Thanks for hints, got it going somehow.
The main problem was in the original design. Samba schema needs sids and rids and posix only autentication does not work with Samba+LDAP with Ldap system authentication.
smbldap-installer gives a good starting config (with an error in ACL?) which can be corrected:
Quote:
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by dn="cn=admin,dc=nomis52,dc=net" write
by anonymous auth
by self write
by * none
|
smbpasswd is not required (it seems, not 100% sure).
Used with LDAP Admin for windows:
http://ldapadmin.sourceforge.net/
Home directories can be created with adding line to [homes] section in smb.conf:
root preexec = [ ! -e /home/%U ] && { /bin/cp -a /etc/skel /home/%U; /bin/chown -R %U."%G" /home/%U; }
Still a weird feature remains:
If i su to root i stop seeing ldap accounts with 'id $user' or 'getent passwd'. Initial login user can see them. It only affects subshells. It has no effect on functionality but is still bugging me.
Any ideas?