Hope this is the right list -
Anyway, I've got openLDAP 2.4.9 on Ubuntu 8.04 along with Samba 3.028
I've got it all installed and used the slapd.d (cn=config) capabilities.
I get no errors on start up or stop, can create, modify and delete users and groups.
However, I cannot create a user in openLDAP that is usable with Samba. If I go back in and create a Unix user, it will work. I've installed libnss-lapd and configured it - but is this the way it's supposed to work? What should I be looking at?
Thanks and sorry for the noob question...
Matt Burkhardt mlb@imparisystems.com writes:
Hope this is the right list -
Anyway, I've got openLDAP 2.4.9 on Ubuntu 8.04 along with Samba 3.028
I've got it all installed and used the slapd.d (cn=config) capabilities.
I get no errors on start up or stop, can create, modify and delete users and groups.
However, I cannot create a user in openLDAP that is usable with Samba. If I go back in and create a Unix user, it will work. I've installed libnss-lapd and configured it
- but is this the way it's supposed to work? What should I be looking at?
Is cn=config,cn=schema,cn={x}samba3.ldif included?
-Dieter
On Sat, 2009-05-23 at 09:26 +0200, Dieter Kluenter wrote:
Matt Burkhardt mlb@imparisystems.com writes:
Hope this is the right list -
Anyway, I've got openLDAP 2.4.9 on Ubuntu 8.04 along with Samba 3.028
I've got it all installed and used the slapd.d (cn=config) capabilities.
I get no errors on start up or stop, can create, modify and delete users and groups.
However, I cannot create a user in openLDAP that is usable with Samba. If I go back in and create a Unix user, it will work. I've installed libnss-lapd and configured it
- but is this the way it's supposed to work? What should I be looking at?
Is cn=config,cn=schema,cn={x}samba3.ldif included?
-Dieter
Thanks Dieter - here's the results of
ldapsearch -x -b cn=config -D cn=admin,cn=config -W -A cn={4}samba
# extended LDIF # # LDAPv3 # base <cn=config> with scope subtree # filter: cn={4}samba # requesting: ALL #
# {4}samba, schema, config dn: cn={4}samba,cn=schema,cn=config objectClass: cn: olcAttributeTypes: olcObjectClasses:
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
Does that look right?
Matt Burkhardt mlb@imparisystems.com writes:
On Sat, 2009-05-23 at 09:26 +0200, Dieter Kluenter wrote:
Matt Burkhardt <mlb@imparisystems.com> writes: > Hope this is the right list - > > Anyway, I've got openLDAP 2.4.9 on Ubuntu 8.04 along with Samba 3.028 > > I've got it all installed and used the slapd.d (cn=config) capabilities. > > I get no errors on start up or stop, can create, modify and delete users and groups. > > However, I cannot create a user in openLDAP that is usable with Samba. If I go back > in and create a Unix user, it will work. I've installed libnss-lapd and configured it > - but is this the way it's supposed to work? What should I be looking at? Is cn=config,cn=schema,cn={x}samba3.ldif included? -Dieter
Thanks Dieter - here's the results of
ldapsearch -x -b cn=config -D cn=admin,cn=config -W -A cn={4}samba
# extended LDIF # # LDAPv3 # base <cn=config> with scope subtree # filter: cn={4}samba # requesting: ALL #
# {4}samba, schema, config dn: cn={4}samba,cn=schema,cn=config objectClass: cn: olcAttributeTypes: olcObjectClasses:
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
Does that look right?
I don't know wether this looks right, I am referring to samba3.schema, you are just providing samba.schema. In fact there are two schemas, the old samba.schema used with samba-2.x and a new schema samba3.schema included in samba-3.x.
-Dieter
On Friday 22 May 2009 22:21:05 Matt Burkhardt wrote:
Hope this is the right list -
Anyway, I've got openLDAP 2.4.9 on Ubuntu 8.04 along with Samba 3.028
I've got it all installed and used the slapd.d (cn=config) capabilities.
I get no errors on start up or stop, can create, modify and delete users and groups.
However, I cannot create a user in openLDAP that is usable with Samba. If I go back in and create a Unix user, it will work.
This is more of a samba question ...
Samba requires a unix user to exist for a samba user (except in one case). Where that Unix user is defined (in local files, or in LDAP) is irrelevant. Typically, you set the environment up so that creating a "user" creates an entry in LDAP with at least the posixAccount and sambaSamAccount objectclasses, and configure the LDAP clients (samba, nss_ldap) appropriately.
I've installed libnss-lapd and configured it - but is this the way it's supposed to work?
Yes. 'getent passwd sambauser' (where 'sambauser' is the username of a Samba user) should work, for samba to allow access for the user 'sambauser'. So, you should fix your nss_ldap configuration.
If you *really* don't want to have Unix users for Samba users, the ldapsam:trusted option can avoid this. However, local file ownership resolution won't work.
Regards, Buchan
Thanks so much. Now I'm a little closer to understanding. Basically, Samba likes to have a Unix logon so it has some file control that it wouldn't usually have. I now know that openLDAP is set up correctly, I just have to figure out how Samba is supposed to be working.
Thanks again!
On Mon, 2009-05-25 at 16:01 +0200, Buchan Milne wrote:
On Friday 22 May 2009 22:21:05 Matt Burkhardt wrote:
Hope this is the right list -
Anyway, I've got openLDAP 2.4.9 on Ubuntu 8.04 along with Samba 3.028
I've got it all installed and used the slapd.d (cn=config) capabilities.
I get no errors on start up or stop, can create, modify and delete users and groups.
However, I cannot create a user in openLDAP that is usable with Samba. If I go back in and create a Unix user, it will work.
This is more of a samba question ...
Samba requires a unix user to exist for a samba user (except in one case). Where that Unix user is defined (in local files, or in LDAP) is irrelevant. Typically, you set the environment up so that creating a "user" creates an entry in LDAP with at least the posixAccount and sambaSamAccount objectclasses, and configure the LDAP clients (samba, nss_ldap) appropriately.
I've installed libnss-lapd and configured it - but is this the way it's supposed to work?
Yes. 'getent passwd sambauser' (where 'sambauser' is the username of a Samba user) should work, for samba to allow access for the user 'sambauser'. So, you should fix your nss_ldap configuration.
If you *really* don't want to have Unix users for Samba users, the ldapsam:trusted option can avoid this. However, local file ownership resolution won't work.
Regards, Buchan
openldap-technical@openldap.org