On Tue, 06 Mar 2012 12:01:21 +0200, Jonathan Adams <[email protected]> wrote:
I am including the "samba.schema" in slapd.conf - and I have also this in LDAP: # Entry 1: ou=users,dc=domain,dc=com dn: ou=users,dc=domain,dc=com objectclass: organizationalUnit objectclass: top ou: users # Entry 2: uid=administration,ou=users,dc=domain,dc=com dn: uid=administration,ou=users,dc=domain,dc=com cn: administration gidnumber: 101 homedirectory: /tmp objectclass: top objectclass: account objectclass: posixAccount objectclass: sambaSamAccount sambaacctflags: [UX ] sambalmpassword: C4B274309D14EC00AAD3B435B51404EE sambantpassword: 02ECCB1802088A4C42E17664D55819E5 sambasid: S-1-5-21-1-10208 uid: administration uidnumber: 104 userpassword: I am still not familiar enough with Solaris, so zones are still dark place for me :) May be I am not understanding very well the things. I assume that LDAP replaces /etc/passwd - i.e. instead of poluting /etc/passwd I will populate LDAP. From both, the latter is more convenient for me. The exact thing I want is to have only 2 UIDs and about 50 user SAMBA accounts which should map to one or the other of my 2 UIDs. These UIDs are 104 and 105 and already exist. The problem is, that SAMBA - or most probably the Solaris itself - can not do this mapping. Issuing "getent passwd administration" gives me no output. And I do not know how to debug "getent" in order to see what is wrong ..... So this is the issue which I need some help for :( PS: we do not have a Windows domain currently (please do not laugh), so I only need a workgroup mode for SAMBA.
ok, well thats relatively straight forward ... you might want to do this in a zone on Solaris, if you're worried about polluting the passwd file because each samba user _does_ need a user on the system, if you do it in a zone then the zone can be an LDAP client and you can disable all ssh, telnet and ftp access so that people can only access their user partitions using samba. after you have the zone as an LDAP client, you need to configure the LDAP for samba and the smb.conf file. If you are brave and know your way around LDAP you can do this manually if you get the Samba LDAP Schema from the Samba source tar file ( https://www.samba.org/samba/download/ ) and loading it into the LDAP server. the users you want to have access to the domain will need to have the class of "posixAccount" and "sambaSamAccount" ... and you will need to know your sambaSID ... otherwise you can look to getting smbldap tools, written in perl ( http://gna.org/projects/smbldap-tools ) essential if you are planning on having domain logons, or even look at other tools from https://wiki.samba.org/index.php/Samba_&_LDAP I'm a script'er so we have in house tools. logging in to the first share for the first time is the hardest bit ... after that it is just setting up groups and access levels. Jon
_______________________________________________ OpenIndiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
