Hi all,
For a couple of days now I am tyring to get a second samba server in my already existing domain. I found a couple of tutorials and examples on Google. However I didn't succeed to get the member server use the authentication used by my domain. That means I can create the share. But as soon as I try to lock it down so just some specific users can access it, I can't get authenticated. I have no clue where to look for.
I am using OpenLDAP and Samba to run my domain server. This works very well. On the member server I am using CentOS 5.4 and Samba 3.
Below I included the configuration of the domain server and the member server. Can someone help me to get this thing to work? If you need some more info, please feel free to ask..
TIA
Domain server:
Code:
Load smb config files from /etc/samba/smb.conf
Processing section "[netlogon]"
Processing section "[profiles]"
Processing section "[userdata]"
Processing section "[public]"
Processing section "[software]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
[global]
workgroup = MYDOMAIN.HOME
server string =
interfaces = eth0, lo
bind interfaces only = Yes
passdb backend = ldapsam:ldap://domain.mydomain.home
name resolve order = wins lmhosts hosts bcast
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%m" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
logon script = logon.vbs
logon path = \\%L\profiles\%U\%a
logon drive = H:
logon home = \\%L\userdata\%U
domain logons = Yes
os level = 80
preferred master = Yes
domain master = Yes
wins support = Yes
ldap admin dn = cn=Manager,dc=mydomain,dc=home
ldap delete dn = Yes
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmap
ldap machine suffix = ou=computers
ldap passwd sync = Yes
ldap suffix = dc=mydomain,dc=home
ldap ssl = start tls
ldap user suffix = ou=users
idmap domains = MYDOMAIN.HOME
idmap backend = ldap:ldap://domain.mydomain.home
idmap alloc backend = ldap
template homedir = /home/%U
template shell = /bin/bash
idmap alloc config:range = 50000-500000
idmap alloc config:ldap_url = ldap://domain.mydomain.home
idmap alloc config:ldap_user_dn = cn=Manager,dc=mydomain,dc=home
idmap alloc config:ldap_base_dn = ou=idmap,dc=mydomain,dc=home
idmap config MYDOMAIN.HOME:range = 50000-500000
idmap config MYDOMAIN.HOME:ldap_url = ldap://domain.mydomain.home
idmap config MYDOMAIN.HOME:ldap_user_dn = cn=Manager,dc=mydomain,dc=home
idmap config MYDOMAIN.HOME:ldap_base_dn = ou=idmap,dc=mydomain,dc=home
idmap config MYDOMAIN.HOME:default = yes
idmap config MYDOMAIN.HOME:readonly = no
idmap config MYDOMAIN.HOME:backend = ldap
ldapsam:editposix = yes
ldapsam:trusted = yes
[netlogon]
comment = Network Logon Service
path = /opt/samba/netlogon
guest ok = Yes
browseable = No
share modes = No
[profiles]
comment = Network Profiles Share
path = /opt/samba/profiles
read only = No
create mask = 0600
directory mask = 0700
hide files = /desktop.ini/outlook*.lnk/*Briefcase*/
store dos attributes = Yes
browseable = No
[userdata]
comment = Network Home Directories
path = /opt/samba/homes
read only = No
create mask = 0600
directory mask = 0700
store dos attributes = Yes
browseable = No
[public]
comment = Public Network Share
path = /opt/samba/public
read only = No
guest ok = Yes
store dos attributes = Yes
[software]
comment = Software
path = /opt/samba/software
valid users = user1
admin users = Administrator
write list = Administrator
store dos attributes = Yes
browseable = No
Member server:
Code:
Load smb config files from /etc/samba/smb.conf
Processing section "[ntinstall]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
[global]
workgroup = MYDOMAIN.HOME
security = DOMAIN
password server = sambadomain
[ntinstall]
path = /opt/samba/windows
valid users = Administrator
read only = No