So I think you're missing one fundamental thing here. You still need to create the users in 389 to get this working correctly and have them show up in 'getent password', you might have to enumerate the users too. So adding the samba schema extends and adds the samba attributes to 389 but nothing is filling out the information For example, objectclass: sambaDomain objectclass: sambaUnixIdPool sambaDomainName: <YOURWORKGROUP> sambaSID: S-1-5-21-1803520230-1543781662-649387223 << You have to ask yourself what generates this? Nothing in 389 will, but smbpasswd -a will, so first make sure you can get a userlist on your linux machine, getent passwd -s ldap $userid Does the user show up? If it doesn't, configure your ldap.conf/nsswitch.conf/pam.d/* again or sssd. Dan -----Original Message----- From: upen [mailto:upendra.gandhi@xxxxxxxxx] Sent: Thursday, November 8, 2012 10:09 PM To: Dan Lavu Cc: General discussion list for the 389 Directory server project. Subject: Re: samba+ldap On 11/8/12, Dan Lavu <dan@xxxxxxxx> wrote: > I also found the samba/ldap docs lacking, when I first tried to setup > this up. Then I turned around and configured Kerberos/AD with samba > and used Kerberos auth for my Linux machines. > > Now that I've done quite a few 389 implementations and going through > that doc again, it's makes sense to me. What part are you having trouble with? > > Dan > > *From:* upen <upendra.gandhi@xxxxxxxxx> > *Sent:* November 8, 2012 5:33 PM > *To:* General discussion list for the 389 Directory server project. > *Subject:* samba+ldap > > Hello, > > I am trying to setup Samba with existing 389-ds on the same server. > Following http://directory.fedoraproject.org/wiki/Howto:Samba didn't help. > Does anyone know if there is any other useful updated document for > this purpose? Thanks for your feedback Dan. I started noticing issue after completing the steps from that Howto. First problem I encountered was smbadduser -a didn't work. smbpasswd -a testuser New SMB password: Retype new SMB password: Failed to modify password entry for user testuser Then, out of curiosity I added a testuser account in local unix account(non ldap) and smbpasswd -a testuser worked after than change. I really don't want to follow this path. Why would there be a need to add local users in unix? Isn't there any other simpler way? I wonder. After doing smbpasswd -a, I checked ldap database for user account. ldapsearch -x -Z '(uid=testuser)' # extended LDIF # # LDAPv3 # base <> with scope subtree # filter: (uid=testuser) # requesting: ALL # # testuser, People, dn: uid=testuser,ou=People,dc=abc,dc=def,dc=ghi uid: testuser sambaSID: S-1-5-21-21252568-3149985612-3984985731-2004 sambaLMPassword: 19DA5A9CC97F169BAAD3B435B51404EE sambaNTPassword: 0B6549421B2E7333E0E281F3BA5EEA94 sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaPwdLastSet: 1352429483 sambaAcctFlags: [U ] objectClass: sambaSamAccount objectClass: account objectClass: top I don't see uidnumber and gidnumber. Not sure what went wrong. Thanks. -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
