[Samba] LDAP/Samba Groups question

Thu Apr 24 11:10:13 GMT 2003

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Date: Wed, 23 Apr 2003 10:29:01 -0500
> From: Chris McKeever <cgmckeever at prupref.com>
> To: "'Gerald (Jerry) Carter'" <jerry at samba.org>, "G. Armour Van Horn"
> <vanhorn at whidbey.com>
> Cc: samba at lists.samba.org
> Subject: RE: [Samba] LDAP/Samba Groups question
> Message-ID: <5F71B3C180C8D4119F3200B0D049A7AE01E72B61 at PRUPREF-MAIL>
> Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0
> Precedence: list Message: 22

> I am working on a similar installation.
> I found this great tutorial:  http://www.skippy.net/linux/smb-howto.html
>
> In addition, through research and talking to the above howto
contributer, I
> have decided to go with an LDAP authenticated SAMBA configuration.  One of
> the selling points for me was the unified local/samba accounts (whereas
> group membership and suthentication can be controlled from a single
> source)..in addition, LDAP seems to be a bit more versatile for plugging
> into other solutions down the road.
>
> Here is a small howto on LDAP that I was reference to:
> http://www.mandrakesecure.net/en/docs/ldap-auth.php
>
> If anyone would like to send some feedback as to other pro's and con's of
> either these methods (homogeneous samba/ldap authenticated samba) I am
sure
> others on the group would benefit and appreciate the help.
>
> I am trying to iron out some logistics, and the more information the
better
> for me right now.
>

BTW, Jim Collings and I have been working on follow-up articles to the
Mandrakesecure.net LDAP article. While they are not complete yet, I
think they would be of use to you.

Please don't advertise them beyond this list yet, but feedback is very
welcome. I am hoping to finish my one by early next week (I was delayed,
had to fix some problems in the openldap package for Mandrake 9.1 -
update will be coming, hopefully before my article).

We have been running Samba/LDAP in production for about 3 months. We
haven't tested joining machine on the BDC side of the WAN again, it
didn't work before, but I think it can easily be done, just haven't had
a chance to test it.

We use openldap replication (running slurpd in daemon mode), which
really works well, and mean updates happen almost immediately (a few
seconds, even over a wan connection). The use of ldap also allows you to
do things like disconnected but distributed unix-only authentication (we
have this working on our linux laptops).

This is the latest copy I have of Jim's article:
http://ranger.dnsalias.com/samba-ldap.html

This is the current version of mine:
http://ranger.dnsalias.com/samba-ldap-advanced.html

Mine mostly needs the smb.conf stuff for the BDC, and some coverage of
samba3+ldap and group mapping.

Regards,
Buchan

- --
|--------------Another happy Mandrake Club member--------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+p8YUrJK6UGDSBKcRAlofAKCEGUEpzmGONxluIxuZwxKIsSL65QCfd/94
6Gj4BuCNn44ud+IrwkhqE38=
=e3ip
-----END PGP SIGNATURE-----