[SLE] Samba - LDAP

• Previous message: Russ: "Re: [SLE] Scanning with Epson multifunction cx6400 Suse 9.1"
• Next in thread: Paul W. Abrahams: "Re: [SLE] Samba - LDAP"
• Reply: Paul W. Abrahams: "Re: [SLE] Samba - LDAP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: <suse-linux-e@suse.com>
Date: Thu, 30 Dec 2004 16:47:10 +0100

(I'm trying here as well, the SLES9 list isn't very active)

I'm getting frustrated.. I've set up Samba to use LDAP, but I can't get group mapping to work whatever I try. I'd like
to map some LDAP groups to MS groups, like the "Domain Users" and "Domain Admins" groups, but it just doesn't work.

First I tried to add the LDAP group, then in the screen for "Additional Group Settings" I opened "Edit remaining
attributes of LDAP group" and tried to modify the field "sambasid" from ending in 1001 to end with -512 (Domain Admins).
I saved it all, and opened up the group editor again, the sambasid field was back to -1001.

What am I doing wrong here? I can't find any leads in the SLES9 docs either..

My smb.conf contains this:

[global]
   workgroup = TEST-DOM
   map to guest = Bad User
   passdb backend = smbpasswd ldapsam:ldap://localhost,
   username map = /etc/samba/smbusers
   printcap cache time = 750
   printcap name = cups
   add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
   logon script = users.bat
   logon path = \\%L\profiles\.msprofile
   logon drive = I:
   logon home = \\%L\%U\.9xprofile
   domain logons = yes
   os level = 65
   preferred master = Yes
   domain master = Yes
   wins support = yes
   ldap admin dn = cn=Administrator,dc=the-server,dc=net
   ldap group suffix = ou=group
   ldap idmap suffix = ou=Idmap
   ldap machine suffix = ou=Computers
   ldap suffix = dc=the-server,dc=net
   ldap ssl = no
   ldap user suffix = ou=people
   idmap backend = ldapsam:ldap://localhost
   printer admin = @ntadmin, root, administrator
   cups options = raw
   store dos attributes = Yes
   include = /etc/samba/dhcp.conf
   local master = yes
   encrypt passwords = yes

-- 
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@suse.com

• Previous message: Russ: "Re: [SLE] Scanning with Epson multifunction cx6400 Suse 9.1"
• Next in thread: Paul W. Abrahams: "Re: [SLE] Samba - LDAP"
• Reply: Paul W. Abrahams: "Re: [SLE] Samba - LDAP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: [opensuse] Error should be sent to WINS server ... Ben Kevan wrote: ... logon drive = P: ... ldap group suffix = ou=group ... (SuSE) Falsche Laufwerkszuordnung =?ISO-8859-15?Q?f=FCr_logon_drive?= ... server string = PDC ... logon script = %U.cmd ... ldap delete dn = Yes ... # directive and/or disable roaming profiles ... (de.comp.os.unix.networking.samba) Re: URGENT: Samba Wont Substitute %u In "Logon *" When LDAP Is Used ... Part of that involved updating Samba to use that same directory ... I traced this to the "logon path" configuration item. ... within the LDAP directory; I just want to use the default generated one. ... in this server for every user accessing the server. ... (Debian-User) Re: LDAP query failing ... for logon is and then modify your search to look for that if it ... > Any suggestions for options other than sAMAccountName to allow users to ... >> you need to speak to your AD admins and find a good search base ... >> to be using in your LDAP URL; you need to find where the user accounts ... (microsoft.public.windows.server.active_directory) Re: DNS/Kerberos/LDAP integration question ... LDAP is not involved in the logon process. ... happens is to use a packet sniffer. ... >> protocol (DAP, but that was designed for use with X.500 directories. ... (microsoft.public.windows.server.active_directory)