Hello all,
I install zimbra 4.5.6 on Opensuse10.2. Works great!
Then I also want it as Samba PDC, so I follow Greg's howto, and all seem OK. From zimbra UI, I can add account and posix group.
But, I notice that when do
'getent passwd' and
'getent group', I cannot see the account and group created from zimbra.
Seems like the samba server cannot see the LDAP?
Can anyone please help me to troubleshoot it?
This is my confs (please let me know if there's more to provide):
Code:
smb.conf:
[global]
workgroup = vulcan.com
netbios name = fajar102
os level = 33
preferred master = yes
enable privileges = yes
server string = %h server (Samba, Opensuse102)
wins support = yes
dns proxy = no
name resolve order = wins bcast hosts
log file = /var/log/samba/log.%m
log level = 3
max log size = 1000
syslog only = no
syslog = 5
#panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
ldap passwd sync = yes
passdb backend = ldapsam:ldap://192.168.1.101
ldap admin dn ="uid=zimbra,cn=admins,cn=zimbra"
ldap suffix = dc=vulcan,dc=com
ldap group suffix = ou=groups
ldap user suffix = ou=people
ldap machine suffix = ou=machines
obey pam restrictions = no
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUnix\spassword:* %n\n *Retype\snew\sUnix\spassword:* %n\n *password\supdated\ssuccessfully*
domain logons = yes
logon path = \\fajar102.vulcan.com\%U\profile
logon home = \\fajar102.vulcan.com\%U
logon script = logon.cmd
#add user script = /usr/sbin/useradd --quiet --disabled-password --gecos "" %u
#add machine script = /usr/sbin/useradd --shell /bin/false --disabled-password --quiet "machine account" --force-badname %u
######## FOR OPENSUSE ?? ##########
username map = /etc/samba/smbusers
add user script = /usr/local/bin/smbldap-useradd -m %u
delete user script = /usr/local/bin/smbldap-userdel %u
add group script = /usr/local/bin/smbldap-groupadd -p %g
delete group script = /usr/local/bin/smbldap-groupdel %g
add user to group script = /usr/local/bin/smbldap-groupmod -m %g %u
delete user from group script = /usr/local/bin/smbldap-groupmod -x %g %u
set primary group script = /usr/local/bin/smbldap-usermod -g %g %u
add machine script = /usr/local/bin/smbldap-useradd -w %u
# if you want to add machines to domain automaticaly, add machine script is:
add machine script = /usr/local/bin/smbldap-useradd -w -i %u
#################################
socket options = TCP_NODELAY
domain master = yes
local master = yes
Code:
pam.d/common-account
account requisite pam_unix2.so
account sufficient pam_localuser.so
account required pam_ldap.so use_first_pass
pam.d/common-auth
auth required pam_env.so
auth sufficient pam_unix2.so
auth required pam_ldap.so use_first_pass
pam.d/common-password
password requisite pam_pwcheck.so nullok cracklib
password sufficient pam_unix2.so nullok use_authtok
password required pam_ldap.so try_first_pass use_authtok
pam.d/common-session
session required pam_limits.so
session required pam_unix2.so
session optional pam_ldap.so
session optional pam_umask.so
session required pam_mkhomedir.so skel=/etc/skel umask=0022
Code:
nsswitch.conf:
#ORIGINAL SUSE
#passwd: compat
#group: compat
#FOR ZIMBRA
passwd: files ldap
group: files ldap
hosts: files dns
networks: files dns
services: files ldap
protocols: files
rpc: files
ethers: files
netmasks: files
netgroup: files ldap
publickey: files
bootparams: files
automount: files nis
aliases: files ldap
passwd_compat: ldap
group_compat: ldap
Code:
/etc/openldap/ldap.conf
TLS_REQCERT allow
host fajar102.vulcan.com
base dc=vulcan,dc=com
binddn uid=zimbra,cn=admins,cn=zimbra
bindpw 123456
rootbinddn uid=zimbra,cn=admins,cn=zimbra
uri ldap://fajar102.vulcan.com
bind_policy soft