you can have it set up to have all files owned by a single user if that is what you want, you can do that in the samba configuration ...
as I said, the hardest issue is to make your solaris machine an LDAP client ... I take it that the LDAP server is running on the local machine? I'm wondering if it is to do with your LDAP_SEARCH_SCOPE ... I think you'll need "subtree". I also have a NS_LDAP_CREDENTIAL_LEVEL=proxy ... I'm not sure if you need that ... can you run: ldapsearch -b dc=domain,dc=com uid=Administrator do you have access to JXplorer, can you access the LDAP server from within that? Jon On 6 March 2012 16:59, IVO GELOV (CRM) <[email protected]> wrote: > My native language is not English - so it is possible that am not able to > properly > describe the situation. I am patient and will repeat some key moments from > my setup: > > 1) I have run ldapclient and it produced the following files: > > > /var/ldap/ldap_client_cred: > ====================== > NS_LDAP_BINDDN= cn=admin,dc=domain,dc=com > NS_LDAP_BINDPASSWD= my-secret > > /var/ldap/ldap_client_file: > ==================== > NS_LDAP_FILE_VERSION= 2.0 > NS_LDAP_SERVERS= 127.0.0.1 > NS_LDAP_SEARCH_BASEDN= dc=domain,dc=com > NS_LDAP_CACHETTL= 0 > NS_LDAP_AUTH= simple > NS_LDAP_SEARCH_SCOPE= one > NS_LDAP_SEARCH_REF= TRUE > NS_LDAP_SERVICE_SEARCH_DESC= passwd: ou=users,dc=domain,dc=com > NS_LDAP_SERVICE_SEARCH_DESC= group: ou=groups,dc=domain,dc=com > NS_LDAP_SERVICE_SEARCH_DESC= shadow: ou=users,dc=domain,dc=com > > 2) I have added "ldap" to nsswitch.conf > > > /etc/nsswitch.conf: > ============== > passwd: files ldap > group: files ldap > > 3) I have issued "svcadm restart network/ldap/client" > > 4) I have entries in /etc/passwd > > unix:x:104:101::/home/unix:/bin/bash > boss:x:105:101::/home/boss:/bin/bash > > 5) I have entry in /etc/group > > depart::101:tmcdos,unix,boss > > 6) I am expecting "getent passwd administration" to show info about the LDAP > user account > "administration" with password "samba" and same UID/GID as the entry UNIX in > /etc/passwd > > 7) However, getent does not show anything - neither error message nor the > expected information > > 8) And I do not know what is wrong in my setup - because the OS does not > tell me the error. > How would I debug the problem ? Probably there is some gotcha, which is not > covered in the > popular HOWTOs. > > All I wanted is for SAMBA to require different password for each share, but > all files > and directories to be owned by a single local OS account (actually 2 > accounts - "unix" and "boss") > > I am thankful for all your responses - but unfortunately, I am still far > from reaching my goal :( > > > > On Tue, 06 Mar 2012 16:18:15 +0200, Jonathan Adams <[email protected]> > wrote: > >> /etc/passwd still exists for local users (root should always exist as >> a local user) ... ldap is additional to it (and likewise should never >> have root in it) >> >> zones are really straight forward, >> http://wiki.openindiana.org/oi/7.+Virtualization >> >> you just need a space you want to install the zone in ( a slice of >> disk ) and an IP address ... there are advanced things you can do if >> you want to use virtual nics, and we now have an OI server doing >> stupendous things in zones that we couldn't have done in 4 machines in >> the past. >> >> however, if you don't want to do zones you probably need to run >> "ldapclient" on the server to allow it to authenticate against the >> LDAP server. >> >> something like (if you use an LDAP server name, remember to put it in >> /etc/hosts): >> >> ldapclient manual -a domainName=dc=domain,dc=com -a >> preferredServerList=<LDAP Server ip/name> -a >> authenticationMethod=simple >> >> you may want to set the credentialLevel=proxy (if you have protection >> on who can see the password field of users), or to specify the >> defaultsearchbase ... you should be able to find out more with "man >> ldapclient" ... >> >> you then might need to change /etc/nsswitch.conf to have "passwd: >> files ldap" and "group: files ldap" >> >> make sure files comes first. >> >> you should then be able to "getent passwd administrator" >> >> Jon >> > > _______________________________________________ > OpenIndiana-discuss mailing list > [email protected] > http://openindiana.org/mailman/listinfo/openindiana-discuss _______________________________________________ OpenIndiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
