openSUSE 11 as PDC with Samba and LDAP - Suse

This is a discussion on openSUSE 11 as PDC with Samba and LDAP - Suse ; Hi, I have openSUSE 10.3 with Samba and LDAP as a PDC working perfect. I tried to do the same on a new install of openSUSE 11.0 using the same procedure and same smb.conf, ldap.conf, slapd.conf and /etc/ldap.conf with smbldap-tools ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: openSUSE 11 as PDC with Samba and LDAP

  1. openSUSE 11 as PDC with Samba and LDAP

    Hi,

    I have openSUSE 10.3 with Samba and LDAP as a PDC working perfect. I
    tried to do the same on a new install of openSUSE 11.0 using the same
    procedure and same smb.conf, ldap.conf, slapd.conf and /etc/ldap.conf
    with smbldap-tools 0.9.5, created a new smbldap.conf and
    smbldap_bind.conf, using the supplied configure script from smbldap-
    tools. I followed the same procedure as I did in 10.3 and Workstations
    can be added to the Domain and are registered in Ldap. Unix users can
    authenticated to LDAP, but a user registered in LDAP can not logon to
    a workstation and it gives an error "The system cannot log you on now
    because the Domain XYZ is not available. When I logon on to the
    workstation as a local Administrator I can browse the Domain and a
    user can open folders after login on to the Domain, but this user can
    not logon on the initial workstation logon screen.
    Following is my smb.conf:
    [global]
    workgroup = XWZ
    netbios name = Neptune
    printing = cups
    printcap name = cups
    printcap cache time = 750
    cups options = raw
    username map = /etc/samba/smbusers
    guest account = nobody
    map to guest = Bad User
    passdb backend = ldapsam:"ldap://127.0.0.1/"
    ldap admin dn = cn=Manager,dc=xyz,dc=com,dc=au
    ldap suffix = dc=xyz,dc=com,dc=au
    ldap group suffix = ou=Groups
    ldap user suffix = ou=Users
    ldap machine suffix = ou=Users
    ldap ssl = No
    add user script = /usr/local/sbin/smbldap-useradd -m "%u"
    add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
    add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
    add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u"
    "%g"
    delete user from group script = /usr/local/sbin/smbldap-groupmod -x
    "%u" "%g"
    set primary group script = /usr/local/sbin/smbldap-usermod -g "%g"
    "%u"
    enable privileges = yes
    domain master = yes
    domain logons = yes
    encrypt passwords = yes
    ldap passwd sync = Yes
    log level = 1
    syslog = 0
    log file = /var/log/samba/log.%m
    time server = Yes
    interfaces = 127.0.0.1 192.168.1.5/24
    hosts allow = 192.168.1.0/255.255.255.0
    socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
    SO_RCVBUF=8192 SO_SNDBUF=8192
    wins support = yes
    Dos charset = 850
    Unix charset = ISO8859-1
    os level = 255
    # Where to store NT user profiles? (passdb)
    logon path = \\Neptune\profiles\.msprofile
    # Where to store 9x/ ME roaming profiles
    logon home = \\Neptune\profiles\.9xprofile

    logon drive = U:
    logon script = %U.bat

    [homes]
    comment = Home Directories
    valid users = %S, %D%w%S
    browseable = No
    read only = No
    directory mask = 0750
    inherit acls = Yes

    [netlogon]
    comment = Network Logon Service
    path = /var/lib/samba/netlogon
    browseable = no
    guest ok = yes
    writable = no
    share modes = no

    [profiles]
    comment = Network Profiles Service
    path = %H
    browseable = no
    read only = No
    writeable = yes
    store dos attributes = Yes
    create mask = 0600
    directory mask = 0700

    [printers]
    comment = All Printers
    path = /var/tmp
    printable = Yes
    browseable = No
    guest ok = Yes
    public = Yes
    writeable = No
    read only = Yes

    [Share]
    comment = Share Directory
    path = /export/shares
    public = yes
    writeable = yes
    printable = no
    create mask = 0770
    directory mask = 0770

    Are there any security changes between 10.3 and 11 which could cause
    this problems and has anyone this working on openSUSE 11?

    Thanks and Regards,
    Horst

  2. Re: openSUSE 11 as PDC with Samba and LDAP

    On Aug 9, 10:40*am, hsi...@optusnet.com.au wrote:
    > Hi,
    >
    > I have openSUSE 10.3 with Samba and LDAP as a PDC working perfect. I
    > tried to do the same on a new install of openSUSE 11.0 using the same
    > procedure and same smb.conf, ldap.conf, slapd.conf and /etc/ldap.conf
    > with smbldap-tools 0.9.5, created a new smbldap.conf and
    > smbldap_bind.conf, using the supplied configure script from smbldap-
    > tools. I followed the same procedure as I did in 10.3 and Workstations
    > can be added to the Domain and are registered in Ldap. Unix users can
    > authenticated to LDAP, but a user registered in LDAP can not logon to
    > a workstation and it gives an error "The system cannot log you on now
    > because the Domain XYZ is not available. When I logon on to the
    > workstation as a local Administrator I can browse the Domain and a
    > user can open folders after login on to the Domain, but this user can
    > not logon on the initial workstation logon screen.
    > Following is my smb.conf:
    > [global]
    > workgroup = XWZ
    > netbios name = Neptune
    > printing = cups
    > printcap name = cups
    > printcap cache time = 750
    > cups options = raw
    > username map = /etc/samba/smbusers
    > guest account = nobody
    > map to guest = Bad User
    > passdb backend = ldapsam:"ldap://127.0.0.1/"
    > ldap admin dn = cn=Manager,dc=xyz,dc=com,dc=au
    > ldap suffix = dc=xyz,dc=com,dc=au
    > ldap group suffix = ou=Groups
    > ldap user suffix = ou=Users
    > ldap machine suffix = ou=Users
    > ldap ssl = No
    > add user script = /usr/local/sbin/smbldap-useradd -m "%u"
    > add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
    > add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
    > add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u"
    > "%g"
    > delete user from group script = /usr/local/sbin/smbldap-groupmod -x
    > "%u" "%g"
    > set primary group script = /usr/local/sbin/smbldap-usermod -g "%g"
    > "%u"
    > enable privileges = yes
    > domain master = yes
    > domain logons = yes
    > encrypt passwords = yes
    > ldap passwd sync = Yes
    > log level = 1
    > syslog = 0
    > log file = /var/log/samba/log.%m
    > time server = Yes
    > interfaces = 127.0.0.1 192.168.1.5/24
    > hosts allow = 192.168.1.0/255.255.255.0
    > socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
    > SO_RCVBUF=8192 SO_SNDBUF=8192
    > wins support = yes
    > Dos charset = 850
    > Unix charset = ISO8859-1
    > os level = 255
    > # Where to store NT user profiles? (passdb)
    > logon path = \\Neptune\profiles\.msprofile
    > # Where to store 9x/ ME roaming profiles
    > logon home = \\Neptune\profiles\.9xprofile
    >
    > logon drive = U:
    > logon script = %U.bat
    >
    > [homes]
    > comment = Home Directories
    > valid users = %S, %D%w%S
    > browseable = No
    > read only = No
    > directory mask = 0750
    > inherit acls = Yes
    >
    > [netlogon]
    > comment = Network Logon Service
    > path = /var/lib/samba/netlogon
    > browseable = no
    > guest ok = yes
    > writable = no
    > share modes = no
    >
    > [profiles]
    > comment = Network Profiles Service
    > path = %H
    > browseable = no
    > read only = No
    > writeable = yes
    > store dos attributes = Yes
    > create mask = 0600
    > directory mask = 0700
    >
    > [printers]
    > comment = All Printers
    > path = /var/tmp
    > printable = Yes
    > browseable = No
    > guest ok = Yes
    > public = Yes
    > writeable = No
    > read only = Yes
    >
    > [Share]
    > comment = Share Directory
    > path = /export/shares
    > public = yes
    > writeable = yes
    > printable = no
    > create mask = 0770
    > directory mask = 0770
    >
    > Are there any security changes between 10.3 and 11 which could cause
    > this problems and has anyone this working on openSUSE 11?
    >
    > Thanks and Regards,
    > Horst


    One more followup, If I logon on as the local Administrator and try to
    add a Domain User from the Control Panel/User Accounts I get following
    error:
    The user could not be added because the following error has occurred:
    The trust relationship between this workstation and the primary domain
    failed.

    Horst

+ Reply to Thread