Hi, i have problems mounting on the client ubuntu the users's home directories that are on a server debian squeeze with ldap-samba.
First of all, which is the correct syntax for homeDirectory attribute if that home is on a server. I wrote: homeDirectory: //192.168.5.219/users/username but pam_mount tells me volume not found.
am not sure of samba and smbldap configurations also. could you take a look of my conf files?
this is smb.conf:
[global]
#identificazione workgroup = AMAHORO server string = amahoro security = user
#opzioni di rete hosts allow = 192.168.5.0/24 localhost
#opzioni per il log log file = /var/log/samba/log.%u max log size = 1000 log level = 3
#opzioni per l'accesso alle condivisioni encrypt passwords = yes null passwords = no security = user #smb passwd file = /etc/samba/smbpasswd username map = /etc/samba/smbusers
#LDAP passdb backend = ldapsam:ldap://127.0.0.1/ ldap admin dn = cn=Manager,dc=amahoro,dc=bi ldap suffix = dc=amahoro,dc=bi ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap ssl = no add user script = /usr/local/sbin/smbldap-useradd -m "%u" add group script = /usr/local/sbin/smbldap-groupadd "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" delete user script = /usr/local/sbin/smbldap-userdel "%u" delete group script = /usr/loca/sbin/smbldap-groupdel "%g"
[homes] path = /users/%u browseable = no writable = yes valid users = %S read only = no guest ok = no admin users = %u write list = %u read list = %u create mask = 0700 directory mask = 0700
[user_data] comment = Leçon browseable = yes public = yes writable = no path = /user_data
and this is smbldap.conf:
# $Source: $ # $Id: smbldap.conf,v 1.18 2005/05/27 14:28:47 jtournier Exp $ # # smbldap-tools.conf : Q & D configuration file for smbldap-tools
# This code was developped by IDEALX (http://IDEALX.org/) and # contributors (their names can be found in the CONTRIBUTORS file). # # Copyright (C) 2001-2002 IDEALX # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA.
# Purpose : # . be the configuration file for all smbldap-tools scripts
############################################################################## # # General Configuration # ##############################################################################
# Put your own SID. To obtain this number do: "net getlocalsid". # If not defined, parameter is taking from "net getlocalsid" return SID="S-1-5-21-251852451-2940789264-3475694606"
# Domain name the Samba server is in charged. # If not defined, parameter is taking from smb.conf configuration file # Ex: sambaDomain="IDEALX-NT" sambaDomain="AMAHORO" #realm="amahoro.bi"
############################################################################## # # LDAP Configuration # ##############################################################################
# Notes: to use to dual ldap servers backend for Samba, you must patch # Samba with the dual-head patch from IDEALX. If not using this patch # . one master LDAP server where all writing operations must be done # . one slave LDAP server where all reading operations must be done # (typically a replication directory)
# Slave LDAP server # Ex: slaveLDAP=127.0.0.1 # If not defined, parameter is set to "127.0.0.1" slaveLDAP="127.0.0.1"
# Slave LDAP port # If not defined, parameter is set to "389" slavePort="389"
# Master LDAP server: needed for write operations # Ex: masterLDAP=127.0.0.1 # If not defined, parameter is set to "127.0.0.1" masterLDAP="127.0.0.1"
# Master LDAP port # If not defined, parameter is set to "389" #masterPort="389" masterPort="389"
# Use TLS for LDAP # If set to 1, this option will use start_tls for connection # (you should also used the port 389) # If not defined, parameter is set to "0" ldapTLS="0"
# Use SSL for LDAP # If set to 1, this option will use SSL for connection # (standard port for ldaps is 636) # If not defined, parameter is set to "0" ldapSSL="0"
# How to verify the server's certificate (none, optional or require) # see "man Net::LDAP" in start_tls section for more details verify="require"
# CA certificate # see "man Net::LDAP" in start_tls section for more details cafile="/etc/smbldap-tools/ca.pem"
# certificate to use to connect to the ldap server # see "man Net::LDAP" in start_tls section for more details clientcert="/etc/smbldap-tools/smbldap-tools.iallanis.info.pem"
# key certificate to use to connect to the ldap server # see "man Net::LDAP" in start_tls section for more details clientkey="/etc/smbldap-tools/smbldap-tools.iallanis.info.key"
# LDAP Suffix # Ex: suffix=dc=IDEALX,dc=ORG suffix="dc=amahoro,dc=bi"
# Where are stored Users # Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG" # Warning: if 'suffix' is not set here, you must set the full dn for usersdn usersdn="ou=Users,${suffix}"
# Where are stored Computers # Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG" # Warning: if 'suffix' is not set here, you must set the full dn for computersdn computersdn="ou=Computers,${suffix}"
# Where are stored Groups # Ex: groupsdn="ou=Groups,dc=IDEALX,dc=ORG" # Warning: if 'suffix' is not set here, you must set the full dn for groupsdn groupsdn="ou=Groups,${suffix}"
# Where are stored Idmap entries (used if samba is a domain member server) # Ex: groupsdn="ou=Idmap,dc=IDEALX,dc=ORG" # Warning: if 'suffix' is not set here, you must set the full dn for idmapdn idmapdn="ou=Idmap,${suffix}"
# Where to store next uidNumber and gidNumber available for new users and groups # If not defined, entries are stored in sambaDomainName object. # Ex: sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}" # Ex: sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}" sambaUnixIdPooldn="sambaDomainName=AMAHORO,${suffix}"
# Default scope Used scope="sub"
# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT) hash_encrypt="SSHA"
# if hash_encrypt is set to CRYPT, you may set a salt format. # default is "%s", but many systems will generate MD5 hashed # passwords if you use "$1$%.8s". This parameter is optional! crypt_salt_format="%s"
############################################################################## # # Unix Accounts Configuration # ##############################################################################
# Login defs # Default Login Shell # Ex: userLoginShell="/bin/bash" userLoginShell="/bin/bash"
# Home directory # Ex: userHome="/home/%U" userHome="/users/%U"
# Default mode used for user homeDirectory userHomeDirectoryMode="700"
# Gecos userGecos="System User"
# Default User (POSIX and Samba) GID defaultUserGid="513"
# Default Computer (Samba) GID defaultComputerGid="550"
# Skel dir skeletonDir="/etc/skel"
# Default password validation time (time in days) Comment the next line if # you don't want password to be enable for defaultMaxPasswordAge days (be # careful to the sambaPwdMustChange attribute's value) defaultMaxPasswordAge="45"
############################################################################## # # SAMBA Configuration # ##############################################################################
# The UNC path to home drives location (%U username substitution) # Just set it to a null string if you want to use the smb.conf 'logon home' # directive and/or disable roaming profiles # Ex: userSmbHome="\PDC-SMB3%U" userSmbHome="\amahoro\users%U"
# The UNC path to profiles locations (%U username substitution) # Just set it to a null string if you want to use the smb.conf 'logon path' # directive and/or disable roaming profiles # Ex: userProfile="\PDC-SMB3\profiles%U" userProfile="\amahoro\profiles%U"
# The default Home Drive Letter mapping # (will be automatically mapped at logon time if home directory exist) # Ex: userHomeDrive="H:" #userHomeDrive="H:"
# The default user netlogon script name (%U username substitution) # if not used, will be automatically username.cmd # make sure script file is edited under dos # Ex: userScript="startup.cmd" # make sure script file is edited under dos userScript="logon.bat"
# Domain appended to the users "mail"-attribute # when smbldap-useradd -M is used # Ex: mailDomain="idealx.com" mailDomain="iallanis.info" ############################################################################## # # SMBLDAP-TOOLS Configuration (default are ok for a RedHat) # ##############################################################################
# Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but # prefer Crypt::SmbHash library with_smbpasswd="0" #smbpasswd="/usr/bin/smbpasswd"
# Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm) # but prefer Crypt:: libraries with_slappasswd="0" slappasswd="/usr/sbin/slappasswd"
# comment out the following line to get rid of the default banner # no_banner="1"
Thanks for your time