LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 05-01-2010, 06:09 AM   #1
Blue_Ice
Member
 
Registered: Jul 2006
Location: Belgium
Distribution: Debian, Fedora, CentOS, Windows
Posts: 352

Rep: Reputation: Disabled
Samba member server in a domain of samba and openldap


Hi all,

For a couple of days now I am tyring to get a second samba server in my already existing domain. I found a couple of tutorials and examples on Google. However I didn't succeed to get the member server use the authentication used by my domain. That means I can create the share. But as soon as I try to lock it down so just some specific users can access it, I can't get authenticated. I have no clue where to look for.
I am using OpenLDAP and Samba to run my domain server. This works very well. On the member server I am using CentOS 5.4 and Samba 3.
Below I included the configuration of the domain server and the member server. Can someone help me to get this thing to work? If you need some more info, please feel free to ask..

TIA

Domain server:
Code:
Load smb config files from /etc/samba/smb.conf
Processing section "[netlogon]"
Processing section "[profiles]"
Processing section "[userdata]"
Processing section "[public]"
Processing section "[software]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

[global]
    workgroup = MYDOMAIN.HOME
    server string = 
    interfaces = eth0, lo
    bind interfaces only = Yes
    passdb backend = ldapsam:ldap://domain.mydomain.home
    name resolve order = wins lmhosts hosts bcast
    add user script = /usr/sbin/smbldap-useradd -m "%u"
    delete user script = /usr/sbin/smbldap-userdel "%u"
    add group script = /usr/sbin/smbldap-groupadd -p "%g"
    delete group script = /usr/sbin/smbldap-groupdel "%g"
    add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
    delete user from group script = /usr/sbin/smbldap-groupmod -x "%m" "%g"
    set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
    add machine script = /usr/sbin/smbldap-useradd -w "%u"
    logon script = logon.vbs
    logon path = \\%L\profiles\%U\%a
    logon drive = H:
    logon home = \\%L\userdata\%U
    domain logons = Yes
    os level = 80
    preferred master = Yes
    domain master = Yes
    wins support = Yes
    ldap admin dn = cn=Manager,dc=mydomain,dc=home
    ldap delete dn = Yes
    ldap group suffix = ou=groups
    ldap idmap suffix = ou=idmap
    ldap machine suffix = ou=computers
    ldap passwd sync = Yes
    ldap suffix = dc=mydomain,dc=home
    ldap ssl = start tls
    ldap user suffix = ou=users
    idmap domains = MYDOMAIN.HOME
    idmap backend = ldap:ldap://domain.mydomain.home
    idmap alloc backend = ldap
    template homedir = /home/%U
    template shell = /bin/bash
    idmap alloc config:range = 50000-500000
    idmap alloc config:ldap_url = ldap://domain.mydomain.home
    idmap alloc config:ldap_user_dn = cn=Manager,dc=mydomain,dc=home
    idmap alloc config:ldap_base_dn = ou=idmap,dc=mydomain,dc=home
    idmap config MYDOMAIN.HOME:range = 50000-500000
    idmap config MYDOMAIN.HOME:ldap_url = ldap://domain.mydomain.home
    idmap config MYDOMAIN.HOME:ldap_user_dn = cn=Manager,dc=mydomain,dc=home
    idmap config MYDOMAIN.HOME:ldap_base_dn = ou=idmap,dc=mydomain,dc=home
    idmap config MYDOMAIN.HOME:default = yes
    idmap config MYDOMAIN.HOME:readonly = no
    idmap config MYDOMAIN.HOME:backend = ldap
    ldapsam:editposix = yes
    ldapsam:trusted = yes

[netlogon]
    comment = Network Logon Service
    path = /opt/samba/netlogon
    guest ok = Yes
    browseable = No
    share modes = No

[profiles]
    comment = Network Profiles Share
    path = /opt/samba/profiles
    read only = No
    create mask = 0600
    directory mask = 0700
    hide files = /desktop.ini/outlook*.lnk/*Briefcase*/
    store dos attributes = Yes
    browseable = No

[userdata]
    comment = Network Home Directories
    path = /opt/samba/homes
    read only = No
    create mask = 0600
    directory mask = 0700
    store dos attributes = Yes
    browseable = No

[public]
    comment = Public Network Share
    path = /opt/samba/public
    read only = No
    guest ok = Yes
    store dos attributes = Yes

[software]
    comment = Software
    path = /opt/samba/software
    valid users = user1
    admin users = Administrator
    write list = Administrator
    store dos attributes = Yes
    browseable = No
Member server:
Code:
Load smb config files from /etc/samba/smb.conf
Processing section "[ntinstall]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

[global]
    workgroup = MYDOMAIN.HOME
    security = DOMAIN
    password server = sambadomain

[ntinstall]
    path = /opt/samba/windows
    valid users = Administrator
    read only = No
 
Old 05-08-2010, 06:01 AM   #2
Blue_Ice
Member
 
Registered: Jul 2006
Location: Belgium
Distribution: Debian, Fedora, CentOS, Windows
Posts: 352

Original Poster
Rep: Reputation: Disabled
Got it fixed myself...
The end result is:
Code:
[global]
        workgroup = MYDOMAIN.LOCAL
        netbios name = install
        security = DOMAIN
        password server = samba
        encrypt passwords = yes
        local master = no
        wins server = xxx.xxx.xxx.xxx
        wins support = no
        dns proxy = no
        valid users = @domadmins

[ntinstall]
        path = /opt/samba/windows
        store dos attributes = yes
        public = no
        read only = yes
        guest ok = no
        browseable = no
        printable = no
        write list = Administrator
        admin users = Administrator
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
openldap and samba as domain controller asifbasha Linux - Server 2 02-14-2010 01:09 PM
Samba or NFS for a new domain member server srosa Linux - Networking 7 05-05-2006 04:58 PM
Samba domain member server (DMS) group permissions in network with a Samba PDC srosa Linux - Networking 0 05-01-2006 06:55 PM
Samba 3.0.21a and Samba Domain Member Servers in a Windows 2003 ADS Domain ramz Linux - Networking 3 04-09-2006 09:26 PM
Resource thread? SAMBA 3 member server in the Win2k Domain huntz Linux - Software 0 04-30-2004 10:10 PM


All times are GMT -5. The time now is 10:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration