Profile Details

Toggle Sidebar
Recent updates
  • James Joseph
    James Joseph replied to a discussion, Ldap password sync samba

    Nick Howitt wrote:

    hmm. I think I'd like to retract my last reply. I did not realise you were flipping a pre-existing parameter. In this case, if you remove it from smb.ldap.conf, it is likely that ClearOS will recreate it. Also, if it is set to No there, there is probably a good reason. You'll need to devs to post.

    You could try to experiment, setting "ldap password sync" above or below the "include = /etc/samba/smb.ldap.conf" line in smb.conf and see which takes precedence or even if samba allows it to be set twice.


    Nick, thanks I'll try this on a test server first before trying to change it on a live environment don't want to break anything. It seems weird that the devs would stop this from working by default, I have done some researching regarding this some people say it's slow to change passwords when using it but when I've enabled it, seemed pretty quick to me.

  • James Joseph
    James Joseph replied to a discussion, Ldap password sync samba

    *bump*
    Changed the group as it may be in the wrong place, would really like advice with this as I would of expected this to be a core feature in clearos for domain joining and to not be available seems weird.

  • James Joseph
    James Joseph started a new discussion, Ldap password sync samba

    Ldap password sync samba

    I'm trying to set up password sync for samba as users can't change their passwords using ctr + alt + del. In the end I was able to get this to work using ldap password sync = Yes In the /etc/samba/smb.ldap.conf

    However this seems to reset back to No after a server reboot which is obviously a problem as I would like staff to be able to reset their passwords using this.

    What I would like to know is:
    1) Is it safe to delete this from smb.ldap.conf and put it into smb.conf without any issues what so ever?
    2) Why is this resetting and if I can't do 1) How to I configure my clearos to allow users to change their passwords using ctrl + alt + del?

  • Nick Howitt wrote:

    James Joseph wrote:Trash bins work by doing this also?
    They should. When I originally made my change, trash bins weren't in the flexshare.conf and I never got round to adding them once they appeared. They are just part of the share definition.

    I am not sure that trash bins purge. There are a couple of one liners somewhere on the forum to purge the trash bin based on the number of days in trash, if you care to search for them,


    Thanks Nick your help is greatly appreciated.

  • James Joseph
    James Joseph likes the reply for the discussion, Re: granular permissions, still not possible?

    James Joseph wrote:Trash bins work by doing this also?
    They should. When I originally made my change, trash bins weren't in the flexshare.conf and I never got round to adding them once they appeared. They are just part of the share definition.

    I am not sure that trash bins purge. There are a couple of one liners somewhere on the forum to purge the trash bin based on the number of days in trash, if you care to search for them,

  • James Joseph
    James Joseph likes the reply for the discussion, Re: granular permissions, still not possible?

    I don't use flexshares so I don't know what group issue you are facing. I had to move away from flexshares as I need a sub-folder to have restricted permissions compared to the parent.

    If you can't resolve this in the flexshare environment, what you can do is copy some or all of your flexshare definitions (/etc/samba.d/flexshare.conf?) into another file, say /etc/samba.d/myshares.conf. Then edit /etc/samba.d/smb.conf and add a line "include /etc/samba.d/myshares.conf". I added mine after the other include line. You can then remove the relevant definitions from flexshare.conf. ClearOS won't override this new file and you can change it as you want. Important to me was adding the "force group" and "create mask" directives.

  • That sounds...promising, it's a shame it has to be that way cause then it starts to turn away from a standard server to a more hack/custom server but if it works then I guess I got no other choice. Trash bins work by doing this also?

  • granular permissions, still not possible?

    I've been wondering this for a while but is it still not possible on the server side to set granular permissions, is there a way to stop flex share from forcing the group changes all the time?

    If not can a user themselves make granular permissions on the server shares themselves? Or would flexshare simply force back the group.

  • James Joseph
    James Joseph replied to a discussion, OpenLDAP ClearOS 6.6

    Hans wrote:

    @James, any luck getting a decent ldap setup yet? I have problems getting mac os x clients to authenticate to ClearOS 6.6 Openldap.
    Connecting from the specific clients with ldap editors like LDAP Admin work fine. I think I'm still missing some configuration steps on the Mac to finish authentication. It just won't let me find the ldap server. It says, "Server not responding".


    Hans I recently just had an issue with Ldap on a clients machine, it wouldn't load up at all, doing what was done in the previous ldap thread resolved nothing for me. I was able to fix it by nuking the accesslogs in /var/lib/ldap/accesslogs/ please back yours up before you do this by copying the ldap folder



    I hope this works for you. It definitely did for me.

  • James Joseph
    James Joseph replied to a discussion, OpenLDAP ClearOS 6.6

    @Hans Ldap works now with doing the yum update, for me personally. I'd disable local network if your still having problems but it should be fine.