LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 07-18-2007, 11:39 AM   #1
yuri_d
LQ Newbie
 
Registered: Mar 2006
Posts: 26

Rep: Reputation: 15
Samba experts needed! Winbind does not work with LDAP


I am setting up a Samba PDC with LDAp backend.

All went well untill I needed to join PDC to the domain
net join rpc produces NT_STATUS_ACCESS_DENIED and
wbinfo -u : Error looking up domain users.

getent can see all LDAP accounts and pam autentication works.

It seems that winbind is not working properly.

Now question -
Can I setup a Samba PDC with LDAP backend without using winbind?
And how can I do it?

I do not want to map windows groups to Linux groups and I think I do not need windbind.

At the moment my server is running without it using files backend and life is sweet, but all Samba + LDAP howtos seem to need it. Can I not use winbind at all?

And if not possible, how do I troubleshoot it?

Thank you in advance!

Last edited by yuri_d; 07-18-2007 at 11:58 AM.
 
Old 07-20-2007, 09:00 AM   #2
activeq
Member
 
Registered: Jul 2006
Location: Balen, Belgium
Distribution: Suse 10, Centos, Open Solaris
Posts: 76

Rep: Reputation: 15
Quote:
Originally Posted by yuri_d
I am setting up a Samba PDC with LDAp backend.

All went well untill I needed to join PDC to the domain
net join rpc produces NT_STATUS_ACCESS_DENIED and
wbinfo -u : Error looking up domain users.

getent can see all LDAP accounts and pam autentication works.

It seems that winbind is not working properly.

Now question -
Can I setup a Samba PDC with LDAP backend without using winbind?
And how can I do it?

I do not want to map windows groups to Linux groups and I think I do not need windbind.

At the moment my server is running without it using files backend and life is sweet, but all Samba + LDAP howtos seem to need it. Can I not use winbind at all?

And if not possible, how do I troubleshoot it?

Thank you in advance!
I thought this was something to do with nsswitcht, but I'm not sure.

Can you post it?
 
Old 07-20-2007, 10:59 AM   #3
yuri_d
LQ Newbie
 
Registered: Mar 2006
Posts: 26

Original Poster
Rep: Reputation: 15
Thanks for reply, heer it is:

Quote:
passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns wins

bootparams: files
ethers: files
netmasks: files
networks: files
protocols: files ldap
rpc: files
services: files ldap
netgroup: files ldap
publickey: files
automount: files ldap
aliases: files
But the more I think (the more I like it ) the more I become convinced that I do not need winbind.

In my requirements Users are all local administrators and are mapped to their Unix uids by their username. The file security is provided by UNIX groups and everything is working fine. At the moment Samba is using a passwd file backend.

The need for LDAP arose from desire to have a BDC and failover.
Is it possible to replace PAM autentication with ldap on both servers (it is! Easy!) and Use Ldap backends for both Samba servers?
I do not think that even samba.schema will be necessary in my case. Am I right?

But I bloody cannot get it to work :-( It should work!!! Don't understand

PS and another question: There is no /etc/samba/smbpasswd file with LDAP setup. Do we still need to "smbpasswd -a" users?

Last edited by yuri_d; 07-20-2007 at 11:06 AM.
 
Old 08-18-2007, 04:01 AM   #4
Au_Squirrel
Member
 
Registered: Nov 2005
Location: Brisbane AU
Distribution: FC16
Posts: 51

Rep: Reputation: 15
It is possible to have both servers authenticating off the one ldap server.

Currently I am trying to add the BDC to my domain and get an NT error code 0x1c010002 when trying to add the BDC. The BDC is updating the LDAP server account information.

Also you may wish to use the pdbedit for user administration.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Its possible login one linux+winbind in one PDC Samba +LDAP? xcore_on Linux - Newbie 1 06-13-2007 10:59 PM
Major winbind problems in Ubuntu Dapper (authenticating with FC5 Samba LDAP PDC) mhs Linux - Enterprise 2 12-21-2006 06:01 PM
Samba with winbind, kerberos and ldap? humbletech99 Linux - Networking 2 02-03-2006 03:23 AM
Samba + Ldap help needed MastaPuffy Linux - Software 5 12-11-2004 02:30 AM
Opinion, does samba+winbind work well with windows 2000+active directory? tisource Linux - Networking 5 02-23-2003 01:34 AM


All times are GMT -5. The time now is 07:22 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration