samba+ldap BDC configuration

My smb.conf file for Samba+Ldap Setup is
-------------------------------------------------------------


[global]

workgroup = abc
server string = abcdel2
netbios name = abcdel2
guest account = vishesh
ldap passwd sync = yes

log file = /var/log/samba/%m.log
log level = 2

security = user
passdb backend = ldapsam:ldap://127.0.0.1
ldap suffix = dc=abc,dc=del
ldap machine suffix = ou=Computers
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap admin dn= "uid=root,ou=People,dc=abc,dc=del"


# --------------- Domain Controller Options -----------------
local master = no
os level=60
preferred master=no
domain master = no
domain logons = yes

#============ Share Definitions ## ##

[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = yes
writable = no
share modes = no

[design]
comment = "home folder for design department"
path = /data/design
follow symlinks = yes
vfs object = recycle
recycle:repository = /data/design/Trash
recycle:keeptrace = Yes
recycle:versions = Yes
recycle:touch = Yes
recycle:exclude = Thumbs.db
recycle:exclude_dir = /data/design/Trash
writeable = yes
create mask = 644
directory mask = 2755
[home]
comment = "home folder for bwedit"
path = /data/edit/home
follow symlinks = yes
vfs object = recycle
recycle:repository = /data/edit/home/Trash
recycle:keeptrace = Yes
recycle:versions = Yes
recycle:touch = Yes
recycle:exclude = Thumbs.db
recycle:exclude_dir = /data/edit/home/Trash
writeable = yes
create mask = 644
directory mask = 2755

[user]
comment = " home directory to tt feature and ab edit users"
path = /data/edit/user
follow symlinks = yes
vfs object = recycle
recycle:repository = /data/edit/user/Trash
recycle:keeptrace = Yes
recycle:versions = Yes
recycle:touch = Yes
recycle:exclude_dir = /data/edit/user/Trash
recycle:exclude = Thumbs.db
writeable = yes
create mask= 644
directory mask = 2755
[mark]
comment = "marketting users"
path = /data/marketting
follow symlinks = yes
vfs object = recycle
vfs:repository = /data/marketting/Trash
vfs:keeptrace = Yes
recycle:versions = Yes
recycle:touch = Yes
recycle:exclude = Thumbs.db
recycle:exclude_dir = /data/marketting/Trash
writeable = yes
create mask = 644
directory mask = 2755

[system]
comment = "home folder for it"
path = /data/system
follow symlinks = yes
vfs object = recycle
recycle:repository = /data/system/Trash
recycle:keeptrace = Yes
recycle:versions = Yes
recycle:touch = Yes
recycle:exclude_dir = /data/system/recycle-bin/
recycle:exclude = Thumbs.db
writeable = yes

[com]
path=/data/marketting/com
follow symlinks = yes
vfs object = recycle
recycle:repository = /data/marketting/Trash
recycle:keeptrace = Yes
recycle:versions = Yes
recycle:touch = Yes
recycle:exclude = Thumbs.db
recycle:exclude_dir = /data/marketting/Trash
writeable=yes
[common]
path=/data/internet/common
writable = yes
write list =abp\itadmin
create mask = 2644
directory mask = 2755


--
After configuration i started samba, and ensure that both PDC and BDC have SID number. To get sid number of BDC, i executed following command on BDC.
root#net rpc info
If SID number mismatch then following command set SID same as of PDC
root#net rpc getsid
Posted by

My server is PDC ?

If suppose you are on a linux system and want to be sure that the computer with name abcdel1 in your PDC ,
#nmblookup -A abcdel1
If given command list
ABC <1c> . H
ABC <1b> . H

That means system abcdel1 is PDC for domain ABC.

In the same way you can find BDC for your domain

#nmblookup -A abcdel2
Posted by

create mask vs force create mode

In in newly samba setup i want full permission for every user, so i specified parameter
create mask = 777
But result was not as per expectation , what permission i get on newly created files inside share folder was 766, it surprised me. Hint i got from samba list is that ' create mask' work along with umask parameter. if anyone want to overcome umask value 'force create mode' is right option.
Now my problem get solved by setting
force create mode =777
Posted by

samba+ldap configuration

After working with linux file server+windows 2003 AD , last week we switched to samba+ldap configuration. Users, computers and group account now get stored in openldap database. My ideal setup that is functioning properly from last one week without any issues is as follows .



[global]
      workgroup = abc
server string = abcdel1
netbios name = abcdel1
      guest account = vishesh
      ldap passwd sync = yes
      security = user
passdb backend = ldapsam:ldap://127.0.0.1
ldap suffix = dc=abc,dc=del
ldap machine suffix = ou=Computers
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap admin dn= "uid=root,ou=People,dc=abc,dc=del"
      domain master = yes
domain logons = yes
      logon path =     
add user script = /usr/sbin/smbldap-useradd "%u"
add group script = /usr/sbin/smbldap-groupadd "%g"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
delete group script = /usr/sbin/smbldap-groupdel "%g"
      local master =  yes
os level =  254
preferred master = yes
      wins support = yes

[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = yes
writable = no
share modes = no



Posted by
Subscribe to: Posts (Atom)