
    That did the trick...

    Question...
    In the samba config file, exactly how would i set permissions for people.... if the person logs in using testacct1 to the domain controller... In the smb.conf do i use testacct1 in the valid users, under a share?
    i'm using ACL to set directory/folder permissions, not from smb.conf ...

    in smb.conf i only put something like this


    create mask = 0775
    directory mask = 0775

    [Accounting Shared]
    path = /our_shared_dir/accounting/
    read only = no
    guest = no

    [Engineer Shared]
    path = /our_shared_dir/engineer/
    read only = no
    guest = no


    and in the parent directory from samba share

    # chmod 775 /our_shared_dir/

    and retrieve gid

    # wbinfo --group-info “Accounting”

    Accounting:*:3000012:

    and then

    # chown root:3000012 /our_shared_dir/accounting/

  7. #27
    Join Date
    Jul 2010
    Beans
    89

    Re: Authenticate new samba fileserver using existing Samba ldap PDC.

    Im all screwed up now... Do you think we could start from step 1...


    Setup ldap server.

    What steps inside https://help.ubuntu.com/10.04/server...ap-server.html
    need to be done? Are there any additional steps...

    Setup fileserver...

    Basic install of samba, setup the smb.conf file with
    passdb backend = ldapsam:ldap://hostname
    ldap suffix = dc=example,dc=com
    ldap user suffix = ou=People
    ldap group suffix = ou=Groups
    ldap machine suffix = ou=Computers
    ldap idmap suffix = ou=Idmap
    ldap admin dn = cn=admin,dc=example,dc=com
    ldap ssl = start tls
    ldap passwd sync = yes

    Do i need SSL in order for this to work?

  8. #28
    Join Date
    Jul 2010
    Beans
    89

    Re: Authenticate new samba fileserver using existing Samba ldap PDC.

    s1nch4n,
    It also seems as if you are using winbind too. Do i need to set this up on my fileserver also?

  9. #29
    Join Date
    Sep 2010
    Location
    Indian Capital City
    Beans
    915
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Authenticate new samba fileserver using existing Samba ldap PDC.

    Quote Originally Posted by david.garceau View Post
    Im all screwed up now... Do you think we could start from step 1...


    Setup ldap server.

    What steps inside https://help.ubuntu.com/10.04/server...ap-server.html
    need to be done? Are there any additional steps...

    Setup fileserver...

    Basic install of samba, setup the smb.conf file with
    passdb backend = ldapsam:ldap://hostname
    ldap suffix = dc=example,dc=com
    ldap user suffix = ou=People
    ldap group suffix = ou=Groups
    ldap machine suffix = ou=Computers
    ldap idmap suffix = ou=Idmap
    ldap admin dn = cn=admin,dc=example,dc=com
    ldap ssl = start tls
    ldap passwd sync = yes

    Do i need SSL in order for this to work?
    Back to square one ?? LDAP server setup

    Any success ? I always use slapd.conf thing, no cn=config stuff [you may call me orthodox ]

    You don't need SSL for normal working of LDAP server and ldap ssl = off in smb.conf with no SSL.

    Also, never use winbind with LDAP. This is what I have learnt from my past experience
    When you have eliminated the impossible, whatever remains, however improbable, must be the truth !!
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Mark it [SOLVED] if the issue has been resolved

  10. #30
    Join Date
    Nov 2010
    Beans
    19
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Authenticate new samba fileserver using existing Samba ldap PDC.

    Quote Originally Posted by david.garceau View Post
    s1nch4n,
    It also seems as if you are using winbind too. Do i need to set this up on my fileserver also?
    ups... my mistake... i was using samba 4 as a DC...

    but it should be no different... the only thing that u need is a SID or GID...

    if you want to set share permission from smb.conf, first you need to set directory share permission to all user and group...

    in smb.conf put these lines

    [Accounting Shared]
    valid users = Accounting
    path = /our_shared_dir/accounting/
    read only = no
    guest = no
    Last edited by s1nch4n; November 8th, 2010 at 03:45 AM.

Page 3 of 4 FirstFirst 1234 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •