Thanks so much. Now I'm a little closer to understanding. Basically, Samba likes to have a Unix logon so it has some file control that it wouldn't usually have. I now know that openLDAP is set up correctly, I just have to figure out how Samba is supposed to be working.
Thanks again!
On Mon, 2009-05-25 at 16:01 +0200, Buchan Milne wrote:
On Friday 22 May 2009 22:21:05 Matt Burkhardt wrote:
Hope this is the right list -
Anyway, I've got openLDAP 2.4.9 on Ubuntu 8.04 along with Samba 3.028
I've got it all installed and used the slapd.d (cn=config) capabilities.
I get no errors on start up or stop, can create, modify and delete users and groups.
However, I cannot create a user in openLDAP that is usable with Samba. If I go back in and create a Unix user, it will work.
This is more of a samba question ...
Samba requires a unix user to exist for a samba user (except in one case). Where that Unix user is defined (in local files, or in LDAP) is irrelevant. Typically, you set the environment up so that creating a "user" creates an entry in LDAP with at least the posixAccount and sambaSamAccount objectclasses, and configure the LDAP clients (samba, nss_ldap) appropriately.
I've installed libnss-lapd and configured it - but is this the way it's supposed to work?
Yes. 'getent passwd sambauser' (where 'sambauser' is the username of a Samba user) should work, for samba to allow access for the user 'sambauser'. So, you should fix your nss_ldap configuration.
If you *really* don't want to have Unix users for Samba users, the ldapsam:trusted option can avoid this. However, local file ownership resolution won't work.
Regards, Buchan