Update. Have tried creating an Ubuntu 12.04 domain member fileserver following these docs here:
https://wiki.samba.org/index.php/Samba4/Domain_Member With some minor package name changes all seems to work ok... except when I create a share the permissions appear to be being read from the *nix side. I'm seeing this: Everyone root (Unix User\root) root (Unix Group\root) Which looks very much like the posix perms on the member server. If I try and add my own permissions from the DC I get "Access Denied" when applying the security changes. Has anyone encountered this before? Thanks, Chris. On 9 July 2013 11:37, Chris Alavoine <chr...@acs-info.co.uk> wrote: > Hi Daniel, > > This is what I have so far: > > - /etc/nslcd.conf should look like this: > > # /etc/nslcd.conf > > # nslcd configuration file. See nslcd.conf(5) > > # for details. > > # The user and group nslcd should run as. > > uid nslcd > > gid nslcd > > # The location at which the LDAP server(s) should be reachable. > > uri ldap://10.30.54.2 > > # The search base that will be used for all queries. > > base dc=test,dc=internal,dc=com > > binddn cn=nslcd-service,cn=Users,dc=essence,dc=internal,dc=com > > bindpw XXXXXX (commented out!) > > pagesize 1000 > referrals off > > # users > > map passwd uid sAMAccountName > > map passwd gidNumber primaryGroupID > > map passwd homeDirectory unixHomeDirectory > > # groups > > map group cn sAMAccountName > > map group uniqueMember member > > > > > - Add this to top of /etc/pam.d/common-sessions: > > session required pam_mkhomedir.so skel=/etc/skel umask=0022 > > > - I also needed to remove nscd otherwise groups were not being updated > correctly: > > apt-get remove nscd > > > This works fine for the *nix side of things, am having further > difficulties getting the Samba side to work. So much so, that I'm > considering building a new Samba member server from scratch using Samba 4 > instead of 3. > > Thanks, > Chris. > > > > > On 9 July 2013 11:30, Daniel Müller <muel...@tropenklinik.de> wrote: > >> How about post your nslcd-config? This would be a great help for other >> users. >> >> Greetings >> Daniel >> >> ----------------------------------------------- >> EDV Daniel Müller >> >> Leitung EDV >> Tropenklinik Paul-Lechler-Krankenhaus >> Paul-Lechler-Str. 24 >> 72076 Tübingen >> >> Tel.: 07071/206-463, Fax: 07071/206-499 >> eMail: muel...@tropenklinik.de >> Internet: www.tropenklinik.de >> ----------------------------------------------- >> -----Ursprüngliche Nachricht----- >> Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] >> Im >> Auftrag von Chris Alavoine >> Gesendet: Montag, 8. Juli 2013 19:13 >> An: Marc Muehlfeld >> Cc: samba@lists.samba.org >> Betreff: Re: [Samba] Samba 3 member server connected to Samba 4 DC (using >> nslcd) >> >> Hi Marc, >> >> I've had many many problems with Winbind and after a few weeks of >> dead-ends >> I decided to switch to nslcd and everything started working very nicely, >> so >> I haven't looked back. >> >> I've just had a major success on getting getent passwd to work by adding >> this to my nslcd.conf: >> >> # users >> map passwd uid sAMAccountName >> map passwd gidNumber primaryGroupID >> map passwd homeDirectory unixHomeDirectory >> >> # groups >> map group cn sAMAccountName >> map group uniqueMember member >> >> This now lets me see all users and groups via getent. Just doing some more >> testing now, but I think this may be fixed. >> >> Typical, you spend all day on something, finally decided to post on samba >> lists and then fix it 5 mins later :) >> >> Thanks for the swift reply though! >> >> Cheers, >> c:) >> >> >> >> >> >> On 8 July 2013 18:05, Marc Muehlfeld <sa...@marc-muehlfeld.de> wrote: >> >> > Hello Chris, >> > >> > Am 08.07.2013 18:54, schrieb Chris Alavoine: >> > >> > My problem is that I have a Samba 3 member server (fileserver) that >> > I'm >> >> trying to get to get work in this scenario. I've installed nslcd and >> >> am using the following conf file: >> >> >> > >> > Why don't you use winbind on your member server? >> > http://wiki.samba.org/index.**php/Samba4/Domain_Member<http://wiki.sam >> > ba.org/index.php/Samba4/Domain_Member> >> > >> > >> > >> > >> > >> > >> > If I then do a "getent group" I get success and can see all the >> > groups, >> >> however "getent passwd" fails and I see this in the logs: >> >> >> >> Jul 8 17:51:46 test-fs-001 nslcd[4587]: [8e1f29] passwd entry >> >> CN=ice,CN=Users,DC=test,DC=**internal,DC=com does not contain uid >> >> value >> >> >> > >> > Does this account have an "uid" attribute in AD? >> > >> > >> > >> > Regards, >> > Marc >> > >> >> >> >> -- >> ACS (Alavoine Computer Services Ltd) >> Chris Alavoine >> mob +44 (0)7724 710 730 >> www.alavoinecs.co.uk >> http://twitter.com/#!/alavoinecs >> http://www.linkedin.com/pub/chris-alavoine/39/606/192 >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >> > > > -- > ACS (Alavoine Computer Services Ltd) > Chris Alavoine > mob +44 (0)7724 710 730 > www.alavoinecs.co.uk > http://twitter.com/#!/alavoinecs > http://www.linkedin.com/pub/chris-alavoine/39/606/192 > -- ACS (Alavoine Computer Services Ltd) Chris Alavoine mob +44 (0)7724 710 730 www.alavoinecs.co.uk http://twitter.com/#!/alavoinecs http://www.linkedin.com/pub/chris-alavoine/39/606/192 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
