Samba as domain member to another samba PDC
in [Samba]
|
Prev: [Samba] Samba as domain member to another samba PDC
Next: [Samba] web based index of samba share contents
From: Andreas Heinlein on 4 Jan 2010 09:00 Daniel Müller schrieb: > Hello, > when i have read wright. You joined an ubuntu samba pc to your samba > domain! > testparm gives you: ROLE_DOMAIN_MEMBER? Correct. > First of all your domain member must have exactly the same users and > passwords as your pdc/ldap. > You can do that with installing ldapclient. Configure it with > ldapserver: your pdc/ldap. > Now getent passwd and getend group should show you all your > users/groups kept on you pdc/ldap. I did that using libpam-ldap/libnsswitch-ldap. getent group/passwd returns what you say, and user authentication on the UNIX side works well. > If you succed with this. You need in your smb.conf: > security=DOMAIN > password server=YOUR-PDC-LDAP I have password server = *, but explicitly setting the PDC changes nothing. > For me I had to copy my ladp config section from my smb.conf on my PDC > here: > ldap.... > idmap backend=ldap:ldap://YOUR-PDC-LDAP > idmap uid... > idmap gid.... > I do not currently have the idmap... things, since I thought I do not need them. I tried, and it changed nothing. "pdbedit -L" still returns "SID ... does not belong to our domain". What does it return on your machine? Bye, Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Andreas Heinlein on 5 Jan 2010 07:20
Daniel Müller schrieb: > Hello, > with pdbedit -L on my MemberServer (Samba) I could not list the domain > users and groups! > With pdbedit -L it is only working on my PDC(Samba) I assume then this is - at least at the moment - "normal" behaviour of pdbedit. Perhaps someone else on this list can tell me if this is going to change or has already changed e.g. with Samba 4. > Try getent passwd and getent group instead. If there show up your > users and groups. > try example: touch test.txt and then chown > yourdomainuser:thisuserdomaingroup. > If this function you can test next: Make a share on your > SambaMemberServer. Give the rights to a user > only known in your SambaDomain (no local user!!!!) . Try to connect > the share as this user. > If this is working you got it. I already did that, and it works. That's not the point I'm asking for. As I wrote in my first post, I want to use a GUI for creating samba shares that relies on the output of pdbedit -L for listing users which are allowed/denied access. If pdbedit -L does not work, I will either have to write my own "pdbedit" which wil mimic the expected output by calling ldapsearch and formatting the output like pdbedit does. Or I will have to find another suitable GUI. Thank you for your help, Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |