Hi

How to authenticate samba3 file server against ldap central server

regards

Asanka

Check if you have samba-docs installed. It includes the book "Samba 3 by Example".
My distro installs a pdf file: /usr/share/doc/packages/samba/Samba3-ByExample.pdf

Others install a postscript file. There is also a section in the "Samba3-HOWTO.pdf", also included with samba-docs, on using ldapsam. Chapter 10.4.4

hi jschiwal

Thanks I was playing with smb.conf and ldap client authentication using redhat-config-autentication all I did was

once I got the ldap client working just add the following to smb.conf hope it is right

# Global parameters
[global]
workgroup = IIL
server string = OFFI-DOC-ONLY
security = DOMAIN
password server = ark

[%U-doc]
comment = Document share only for official use
path = /vol1/%U
read only = No
guest ok = Yes


Any way do you know how the policess works with ldap groups and users

regards

Asanka

Is ark a samba pdc? There will be a lot more added in ark's smb.conf file.

Here is a link to a samba-ldap howto:
http://www.unav.es/cti/ldap-smb/ldap-smb-3-howto.html

According to Chapter 10 section 4.4.6 of Samba 3 by example, Samba-3 group management is based on POSIX groups. Samba_3 dows not support nested groups. If you search for samba.schema: locate samba.schema , you can find sample LDAP files. Also, do you have smbldap-tools installed. It also contains samba/ldap documentation. However, your questions sounds more like a general samba question.

HI

Yes ark is a samba pdc and using LDAP backend and smbldap-tools to manage. This smb.conf is not in the pdc I made it on the file server which I want to authenticate against the pdc.

With this smb.conf it is working ok but I dont know and dont know how to test the authentication part.

When I login in to the pdc from a windows machine (I exist only on pdc) it shows me my share and I can do any thing to that directory. Do you think with this configuration any body can access (is there a security issue). The folders are having only user rwx permissions


Regards

Asanka

I don't think the guest ok = Yes is correct.

Look in your samba configuration useradd scripts. When a new user is added, I think that the samba useradd script should include a line like:
useradd -s /bin/false %U 2>/dev/null

Also check that each "username-doc" directory is created with 0700 permissions.

However, you are configuring a Domain Member Server as it it were a Domain Member Workstation client. I would recommend that you study Chapter 7 of the Samba3-ByExample.pdf document.

You are right its working

Thanks

Best regards
Asanka

By the way do you know whether we can migrate win 2003 AD to samba 3 ldap

A dumb question. Isn't "password server =" an option used with "security = SERVER"?
I think it would be better if you used one of the ldap servers instead and base the configuration on the Domain Member Server examples in the Samba 3 by Example book. If you google for "IBM Redbook samba ldap" you may also come up with a couple excellent IBM Red Book on Samba and/or LDAP.

yes ARK is a ldap/Samba domain controler.

and is working as a member server

thanks

Regards

Asanka

The example I was referring to was for a Samba Member Server that used a different LDAP server for authentication. It was the main server for one of several sites. I think it was in the 500 host network example.

I was going to edit my last post, because I forgot to say that I'm glad that you got it working.
If you have a computer that is going to be replaced at you company ( such as an old Pentium III desktop ), you might want to use it as an experimental box and try different samba configurations, working on the examples.

Take Care!

You to

Thanks for all your help

best regards

Asanka