[Samba] /etc/hosts and DHCP

Rowland Penny rowlandpenny241155 at gmail.com
Mon Sep 28 18:12:49 UTC 2015 

On 28/09/15 18:48, Ross Boylan wrote:
> On Mon, Sep 28, 2015 at 1:58 AM, mathias dufresne <infractory at gmail.com>
> wrote:
>
>> 2015-09-25 23:44 GMT+02:00 Ross Boylan <rossboylan at stanfordalumni.org>:
>> [snip]
>>> I have been looking for a way to centralize account management within my
>>> linux machines, but doing so via AD sounds very indirect.
>>>
>> What do you meant by "looking for a way to centralize account management
>> within my linux machines"?
>>
> I have a bunch of Linux machines, mostly VM's.  They have a bunch of
> standard accounts, my personal account, and a few miscellaneous accounts
> that vary by machines.  Most of the account names are generic, e.g., root
> or cups, and their scope should be limited to my systems (e.g., my root is
> not the root account on someone else's Linux boxes).  I want to ensure that
> the uids and gids are associated with the same accounts on each machine.  I
> was getting ready to do so using LDAP.

I think you need to do some more reading, root is root is root! root's 
uid is '0' *everywhere*. You should *not* put any user or group whose 
uid number appears in /etc/passwd or /etc/group into LDAP never mind AD. 
They need to exist only on the machine because you will not be able to 
do anything if they are in LDAP and it crashes. If you use the same 
distro on all machines, the numbers will be the same anyway, in fact 
there will be little difference even if you use very different distros 
i.e. Debian and Centos.

>
> Both Samba and AD use LDAP, though I gather with Samba 4 LDAP has been
> integrated into Samba and I suspect using it for other purposes is not
> intended, and maybe not even possible.  But maybe if Samba is not a
> controller LDAP isn't active?

No, LDAP has not been integrated into Samba, the ldap that comes with 
Samba4 is a specialised one, so that it can work as an AD DC, but it can 
be used similarly to OPENLDAP. However, you do not have to run Samba4 as 
an AD DC, it can still do everything that Samba3 could do, including 
using OPENLDAP ( I still wouldn't put the system users in LDAP)

Rowland

P.S. Just in case you didn't get it

*DO NOT PUT YOUR SYSTEM USERS INTO LDAP (or AD) LEAVE THEM WHERE THEY 
BELONG*

>
>
>> Did you meant you want your Linux machines can use centralized users
>> database? (Here you would plug your linux on AD)
>> Or did you meant you want to have another database with your own users
>> dedicated to Linux Boxes? (Here you would need a new AD domain or something
>> similar)
>>
> I'm not sure what the distinction is between your last 2 questions.  The
> users database would be centralized for my machines; it would not be
> centralized in some campus-wide database, e.g., AD.
> Ross

More information about the samba mailing list