ldap+samba problem plz help
hi all ,
my sladp.conf is
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/rfc2307bis.schema
include /etc/openldap/schema/yast.schema
include /etc/openldap/schema/samba3.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
# Load dynamic backend modules:
modulepath /usr/lib/openldap/modules
# moduleload back_ldap.la
# moduleload back_meta.la
# moduleload back_monitor.la
# moduleload back_perl.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access to user password
# Allow anonymous users to authenticate
# Allow read access to everything else
# Directives needed to implement policy:
access to dn.base=""
by * read
access to dn.base="cn=Subschema"
by * read
access to attrs=userPassword,userPKCS12
by self write
by * auth
access to attrs=shadowLastChange
by self write
by * read
access to *
by * read
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "dc=example,dc=com"
checkpoint 1024 5
cachesize 10000
rootdn "cn=Manager,dc=example,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {SSHA}Mru8heilTlerO1YSl2nfllSnZTIeFXxi
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap/example.com
# Indices to maintain
index objectClass eq
index objectClass,uid,uidNumber,gidNumber,member,memberUid eq
index default sub
_________________________________________________________________________________________
my smb.conf is
[global]
# Domain name
workgroup = CYTRION
# The description string you see when browsing to the server
server string = StressFree File and Print Server
# Low log level as we don’t want the logs flooded
log level = 1
# On this server we are using the CUPS print system for printing
printing = cups
# Instructs Samba to only listen on the specified interfaces
bind interfaces only = yes
interfaces = eth0
# Printer setup info
printcap name = cups
printcap cache time = 750
cups options = raw
username map = /etc/samba/smbusers
map to guest = Bad User
# Path to the Windows roaming profile %L = Server NetBIOS name
logon path = %Lprofiles.msprofile
# Defines the user’s home drive and what Drive it should be mapped to
logon home = %L%U.9xprofile
logon drive = H:
# Defines the logon script to be read from the Netlogon share
logon script = logon.bat
# This option defines how users are authenticated
security = user
# Windows machines joined to the domain. Being a Mac user I prefer the more
# flexible security = user
# Sets up the LDAP username/password backend
#passdb backend = ldapsam:ldap://localhost
add machine script = /sbin/yast /usr/share/YaST2/data/add_machine.ycp %m$
# Sets up the PDC
domain logons = Yes
domain master = Yes
# Defines where groups and computers are found in the LDAP tree
ldap suffix = dc=example,dc=com
ldap admin dn = cn=Manager,dc=example,dc=com
idmap backend = ldap:ldap://192.162.1.9
ldap idmap suffix = ou=groups
ldap ssl = No
#ldap machine suffix = ou=Computers
# Sets up some NetBIOS details such as the server name and WINS support
local master = Yes
netbios name = SERVER
os level = 65
preferred master = Yes
wins support = yes
name resolve order = wins lmhosts bcast
disable netbios = yes
use client driver = no
time server = yes
# Define some useful file options for increasing general speed
socket options = TCP_NODELAY IPTOS_LOWDELAY
preserve case = yes
strict locking = no
passdb backend = ldapsam:ldap://192.162.1.9
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes
[test]
comment = test
path = /work-station/test
valid users = prasad,venkat
admin users = prasad,venkat
____________________________________________________________________________________
so ldap is working perfectly..i tested in another system making that as ldap client,
where as samba is not giving any errors ...
but whn i entered through venkat in ldap..and also one of the user in test folder in samba.
but whn i use samba it is asking password for venkat? what password shld i give..?
if i use smbpasswd -a venkat then what is the need of samba+ldap??
plz help me
|