samba+ldap BDC configuration

My smb.conf file for Samba+Ldap Setup is
-------------------------------------------------------------


[global]

workgroup = abc
server string = abcdel2
netbios name = abcdel2
guest account = vishesh
ldap passwd sync = yes

log file = /var/log/samba/%m.log
log level = 2

security = user
passdb backend = ldapsam:ldap://127.0.0.1
ldap suffix = dc=abc,dc=del
ldap machine suffix = ou=Computers
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap admin dn= "uid=root,ou=People,dc=abc,dc=del"


# --------------- Domain Controller Options -----------------
local master = no
os level=60
preferred master=no
domain master = no
domain logons = yes

#============ Share Definitions ## ##

[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = yes
writable = no
share modes = no

[design]
comment = "home folder for design department"
path = /data/design
follow symlinks = yes
vfs object = recycle
recycle:repository = /data/design/Trash
recycle:keeptrace = Yes
recycle:versions = Yes
recycle:touch = Yes
recycle:exclude = Thumbs.db
recycle:exclude_dir = /data/design/Trash
writeable = yes
create mask = 644
directory mask = 2755
[home]
comment = "home folder for bwedit"
path = /data/edit/home
follow symlinks = yes
vfs object = recycle
recycle:repository = /data/edit/home/Trash
recycle:keeptrace = Yes
recycle:versions = Yes
recycle:touch = Yes
recycle:exclude = Thumbs.db
recycle:exclude_dir = /data/edit/home/Trash
writeable = yes
create mask = 644
directory mask = 2755

[user]
comment = " home directory to tt feature and ab edit users"
path = /data/edit/user
follow symlinks = yes
vfs object = recycle
recycle:repository = /data/edit/user/Trash
recycle:keeptrace = Yes
recycle:versions = Yes
recycle:touch = Yes
recycle:exclude_dir = /data/edit/user/Trash
recycle:exclude = Thumbs.db
writeable = yes
create mask= 644
directory mask = 2755
[mark]
comment = "marketting users"
path = /data/marketting
follow symlinks = yes
vfs object = recycle
vfs:repository = /data/marketting/Trash
vfs:keeptrace = Yes
recycle:versions = Yes
recycle:touch = Yes
recycle:exclude = Thumbs.db
recycle:exclude_dir = /data/marketting/Trash
writeable = yes
create mask = 644
directory mask = 2755

[system]
comment = "home folder for it"
path = /data/system
follow symlinks = yes
vfs object = recycle
recycle:repository = /data/system/Trash
recycle:keeptrace = Yes
recycle:versions = Yes
recycle:touch = Yes
recycle:exclude_dir = /data/system/recycle-bin/
recycle:exclude = Thumbs.db
writeable = yes

[com]
path=/data/marketting/com
follow symlinks = yes
vfs object = recycle
recycle:repository = /data/marketting/Trash
recycle:keeptrace = Yes
recycle:versions = Yes
recycle:touch = Yes
recycle:exclude = Thumbs.db
recycle:exclude_dir = /data/marketting/Trash
writeable=yes
[common]
path=/data/internet/common
writable = yes
write list =abp\itadmin
create mask = 2644
directory mask = 2755


--
After configuration i started samba, and ensure that both PDC and BDC have SID number. To get sid number of BDC, i executed following command on BDC.
root#net rpc info
If SID number mismatch then following command set SID same as of PDC
root#net rpc getsid
Posted by

My server is PDC ?

If suppose you are on a linux system and want to be sure that the computer with name abcdel1 in your PDC ,
#nmblookup -A abcdel1
If given command list
ABC <1c> . H
ABC <1b> . H

That means system abcdel1 is PDC for domain ABC.

In the same way you can find BDC for your domain

#nmblookup -A abcdel2
Posted by

create mask vs force create mode

In in newly samba setup i want full permission for every user, so i specified parameter
create mask = 777
But result was not as per expectation , what permission i get on newly created files inside share folder was 766, it surprised me. Hint i got from samba list is that ' create mask' work along with umask parameter. if anyone want to overcome umask value 'force create mode' is right option.
Now my problem get solved by setting
force create mode =777
Posted by

samba+ldap configuration

After working with linux file server+windows 2003 AD , last week we switched to samba+ldap configuration. Users, computers and group account now get stored in openldap database. My ideal setup that is functioning properly from last one week without any issues is as follows .



[global]
      workgroup = abc
server string = abcdel1
netbios name = abcdel1
      guest account = vishesh
      ldap passwd sync = yes
      security = user
passdb backend = ldapsam:ldap://127.0.0.1
ldap suffix = dc=abc,dc=del
ldap machine suffix = ou=Computers
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap admin dn= "uid=root,ou=People,dc=abc,dc=del"
      domain master = yes
domain logons = yes
      logon path =     
add user script = /usr/sbin/smbldap-useradd "%u"
add group script = /usr/sbin/smbldap-groupadd "%g"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
delete group script = /usr/sbin/smbldap-groupdel "%g"
      local master =  yes
os level =  254
preferred master = yes
      wins support = yes

[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = yes
writable = no
share modes = no



Posted by

Christmas Gift

Today i got christmas gift from myself. From a long time my samba setup suffering from problem of 'network unavailable messges' . Today i got reason of that problem. This error come when my virtual ip conflict with active virtual ip with other server. When our abpdel2 server goes down due to script, ip 10.11.0.107 assigned to abpdel1. After activating abpdel2 if we forget to unactive assigned virtual ip 10.11.0.107 from abpdel1 then that message come.
Posted by

winbind reconnect delay

Today browsing samba.org, i noticed release news of samba 3.3.0rc2. The long waited feature i found is 'winbind reconnect delay' this parameter is used to set timeout for considering windows domain unavailibility. The dault value of this parameter is 30 that cane be changed.
Posted by
Q. Windows seems to treat authentication as a per server bases. Once you've logged in as one user it will try to use that users credentials for the next share from that server. I haven't figured out a workaround but it would be great if someone knows one. Sometimes Windows doesn't even show that you are connected to a share and the client has to be rebooted before you'll get the login prompt again to pick a different login name from what I've seen. Definitely not ideal behavior.

Ans.
Connect to the netbios name for one share.Connect to the ip address for the other share.
This will allow different credentials.Don't know if you need more than two....
Posted by
Subscribe to: Posts (Atom)