Fedora DS Support

Andrew Bartlett abartlet at samba.org
Wed Aug 12 15:56:03 MDT 2009

On Wed, 2009-08-12 at 12:28 -0400, Endi Sukma Dewata wrote:
> Hi Andrew,
> I was able to setup Samba master & replica mainly by following
> this procedure with a few changes:
> http://wiki.samba.org/index.php/Samba4/LDAP_Backend/Fedora_DS
> I have written the new procedure in an internal website, should
> I put it in Samba wiki page? If so I'd like to request a write
> access to the wiki page for user edewata.

Please do, you now have access.

> Basically the things that I had to fix were the schema mapping
> and the mmr.pl script, there is no code change. I'll send the
> patch for these fixes.


> The other issue about SID generation is still work-in-progress,
> the patch might be available in a few weeks.
> I'm not familiar with the automation for OpenLDAP setup, could
> you point me to the discussion/docs/code? These are the docs that
> I've seen:

See the long thread on this mailing list over the past few weeks:
'extended provision-backend'

> http://wiki.samba.org/index.php/Samba4/LDAP_Backend/OpenLDAP
> http://wiki.samba.org/index.php/Samba4/HOWTO/Ubuntu_Server_9.04
> For automating FDS setup, there are a few issues that I can think
> of right now:
> 1. The system:anonymous parameter needs to be inserted into smb.conf
>    which was created by hand.

No, the provision needs to correctly create a user with the right access
to authenticate via DIGEST-MD5 SASL

> 2. The provisioning only works from the source tree (at least when
>    I tried it) not from the installation tree.
> 3. The FDS setup-ds.pl doesn't read all parameters in fedorads.inf
>    if run silently. I had to run it interactively.

This will need to be fixed in Fedora DS.  

I'll also need a promise that you (or someone else in the Fedora DS
community) is willing to be the long-term maintainer of this code, and
it's associated mapping modules.  


Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090813/d0a3d431/attachment.pgp>

More information about the samba-technical mailing list