LinkBack URL
About LinkBacks
Zimbra + Samba LDAP auth problems
Hello all,
I install zimbra 4.5.6 on Opensuse10.2. Works great!
Then I also want it as Samba PDC, so I follow Greg's howto, and all seem OK. From zimbra UI, I can add account and posix group.
But, I notice that when do 'getent passwd' and 'getent group', I cannot see the account and group created from zimbra.
Seems like the samba server cannot see the LDAP?
Can anyone please help me to troubleshoot it?
This is my confs (please let me know if there's more to provide):
Code:smb.conf: [global] workgroup = vulcan.com netbios name = fajar102 os level = 33 preferred master = yes enable privileges = yes server string = %h server (Samba, Opensuse102) wins support = yes dns proxy = no name resolve order = wins bcast hosts log file = /var/log/samba/log.%m log level = 3 max log size = 1000 syslog only = no syslog = 5 #panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = true ldap passwd sync = yes passdb backend = ldapsam:ldap://192.168.1.101 ldap admin dn ="uid=zimbra,cn=admins,cn=zimbra" ldap suffix = dc=vulcan,dc=com ldap group suffix = ou=groups ldap user suffix = ou=people ldap machine suffix = ou=machines obey pam restrictions = no passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUnix\spassword:* %n\n *Retype\snew\sUnix\spassword:* %n\n *password\supdated\ssuccessfully* domain logons = yes logon path = \\fajar102.vulcan.com\%U\profile logon home = \\fajar102.vulcan.com\%U logon script = logon.cmd #add user script = /usr/sbin/useradd --quiet --disabled-password --gecos "" %u #add machine script = /usr/sbin/useradd --shell /bin/false --disabled-password --quiet "machine account" --force-badname %u ######## FOR OPENSUSE ?? ########## username map = /etc/samba/smbusers add user script = /usr/local/bin/smbldap-useradd -m %u delete user script = /usr/local/bin/smbldap-userdel %u add group script = /usr/local/bin/smbldap-groupadd -p %g delete group script = /usr/local/bin/smbldap-groupdel %g add user to group script = /usr/local/bin/smbldap-groupmod -m %g %u delete user from group script = /usr/local/bin/smbldap-groupmod -x %g %u set primary group script = /usr/local/bin/smbldap-usermod -g %g %u add machine script = /usr/local/bin/smbldap-useradd -w %u # if you want to add machines to domain automaticaly, add machine script is: add machine script = /usr/local/bin/smbldap-useradd -w -i %u ################################# socket options = TCP_NODELAY domain master = yes local master = yes
Code:pam.d/common-account account requisite pam_unix2.so account sufficient pam_localuser.so account required pam_ldap.so use_first_pass pam.d/common-auth auth required pam_env.so auth sufficient pam_unix2.so auth required pam_ldap.so use_first_pass pam.d/common-password password requisite pam_pwcheck.so nullok cracklib password sufficient pam_unix2.so nullok use_authtok password required pam_ldap.so try_first_pass use_authtok pam.d/common-session session required pam_limits.so session required pam_unix2.so session optional pam_ldap.so session optional pam_umask.so session required pam_mkhomedir.so skel=/etc/skel umask=0022Code:nsswitch.conf: #ORIGINAL SUSE #passwd: compat #group: compat #FOR ZIMBRA passwd: files ldap group: files ldap hosts: files dns networks: files dns services: files ldap protocols: files rpc: files ethers: files netmasks: files netgroup: files ldap publickey: files bootparams: files automount: files nis aliases: files ldap passwd_compat: ldap group_compat: ldapCode:/etc/openldap/ldap.conf TLS_REQCERT allow host fajar102.vulcan.com base dc=vulcan,dc=com binddn uid=zimbra,cn=admins,cn=zimbra bindpw 123456 rootbinddn uid=zimbra,cn=admins,cn=zimbra uri ldap://fajar102.vulcan.com bind_policy soft
(it's also a US holiday btw)
