[SOLVED] Samba member server in a domain of samba and openldap

Blue_Ice · 05-01-2010, 05:09 AM

Hi all,

For a couple of days now I am tyring to get a second samba server in my already existing domain. I found a couple of tutorials and examples on Google. However I didn't succeed to get the member server use the authentication used by my domain. That means I can create the share. But as soon as I try to lock it down so just some specific users can access it, I can't get authenticated. I have no clue where to look for.
I am using OpenLDAP and Samba to run my domain server. This works very well. On the member server I am using CentOS 5.4 and Samba 3.
Below I included the configuration of the domain server and the member server. Can someone help me to get this thing to work? If you need some more info, please feel free to ask..

TIA

Domain server:

Code:

Load smb config files from /etc/samba/smb.conf
Processing section "[netlogon]"
Processing section "[profiles]"
Processing section "[userdata]"
Processing section "[public]"
Processing section "[software]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

[global]
    workgroup = MYDOMAIN.HOME
    server string = 
    interfaces = eth0, lo
    bind interfaces only = Yes
    passdb backend = ldapsam:ldap://domain.mydomain.home
    name resolve order = wins lmhosts hosts bcast
    add user script = /usr/sbin/smbldap-useradd -m "%u"
    delete user script = /usr/sbin/smbldap-userdel "%u"
    add group script = /usr/sbin/smbldap-groupadd -p "%g"
    delete group script = /usr/sbin/smbldap-groupdel "%g"
    add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
    delete user from group script = /usr/sbin/smbldap-groupmod -x "%m" "%g"
    set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
    add machine script = /usr/sbin/smbldap-useradd -w "%u"
    logon script = logon.vbs
    logon path = \\%L\profiles\%U\%a
    logon drive = H:
    logon home = \\%L\userdata\%U
    domain logons = Yes
    os level = 80
    preferred master = Yes
    domain master = Yes
    wins support = Yes
    ldap admin dn = cn=Manager,dc=mydomain,dc=home
    ldap delete dn = Yes
    ldap group suffix = ou=groups
    ldap idmap suffix = ou=idmap
    ldap machine suffix = ou=computers
    ldap passwd sync = Yes
    ldap suffix = dc=mydomain,dc=home
    ldap ssl = start tls
    ldap user suffix = ou=users
    idmap domains = MYDOMAIN.HOME
    idmap backend = ldap:ldap://domain.mydomain.home
    idmap alloc backend = ldap
    template homedir = /home/%U
    template shell = /bin/bash
    idmap alloc config:range = 50000-500000
    idmap alloc config:ldap_url = ldap://domain.mydomain.home
    idmap alloc config:ldap_user_dn = cn=Manager,dc=mydomain,dc=home
    idmap alloc config:ldap_base_dn = ou=idmap,dc=mydomain,dc=home
    idmap config MYDOMAIN.HOME:range = 50000-500000
    idmap config MYDOMAIN.HOME:ldap_url = ldap://domain.mydomain.home
    idmap config MYDOMAIN.HOME:ldap_user_dn = cn=Manager,dc=mydomain,dc=home
    idmap config MYDOMAIN.HOME:ldap_base_dn = ou=idmap,dc=mydomain,dc=home
    idmap config MYDOMAIN.HOME:default = yes
    idmap config MYDOMAIN.HOME:readonly = no
    idmap config MYDOMAIN.HOME:backend = ldap
    ldapsam:editposix = yes
    ldapsam:trusted = yes

[netlogon]
    comment = Network Logon Service
    path = /opt/samba/netlogon
    guest ok = Yes
    browseable = No
    share modes = No

[profiles]
    comment = Network Profiles Share
    path = /opt/samba/profiles
    read only = No
    create mask = 0600
    directory mask = 0700
    hide files = /desktop.ini/outlook*.lnk/*Briefcase*/
    store dos attributes = Yes
    browseable = No

[userdata]
    comment = Network Home Directories
    path = /opt/samba/homes
    read only = No
    create mask = 0600
    directory mask = 0700
    store dos attributes = Yes
    browseable = No

[public]
    comment = Public Network Share
    path = /opt/samba/public
    read only = No
    guest ok = Yes
    store dos attributes = Yes

[software]
    comment = Software
    path = /opt/samba/software
    valid users = user1
    admin users = Administrator
    write list = Administrator
    store dos attributes = Yes
    browseable = No

Member server:

Code:

Load smb config files from /etc/samba/smb.conf
Processing section "[ntinstall]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

[global]
    workgroup = MYDOMAIN.HOME
    security = DOMAIN
    password server = sambadomain

[ntinstall]
    path = /opt/samba/windows
    valid users = Administrator
    read only = No

Blue_Ice · 05-08-2010, 05:01 AM

Got it fixed myself...
The end result is:

Code:

[global]
        workgroup = MYDOMAIN.LOCAL
        netbios name = install
        security = DOMAIN
        password server = samba
        encrypt passwords = yes
        local master = no
        wins server = xxx.xxx.xxx.xxx
        wins support = no
        dns proxy = no
        valid users = @domadmins

[ntinstall]
        path = /opt/samba/windows
        store dos attributes = yes
        public = no
        read only = yes
        guest ok = no
        browseable = no
        printable = no
        write list = Administrator
        admin users = Administrator