I'm having second thoughts about how EXACTLY the smb.conf global section should look for other servers on the network that are looking to the zimbra server for authentication.
Currently this is my smb.conf:
Quote:
[global]
name resolve order = wins bcast hosts
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
obey pam restrictions = no
enable privileges = yes
passwd program = /usr/bin/passwd %u
netbios name = emailserver
ldap passwd sync = yes
workgroup = WorkSpace
server string = emailserver
os level = 60
syslog only = no
security = user
max log size = 1000
log level = 3
log file = /var/log/samba/log.%m
socket options = TCP_NODELAY
encrypt passwords = yes
logon home = \\mail.domain.com\%U
local master = yes
wins support = yes
domain logons = yes
domain master = yes
passdb backend = ldapsam:ldap://mail.domain.com/
ldap admin dn = "cn=config"
ldap suffix = dc=domain,dc=com
ldap user suffix = ou=people
ldap group suffix = ou=groups
ldap machine suffix = ou=machines
password server = 192.168.1.248 emailserver
wins server = 192.168.1.248
logon path =
logon script =
add user script = /usr/sbin/useradd "%u" -n -g users
add group script = /usr/sbin/groupadd "%g"
add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
delete user script = /usr/sbin/userdel "%u"
delete user from group script = /usr/sbin/userdel "%u" "%g"
delete group script = /usr/sbin/groupdel "%g"
syslog = 0
ldap ssl = no
# realm = mail.domain.com
# client lanman auth = no
# client ntlmv2 auth = yes
hosts allow 192.168.1 192.168.2 192.168.3 192.168.4 192.168.5 192.168.10
# hosts deny
[netlogon]
browseable = no
comment = Network Logon Service
locking = no
public = yes
path = /etc/samba/netlogon
available = yes
[profiles]
browseable = no
comment = Users profiles
writable = yes
path = /etc/samba/profiles
available = yes
[profdata]
profile acls = Yes
browseable = no
comment = Profile Data Share
writable = yes
path = /etc/samba/profdata
available = yes
|
now...according to this:
[Chapter 6] 6.3 Authentication Security
it says:
Quote:
You can configure Samba to use a separate password server under server-level security with the use of the password server global configuration option, as follows:
[global]
security = server
password server = PHOENIX120 HYDRA134
Note that you can specify more than one machine as the target of the password server ; Samba will move down the list of servers in the event that its first choice is unreachable. The servers identified by the password server option are given as NetBIOS names, not their DNS names or equivalent IP addresses. Also, if any of the servers reject the given password, the connection will automatically fail - Samba will not attempt another server.
|
...based on that security should be SERVER and the password server should not be an IP address...though on my conf I use USER and and IP address...What exactly is the correct setting...?
I ask because sometimes authentication from the server to the zimbra server fails, and can't find the authentication server....but after restarting samba a million times, it'll eventually find it...I feel it's a setting in the global section that's causing this....hence the needed clarification...
Thanks!
Bugzilla
Wiki
Source
samba/ldap/zimbra - smb.conf 
Linear Mode
