LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   ldap+samba problem plz help (https://www.linuxquestions.org/questions/linux-newbie-8/ldap-samba-problem-plz-help-528599/)

venki 02-13-2007 04:33 AM

ldap+samba problem plz help
 
hi all ,

my sladp.conf is
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/rfc2307bis.schema
include /etc/openldap/schema/yast.schema
include /etc/openldap/schema/samba3.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org

pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args

# Load dynamic backend modules:
modulepath /usr/lib/openldap/modules
# moduleload back_ldap.la
# moduleload back_meta.la
# moduleload back_monitor.la
# moduleload back_perl.la

# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access to user password
# Allow anonymous users to authenticate
# Allow read access to everything else
# Directives needed to implement policy:
access to dn.base=""
by * read

access to dn.base="cn=Subschema"
by * read

access to attrs=userPassword,userPKCS12
by self write
by * auth

access to attrs=shadowLastChange
by self write
by * read

access to *
by * read

# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#######################################################################
# BDB database definitions
#######################################################################

database bdb
suffix "dc=example,dc=com"
checkpoint 1024 5
cachesize 10000
rootdn "cn=Manager,dc=example,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {SSHA}Mru8heilTlerO1YSl2nfllSnZTIeFXxi
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap/example.com
# Indices to maintain
index objectClass eq
index objectClass,uid,uidNumber,gidNumber,member,memberUid eq
index default sub
_________________________________________________________________________________________
my smb.conf is
[global]
# Domain name
workgroup = CYTRION
# The description string you see when browsing to the server
server string = StressFree File and Print Server
# Low log level as we don’t want the logs flooded
log level = 1
# On this server we are using the CUPS print system for printing
printing = cups
# Instructs Samba to only listen on the specified interfaces
bind interfaces only = yes
interfaces = eth0
# Printer setup info
printcap name = cups
printcap cache time = 750
cups options = raw
username map = /etc/samba/smbusers
map to guest = Bad User
# Path to the Windows roaming profile %L = Server NetBIOS name
logon path = %Lprofiles.msprofile
# Defines the user’s home drive and what Drive it should be mapped to
logon home = %L%U.9xprofile
logon drive = H:
# Defines the logon script to be read from the Netlogon share
logon script = logon.bat
# This option defines how users are authenticated
security = user
# Windows machines joined to the domain. Being a Mac user I prefer the more
# flexible security = user
# Sets up the LDAP username/password backend
#passdb backend = ldapsam:ldap://localhost

add machine script = /sbin/yast /usr/share/YaST2/data/add_machine.ycp %m$
# Sets up the PDC
domain logons = Yes
domain master = Yes
# Defines where groups and computers are found in the LDAP tree
ldap suffix = dc=example,dc=com
ldap admin dn = cn=Manager,dc=example,dc=com
idmap backend = ldap:ldap://192.162.1.9
ldap idmap suffix = ou=groups
ldap ssl = No
#ldap machine suffix = ou=Computers
# Sets up some NetBIOS details such as the server name and WINS support
local master = Yes
netbios name = SERVER
os level = 65
preferred master = Yes
wins support = yes
name resolve order = wins lmhosts bcast
disable netbios = yes
use client driver = no
time server = yes
# Define some useful file options for increasing general speed
socket options = TCP_NODELAY IPTOS_LOWDELAY
preserve case = yes
strict locking = no
passdb backend = ldapsam:ldap://192.162.1.9

[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes

[test]
comment = test
path = /work-station/test
valid users = prasad,venkat
admin users = prasad,venkat

____________________________________________________________________________________

so ldap is working perfectly..i tested in another system making that as ldap client,
where as samba is not giving any errors ...
but whn i entered through venkat in ldap..and also one of the user in test folder in samba.
but whn i use samba it is asking password for venkat? what password shld i give..?
if i use smbpasswd -a venkat then what is the need of samba+ldap??

plz help me

venki 02-14-2007 04:38 AM

plz help me or give any links which help me!
plz do this favour to me..my work is stopped because of this

paul_mat 02-17-2007 10:01 AM

I have a how-to on my website http://www.opensourcehowto.org for setting up samba as a primary domain controller (PDC)

OpenLDAP LAM Samba as PDC
http://www.opensourcehowto.org/how-t...ba-as-pdc.html

and if you feeling a little bit more adventurous later on you could try getting into the policies with samba

Samba Primary Domain Controller with Group Policies
http://www.opensourcehowto.org/how-t...-policies.html


All times are GMT -5. The time now is 12:33 PM.