ISC DHCP with ldap in AD?
Serge NOEL
serge.noel2008 at gmail.com
Mon Mar 11 12:11:56 MDT 2013
Of course you can run OpenLdap, but if you use Samba4, you will have 2
ldap servers to maintain. I don't think it's a good choice, having
simple administratrion will always be best
Serge
Le 11/03/2013 17:38, Rowland Penny a écrit :
> On 11/03/13 15:05, Serge NOEL wrote:
>> Sorry, i made respond only, and not respond to all...
>>
>> for now, i have use ldbmodify wich require that your AD is down.
>> Please consider that i am doing full tests on how to find the best
>> way to manage AD. This is not the only way, but i use it, and it
>> works...
>>
>> ldbmodify -H CN\=CONFIGURATION\,DC\=NET6A\,DC\=LAN.ldb
>> /tmp/oc_provision_schema_modify.ldif --option "dsdb:schema update
>> allowed"=true
>>
>> Think to adapt command for your needs :
>> ldbmodify -H *<path to your ldb file>* *<path to .ldif file>*
>> --option "dsdb:schema update allowed"=true
>>
>>
>> I use it as it was the first test without complaining of bad
>> login/password
>>
>> Please, keep me informed on your test...
>>
>> Serge
>>
>>
>>
>>
>> Hi,
>> Thank for your offer :-)
>>
>> It seems to me your message didn't go in the forum. Maybe it would be
>> better to keep it on the forum so others can follow.
>>
>> Ok I 'm gonna give you bit more detail on my setup and my goals:
>>
>> We are moving from a samba3 NT domain through samba4 basicaly because
>> of the end of XP and we want to be able to manage W7 machine using
>> GPO. This part going very well.
>>
>> We were using openldap as a backend for samba3 domain, isc dhcp and
>> bind dns. As our machine will now run samba4 will have to shutdown
>> openldap.
>
> No you don't, bit of an overkill really, but you could run openldap on
> port 3389 just for dhcp ;-)
>
> Rowland
>
>> The DNS got internal so no problem but we'd like to keep dhcp on ldap.
>>
>> So I think there is juste one step left for having this to work:
>> extend the shema.
>>
>> Which ldap-utils tools? from samba4? from openldap?
>>
>>
>> 2013/3/11 Serge NOEL <serge.noel2008 at gmail.com
>> <mailto:serge.noel2008 at gmail.com>>
>>
>> Hello,
>>
>> working on same things, but far at the begining, if your project is
>> not too urgent, i can help you.
>>
>> At first, note that Ldap doesn't have right schema definition, so
>> you are right ; we have to extend the schema. I take a look on it
>> and it's seems not so difficult.
>> You have to gain a .ldif file schema and add it with ldap-utils
>> tools.
>>
>> Next, you have to inform isc-dhcp to use Ldap and place
>> configurations data in the right place.
>>
>> Notes
>> you can't securise Dhcp server because actually, isc-dhcp use
>> external file to store leases. (i am looking for a different server
>> with this capability)
>> you have to modify schema, wich presents some risks on production
>> servers.
>>
>> Hope it can help
>> Serge
>>
>>
>>
>>
>> Le 11/03/2013 13:39, Alexis a écrit :
>>
>> Hi,
>>
>> I would like to use samba AD as a backend for my ISC DHCP server.
>> As anybody succeed in this?
>>
>> I guess I should start with adding te openldap schema into the
>> AD or
>> something like that.
>>
>> Is there a way to achieve this?
>>
>>
>> Don't know from where to start I would appreciate any
>> link/advice.
>>
>> Thank you.
>>
>>
>>
>>
>
>
More information about the samba-technical
mailing list