LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-13-2007, 05:33 AM   #1
venki
Member
 
Registered: Sep 2006
Location: India
Distribution: suse10.2
Posts: 128

Rep: Reputation: 15
ldap+samba problem plz help


hi all ,

my sladp.conf is
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/rfc2307bis.schema
include /etc/openldap/schema/yast.schema
include /etc/openldap/schema/samba3.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org

pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args

# Load dynamic backend modules:
modulepath /usr/lib/openldap/modules
# moduleload back_ldap.la
# moduleload back_meta.la
# moduleload back_monitor.la
# moduleload back_perl.la

# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access to user password
# Allow anonymous users to authenticate
# Allow read access to everything else
# Directives needed to implement policy:
access to dn.base=""
by * read

access to dn.base="cn=Subschema"
by * read

access to attrs=userPassword,userPKCS12
by self write
by * auth

access to attrs=shadowLastChange
by self write
by * read

access to *
by * read

# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#######################################################################
# BDB database definitions
#######################################################################

database bdb
suffix "dc=example,dc=com"
checkpoint 1024 5
cachesize 10000
rootdn "cn=Manager,dc=example,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {SSHA}Mru8heilTlerO1YSl2nfllSnZTIeFXxi
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap/example.com
# Indices to maintain
index objectClass eq
index objectClass,uid,uidNumber,gidNumber,member,memberUid eq
index default sub
_________________________________________________________________________________________
my smb.conf is
[global]
# Domain name
workgroup = CYTRION
# The description string you see when browsing to the server
server string = StressFree File and Print Server
# Low log level as we donít want the logs flooded
log level = 1
# On this server we are using the CUPS print system for printing
printing = cups
# Instructs Samba to only listen on the specified interfaces
bind interfaces only = yes
interfaces = eth0
# Printer setup info
printcap name = cups
printcap cache time = 750
cups options = raw
username map = /etc/samba/smbusers
map to guest = Bad User
# Path to the Windows roaming profile %L = Server NetBIOS name
logon path = %Lprofiles.msprofile
# Defines the userís home drive and what Drive it should be mapped to
logon home = %L%U.9xprofile
logon drive = H:
# Defines the logon script to be read from the Netlogon share
logon script = logon.bat
# This option defines how users are authenticated
security = user
# Windows machines joined to the domain. Being a Mac user I prefer the more
# flexible security = user
# Sets up the LDAP username/password backend
#passdb backend = ldapsam:ldap://localhost

add machine script = /sbin/yast /usr/share/YaST2/data/add_machine.ycp %m$
# Sets up the PDC
domain logons = Yes
domain master = Yes
# Defines where groups and computers are found in the LDAP tree
ldap suffix = dc=example,dc=com
ldap admin dn = cn=Manager,dc=example,dc=com
idmap backend = ldap:ldap://192.162.1.9
ldap idmap suffix = ou=groups
ldap ssl = No
#ldap machine suffix = ou=Computers
# Sets up some NetBIOS details such as the server name and WINS support
local master = Yes
netbios name = SERVER
os level = 65
preferred master = Yes
wins support = yes
name resolve order = wins lmhosts bcast
disable netbios = yes
use client driver = no
time server = yes
# Define some useful file options for increasing general speed
socket options = TCP_NODELAY IPTOS_LOWDELAY
preserve case = yes
strict locking = no
passdb backend = ldapsam:ldap://192.162.1.9

[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes

[test]
comment = test
path = /work-station/test
valid users = prasad,venkat
admin users = prasad,venkat

____________________________________________________________________________________

so ldap is working perfectly..i tested in another system making that as ldap client,
where as samba is not giving any errors ...
but whn i entered through venkat in ldap..and also one of the user in test folder in samba.
but whn i use samba it is asking password for venkat? what password shld i give..?
if i use smbpasswd -a venkat then what is the need of samba+ldap??

plz help me
 
Old 02-14-2007, 05:38 AM   #2
venki
Member
 
Registered: Sep 2006
Location: India
Distribution: suse10.2
Posts: 128

Original Poster
Rep: Reputation: 15
plz help me or give any links which help me!
plz do this favour to me..my work is stopped because of this
 
Old 02-17-2007, 11:01 AM   #3
paul_mat
Member
 
Registered: Nov 2004
Location: Townsville, Australia
Distribution: Fedora Core 5, CentOS 4, RHEL 4
Posts: 855

Rep: Reputation: 30
I have a how-to on my website http://www.opensourcehowto.org for setting up samba as a primary domain controller (PDC)

OpenLDAP LAM Samba as PDC
http://www.opensourcehowto.org/how-t...ba-as-pdc.html

and if you feeling a little bit more adventurous later on you could try getting into the policies with samba

Samba Primary Domain Controller with Group Policies
http://www.opensourcehowto.org/how-t...-policies.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SAMBA PDC + LDAP Authentication problem gokulnath Linux - Networking 2 02-17-2007 11:06 AM
Samba and LDAP problem MarioT Linux - Networking 3 01-31-2005 08:14 AM
Samba & LDAP problem barkers Linux - Networking 8 10-06-2004 05:18 AM
Samba PDC Problem or LDAP saavik Linux - Networking 2 05-05-2003 04:58 PM
Profiles problem (samba+ldap) u4113072 Linux - Software 1 02-02-2003 12:16 PM


All times are GMT -5. The time now is 02:19 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration