[Samba] samba(PDC, machine A) + LDAP (machine B)?

Joerg Pulz Joerg.Pulz at frm2.tum.de
Fri Sep 12 14:09:10 GMT 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 11 Sep 2003, lskuo wrote:

>   Because now before creating a samba account, one must
> create an unit account, right?

right!

>   My goal is as follows:
>
> 1. Master LDAP (server A): responsible for the master copy
> of the account information
> 2. Slave LDAP (server B): synchronizing the database with
> the Master LDAP through LDAP's slurpd
> 3. Samba PDC server (server C): the option of the ldap
> server is pointed to server B.

sounds good, thats exactly what i've done here..

> Is it doable for current samba?
> I am using FreeBSD 5.0

no easy way..
first upgrade your system to FreeBSD-5.1 (this is the point in time where
FreeBSD starts supporting dynamic NSS modules. you need it because
nss_ldap is the way to get unix accounts out of an LDAP tree)

>   If anyone knows how to do it, please instruct me in
> details. Thank you very much.

okay, i will try it.

1. install/upgrade your system to FreeBSD-5.1
2. use 'cvsup' to get the latest ports-tree \
   (not necessary when using binary packages)
3. install openldap21 from ports (net/openldap21-server)
4. configure it
5. install nss_ldap from ports (net/nss_ldap)
6. configure nss_ldap and \
   symlink '/usr/local/etc/ldap.[conf|secret]' to '/etc' \
   because ist hardcoded in the nss module
7. create '/etc/nsswitch.conf' and insert the follwoing 3 lines:
- --snip
passwd: files [NOTFOUND=continue] ldap
group: files [NOTFOUND=continue] ldap
hosts: files dns
- --snap
8. install samba from ports (net/samba) it's samba-2.2.8a \
   DON'T forget to pass 'WITH_LDAP=yes' to the 'make' command
9. configure samba to use LDAP \
   (read the Samba-HOWTO-Collection or 'man 5 smb.conf')
10. copy \
    '/usr/ports/net/samba/work/samba-2.2.8a/examples/LDAP/samba.schema' \
    to '/usr/local/etc/openldap/schema/samba.schema' and include it in \
    your '/usr/local/etc/openldap/slapd.conf'
11. add 'slapd_enable="YES"' to your '/etc/rc.conf'
12. add 'slurpd_enable="YES"' to your '/etc/rc.conf' \
    (only on the LDAP Master / PDC)
13. start 'slapd' with '/usr/local/etc/rc.d/slapd.sh start'
14. add the main LDAP entries as mentioned in the OpenLDAP documentation
15. add account entries as mentioned in the Samba-HOWTO-Collection
16. check if FreeBSD recognizes the new added account(s) using 'id'
17. start samba with '/usr/local/etc/rc.d/samba.sh start'
18. try to connect from a windows machine and to join the domain

if everything is working you've finished the hard part..

for the LDAP Slaves / BDC's repeat step 1 to 11.
for the steps after 11 read the OpenLDAP doc's about replication and read
the Samba doc's about setting up an BDC

HINT: add 'local4.* /var/log/slapd.log' to '/etc/syslog.conf' and restart
syslogd to see the 'slapd' log messages. don't forget to 'touch
/var/log/slapd.log'
and add '/var/log/slapd.log 640 7 * @T00 J' to '/etc/newsyslog.conf' to
get the a new log for every day.

happy trying
keep on asking if you have further questions..

joerg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (FreeBSD)

iD8DBQE/YdOJSPOsGF+KA+MRAt1qAKDPoW2wBLYMuPAyMdBZLEE3TjgNpwCgmjny
Qql6BCXpy29RIU54w5BtfF4=
=TCur
-----END PGP SIGNATURE-----

More information about the samba mailing list