ISC DHCP with ldap in AD?

Mon Mar 11 12:11:56 MDT 2013

Of course you can run OpenLdap, but if you use Samba4, you will have 2 
ldap servers to maintain. I don't think it's a good choice, having 
simple administratrion will always be best

Serge

Le 11/03/2013 17:38, Rowland Penny a écrit :
> On 11/03/13 15:05, Serge NOEL wrote:
>> Sorry, i made respond only, and not respond to all...
>>
>> for now, i have use ldbmodify wich require that your AD is down. 
>> Please consider that i am doing full tests on how to find the best 
>> way to manage AD. This is not the only way, but i use it, and it 
>> works...
>>
>> ldbmodify -H CN\=CONFIGURATION\,DC\=NET6A\,DC\=LAN.ldb 
>> /tmp/oc_provision_schema_modify.ldif --option "dsdb:schema update 
>> allowed"=true
>>
>> Think to adapt command for your needs :
>> ldbmodify -H *<path to your ldb file>* *<path to .ldif file>* 
>> --option "dsdb:schema update allowed"=true
>>
>>
>> I use it as it was the first test without complaining of bad 
>> login/password
>>
>> Please, keep me informed on your test...
>>
>> Serge
>>
>>
>>
>>
>> Hi,
>> Thank for your offer :-)
>>
>> It seems to me your message didn't go in the forum. Maybe it would be 
>> better to keep it on the forum so others can follow.
>>
>> Ok I 'm gonna give you bit more detail on my setup and my goals:
>>
>> We are moving from a samba3 NT domain through samba4 basicaly because 
>> of the end of XP and we want to be able to manage W7 machine using 
>> GPO. This part going very well.
>>
>> We were using openldap as a backend for samba3 domain, isc dhcp and 
>> bind dns. As our machine will now run samba4 will have to shutdown 
>> openldap.
>
> No you don't, bit of an overkill really, but you could run openldap on 
> port 3389 just for dhcp ;-)
>
> Rowland
>
>> The DNS got internal so no problem but we'd like to keep dhcp on ldap.
>>
>> So I think there is juste one step left for having this to work: 
>> extend the shema.
>>
>> Which ldap-utils tools? from samba4? from openldap?
>>
>>
>> 2013/3/11 Serge NOEL <serge.noel2008 at gmail.com 
>> <mailto:serge.noel2008 at gmail.com>>
>>
>>    Hello,
>>
>>    working on same things, but far at the begining, if your project is
>>    not too urgent, i can help you.
>>
>>    At first, note that Ldap doesn't have right schema definition, so
>>    you are right ; we have to extend the schema. I take a look on it
>>    and it's seems not so difficult.
>>    You have to gain a .ldif file schema and add it with ldap-utils 
>> tools.
>>
>>    Next, you have to inform isc-dhcp to use Ldap and place
>>    configurations data in the right place.
>>
>>    Notes
>>       you can't securise Dhcp server because actually, isc-dhcp use
>>    external file to store leases. (i am looking for a different server
>>    with this capability)
>>       you have to modify schema, wich presents some risks on production
>>    servers.
>>
>>    Hope it can help
>>    Serge
>>
>>
>>
>>
>>    Le 11/03/2013 13:39, Alexis a écrit :
>>
>>        Hi,
>>
>>        I would like to use samba AD as a backend for my ISC DHCP server.
>>        As anybody succeed in this?
>>
>>        I guess I should start with adding te openldap schema into the 
>> AD or
>>        something like that.
>>
>>        Is there a way to achieve this?
>>
>>
>>        Don't know from where to start I would appreciate any 
>> link/advice.
>>
>>        Thank you.
>>
>>
>>
>>
>
>