[KLUG Members] Help for upgrade to Samba 3.0.1 (LDAPSAM) fm 2.2.8a anybody?

Jim C. members@kalamazoolinux.org
Mon, 05 Jan 2004 14:23:57 -0800

Previous message: [KLUG Members] Help for upgrade to Samba 3.0.1 (LDAPSAM) fm 2.2.8a anybody?
Next message: [KLUG Members] Help for upgrade to Samba 3.0.1 (LDAPSAM) fm 2.2.8a anybody?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Thanks for your help. :-)

|> I've got it almost working but right now it is allowing anyone to
|>  access the shares and wont add a machine even if there is
|> already a record in the machines ou.  I've been watching the logs
|>  but can't find any recognizable errors.
|
|
| What error do you get when you try to join the domain (I assume
| thats what you mean by "add a machine")?

"Access is denied"  This seems odd since it otherwise grants access
without a password or anything.

| What do you ldap related entries in smb.conf look like; mine for
| example - passdb backend = ldapsam:ldap://localhost/ guest ldap
| admin dn = cn=CIFS DC,ou=System Accounts,o=Morrison Industries,c=US
|  ldap suffix = o=Morrison Industries,c=US ldap group suffix =
| ou=Groups ldap user suffix = ou=People ldap machine suffix =
| ou=System Accounts idmap backend = ldap:ldap://localhost/ ldap
| idmap suffix = ou=idMap,ou=CIFS,ou=SubSystems idmap uid =
| 40000-50000 idmap gid = 40000-50000

Well they are:
~        passdb backend = ldapsam:ldap://127.0.0.1, smbpasswd, guest
~        ldap suffix = dc=j9starr,dc=net
~        ldap machine suffix = ou=Computers
~        ldap user suffix = ou=People
~        ldap group suffix = ou=Group
~        ldap admin dn = cn=root,dc=j9starr,dc=net
~        ldap ssl = no
~        printer admin = @adm
~        printing = cups

LDAP ssl is turned off because Samba and OpenLDAP live on the same box.
For some reason I don't remember anything about idmaps from my
previous attempts at this.   Are they new?  It didn't seem to me like
they were required.
If they are, then perhaps my database needs further editing?


Complete testparm3 output follows:

Load smb config files from /etc/samba3/smb.conf
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[pdf-generator]"
Processing section "[public]"
Loaded services file OK.
WARNING: You have some share names that are longer than 12 characters.
These may not be accessible to some older clients.
(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

# Global parameters
[global]
~        workgroup = J9STARR
~        server string = Samba Server %v
~        map to guest = Bad User
~        passdb backend = ldapsam:ldap://127.0.0.1, smbpasswd, guest
~        username map = /etc/samba3/smbusers
~        log level = 10
~        log file = /var/log/samba3/log.%m
~        max log size = 50
~        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
~        printcap name = cups
~        add user script = /usr/share/samba3/scripts/smbldap-useradd.pl
'%u'
~        delete user script =
/usr/share/samba3/scripts/smbldap-userdel.pl '%u'
~        add group script =
/usr/share/samba3/scripts/smbldap-groupadd.pl '%g' &&
/usr/share/samba3/scripts/smbldap-groupshow.pl %g|awk '/^gidNumber:/
{print $2}'
~        delete group script =
/usr/share/samba3/scripts/smbldap-userdel.pl '%g'
~        add user to group script =
/usr/share/samba3/scripts/smbldap-groupmod.pl -m '%u' '%g'
~        delete user from group script =
/usr/share/samba3/scripts/smbldap-groupmod.pl -x '%u' '%g'
~        set primary group script =
/usr/share/samba3/scripts/smbldap-usermod.pl -g '%g' '%u'
~        add machine script =
/usr/share/samba3/scripts/smbldap-useradd.pl -w -d /dev/null -g
machines -c 'Machine Account' -s /bin/false %u
~        domain logons = Yes
~        os level = 65
~        preferred master = Yes
~        domain master = Yes
~        dns proxy = No
~        ldap suffix = dc=j9starr,dc=net
~        ldap machine suffix = ou=Computers
~        ldap user suffix = ou=People
~        ldap group suffix = ou=Group
~        ldap admin dn = cn=root,dc=j9starr,dc=net
~        ldap ssl = no
~        printer admin = @adm
~        printing = cups

[homes]
~        comment = Home Directories
~        read only = No
~        browseable = No

[netlogon]
~        comment = Network Logon Service
~        path = /var/lib/samba3/netlogon
~        guest ok = Yes

[printers]
~        comment = All Printers
~        path = /var/spool/samba3
~        create mask = 0700
~        guest ok = Yes
~        printable = Yes
~        print command = lpr-cups -P %p -o raw %s -r   # using client
side printer drivers.
~        browseable = No

[print$]
~        path = /var/lib/samba3/printers
~        write list = @adm, root
~        inherit permissions = Yes
~        guest ok = Yes

[pdf-generator]
~        comment = PDF Generator (only valid users)
~        path = /var/tmp
~        printable = Yes
~        print command = /usr/share/samba3/scripts/print-pdf %s ~%u
//%L/%u %m %I "%J" &

[public]
~        path = /home/storeage
~        read only = No
~        guest only = Yes
~        guest ok = Yes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQE/+eP957L0B7uXm9oRAiT4AJ40lyGRE1lLgFudb+7huOK1LvWtCACaA4v7
UPFlVQjKLsubeiUHJePM8Q4=
=NirF
-----END PGP SIGNATURE-----

Previous message: [KLUG Members] Help for upgrade to Samba 3.0.1 (LDAPSAM) fm 2.2.8a anybody?
Next message: [KLUG Members] Help for upgrade to Samba 3.0.1 (LDAPSAM) fm 2.2.8a anybody?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]