Web lists-archives.com

Re: [Samba] ldapsam cannot find NT password hash

On 27/05/2019 00:42, David Kowis via samba wrote:

On 5/26/19 10:14 AM, Rowland penny via samba wrote:
Just curious, since I appear to be running a PDC, is there a way to have
a standalone samba server, and just get the user/password information
from LDAP without doing all the domain stuff? That's actually what I'd
like to do. I don't need a domain controller.
I sort of thought you didn't

Try this:

remove 'security = user' which will make it 'security = auto'

Change these:

     domain logons = yes
     server role = member server


     domain logons = no
     server role = standalone server

This should get you a standalone server with users in LDAP.

I must point out that I have never tried the above, but it should work.
Sadly, it doesn't seem to, or it's a combination of how I must configure
things in FreeNAS land. `testparm` shows the expected output with a few
exceptions. Fortunately, I'm able to override settings in the smb4.conf
by specifying them again, and last-one-in-wins:

It is showing up as a ROLE_STANDALONE server, but I do see during the
startup of smbd:

I assume that's from the lines, but I don't know.
         idmap config nosgoth: ldap_url = ldap://pione.dark.kow.is
         idmap config nosgoth: ldap_user_dn =
         idmap config nosgoth: ldap_base_dn = ou=idmap,dc=dark,dc=kow,dc=is
         idmap config nosgoth: range = 10000-90000000
         idmap config nosgoth: backend = ldap

Is there a way to specify things by setting them to empty? I can't
delete the entries, because FreeNAS auto-generates this file on boot
from it's configuration database, but I can append to the end and
include stuff that overrides the existing setup....

Thanks again!
-- David

I showed you how I got a PDC to work, forget the PDC bit, I could only get the LDAP part to work by putting everything into the default domain (*). I tried the way that works on a Unix domain member, separate 'DOMAIN' and '*' lines, but I could not get this to work. I rapidly came to the point that setting up a new PDC was a bad idea, but in your case, you don't really have much choice, because of the ACLs used on freenas.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba