Web lists-archives.com

Re: [Samba] ldapsam cannot find NT password hash




On 27/05/2019 00:42, David Kowis via samba wrote:

On 5/26/19 10:14 AM, Rowland penny via samba wrote:
Just curious, since I appear to be running a PDC, is there a way to have
a standalone samba server, and just get the user/password information
from LDAP without doing all the domain stuff? That's actually what I'd
like to do. I don't need a domain controller.
I sort of thought you didn't

Try this:

remove 'security = user' which will make it 'security = auto'

Change these:

     domain logons = yes
     server role = member server

To:

     domain logons = no
     server role = standalone server

This should get you a standalone server with users in LDAP.

I must point out that I have never tried the above, but it should work.
Sadly, it doesn't seem to, or it's a combination of how I must configure
things in FreeNAS land. `testparm` shows the expected output with a few
exceptions. Fortunately, I'm able to override settings in the smb4.conf
by specifying them again, and last-one-in-wins:
https://termbin.com/ausk

It is showing up as a ROLE_STANDALONE server, but I do see during the
startup of smbd:
https://pastebin.com/Fgd8PPXb

I assume that's from the lines, but I don't know.
```
         idmap config nosgoth: ldap_url = ldap://pione.dark.kow.is
         idmap config nosgoth: ldap_user_dn =
cn=sambaadmin,dc=dark,dc=kow,dc=is
         idmap config nosgoth: ldap_base_dn = ou=idmap,dc=dark,dc=kow,dc=is
         idmap config nosgoth: range = 10000-90000000
         idmap config nosgoth: backend = ldap
```

Is there a way to specify things by setting them to empty? I can't
delete the entries, because FreeNAS auto-generates this file on boot
from it's configuration database, but I can append to the end and
include stuff that overrides the existing setup....

Thanks again!
-- David

I showed you how I got a PDC to work, forget the PDC bit, I could only get the LDAP part to work by putting everything into the default domain (*). I tried the way that works on a Unix domain member, separate 'DOMAIN' and '*' lines, but I could not get this to work. I rapidly came to the point that setting up a new PDC was a bad idea, but in your case, you don't really have much choice, because of the ACLs used on freenas.

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba