[Samba] Howto released: Using OpenLDAP on Debian Woody to serve Linux and Samba users

Markus Amersdorfer markus.amersdorfer at aon.at
Tue Aug 12 19:15:25 GMT 2003

On Tue, 12 Aug 2003 15:51:45 +0200
Buchan Milne <bgmilne at cae.co.za> wrote:

Hi Buchan!

> > I'd like to finally announce "version 1.0" of my (unofficial)
> > LDAP-Howto "Using OpenLDAP on Debian Woody to serve Linux and Samba
> > users": http://homex.subnet.at/~max/ldap/
> > I hope it may be of help to somebody.
> I notice that you do reference the mandrakesecure.net articles (since
> it's down, you may want to link to my personal copy, which may however
> be slightly out-of-date, my last edits were sent as diffs ... but is
> accessible here:
> http://ranger.dnsalias.com/samba-ldap-advanced.php

Thanks, I included the link in my doc...

> There are a number of issues I addressed which you missed (even though
> you pulled some things straight from it) ...
> - -it is possible to set it up that machine accounts are created on
> the fly, in fact it can be setup such that non-root users can do join
> machines and have accounts added, which is how we default on Mandrake
> (by good file permissions). It was not covered in detail, since the
> packages are setup to work out-the-box.

I tried this automatic user-creation as mentioned in
http://homex.subnet.at/~max/ldap/#samba-join-windows , but unfortunately
it didn't work in my case. Perhaps it's a Debian-package-problem,
perhaps it's Samba 2.2.3a, probably I did sth. wrong.
(While checking again, I may have found the error: according my log, I
seemed to use smbldap-tools' option "-g" but forgot to specify a "group"
the user account shall belong to. I'll try this again within the next
weeks or so...)

> - -you should not need to edit the files from migration-tools
> (http://ranger.dnsalias.com/samba-ldap-advanced.php#initldap)

Information added.

> - -I would seriously reccomend samba-2.2.8a over previous releases,
> since password changes from a BDC work (this only started working in
> 2.2.8 IIRC), but of course Debian doesn't have packages :-/

There _are_ Debian packages out there for Samba-2.2.8a, but these are
only from unofficial sources.
Most things I need work fine with 2.2.3a here currently, so I'll stick
to this version as e.g. security-updates are provided for it by Debian's
security team.

> Anyway, I think it would be better to improve the samba docs in
> respect to LDAP setup,

Though of course Samba in general is "large" and LDAP is "HUGE"
(concerning configurability, which might differ significantly from one
implementation to the next).
My biggest problem was not to get Samba working with LDAP, but to
understand LDAP and get _this_ part of the overall setup working


The first time any man's freedom is trodden on, we're all damaged.
                       <Cpt. Picard, "The Drumhead", StarTrek TNG>


More information about the samba mailing list