Working LDAP smb.conf implimentations sought!

Kevin Myer kevin_myer at elanco.k12.pa.us
Wed Jun 23 01:22:58 GMT 1999 

Hi,

If anyone has the CVS HEAD code working with LDAP and has roaming
profiles, etc. enabled, I'd appreciate taking a look at your smb.conf
and/or the part of your LDAP tree that has the samba stuff in it.  I have
bits and pieces working here and there but not the whole thing yet and I'm
going to have to soon decide whether or not to scrap the whole project
because I've got a ton of stuff to do yet this summer.

I'd appreciate knowing what others have and haven't got working so I can
gauge how far along I am (i.e. am I stupid with some stuff or is everyone
else having problems with certain areas too).

Here is what I can do:

Login to a domain
View valid user and server accounts with User and Server Manager for
Domains respectively
Change passwords (via CTL-ALT-DEL)
Connect to Samba shares

Here is what I have yet to figure out or what doesn't work:
Any modifications in User Manager for Domains
Roaming profiles (it only wants to create them locally for some reason)
printing (haven't tried - don't care about it yet)


Quirks that I've found (hopefully someone may find these useful):

At least on my system, NT balked at having anything but 1f4 for the rid of
the Administrator account.

It also wanted:

Group:			RID:
Domain Admins		200
Domain Users		201
Domain Guests		202

If you are using the pam_ldap module, some parts of samba seem to do
lookups fine to an LDAP server, while other parts seem to only look at
/etc/passwd.  I haven't figured this one out yet - why some getpwnam()
calls work as I would expect them (with my pam_ldap and nss_ldap
configuration) and others don't. One that always seems to want to look at
/etc/passwd is the one used when creating a machine account with
smbpasswd.  More on this after I turn up debugging.

Its convenient to use an existing account tree on the LDAP server for
storing the Samba info but it gets a bit messy.  Moving everything to its
own tree works nicely but has created some problems for me - namely I now
have two uid=myer attributes and that breaks my pam_ldap login for some
reason.



Bottom line - this shows tremendous potential.  I hope I can get figured
out what I need to (or potential features/bug fixes get added) before I
run out of time this summer :)

Kevin

-- 
     ~        Kevin M. Myer
    . .       Network/System Administrator
    /V\       ELANCO School District
   // \
  /(   )\
   ^`~'^

More information about the samba-ntdom mailing list