[Samba] samba-ldap-debian

Wed Jul 16 17:52:45 GMT 2003

On Wed, 16 Jul 2003 17:56:48 +0200
Thomas Dewar <tdr at infobi.com> wrote:

Hi Thomas!

> I'm pretty new with all this ... but I know that you can configure
> samba with the ldap module by doing :
> ./configure --with-ldap
> But how do you proceed with apt from Debian as the only module which 
> concerns samba is :
> apt-get install samba.

To be precise: "samba" is not a module but a package (which depends on
other packages such as "samba-common" itself).

> it is probably a small silly question but thanx for your help
> anyway...

I'm currently writing a Debian-LDAP-HOWTO (will be available from my
homepage within the next weeks or so) with more thorough explanations
of how to do what and when - including Samba. Nevertheless, the answer
to your question boils down to something like:

Samba 2.2 can only one method at a time: keep the users in local flat
files (default) or keep them in an LDAP-tree. To change from one to the
other you have to recompile. Debian defaults to the default :) in this
case.

You need to get the Debian source packages for Samba:

Add sth. like the following to /etc/apt/sources.list
  deb-src http://ftp.de.debian.org/debian woody main contrib non-free

and run
  apt-get update
  mkdir ~/samba-source
  cd ~/samba-source
  apt-get source samba
  cd samba-2.2.3a
  vi debian/rules
    --> add "--with-ldapsam \" just before "--with-msdfs"
  dpkg-buildpackage

The last command will either build the packages or complain of some
build-dependencies you have to meet. "apt-get install" these packages
(it tells you) and run dpkg-buildpackage again.

  cd ..
  dpkg -i samba-common_2.2.3a-12_i386.deb samba_2.2.3a-12_i386.deb

You'll probabely also install smbclient, smbfs, samba-doc and whatever
else you might find useful.

Last but not least: set the packages to HOLD status (so that they won't
be replaced by Debian's packaging system with the next upgrade) and
_keep track of security issues_ yourself from now on (as the packages
won't be upgraded automatically).

Here are some add-ons:
Include /usr/share/doc/samba-doc/examples/examples/LDAP/samba.schema.gz
in your LDAP's configuration.

Run
  smbpasswd -w $LDAP_BINDPW
  [this password for smb.conf's option "ldap admin dn" is stored in
   /var/lib/samba/secrets.tdb]

/etc/samba/smb.conf:
  [global]
    # LDAP-stuff:
    ldap admin dn = cn=manager,dc=yourdomain,dc=net
    ldap server = ldap.yourdomain.net
    ldap suffix = ou=People,dc=yourdomain,dc=net
    ldap port = 636
    ldap ssl = on
    # last two options depend on your LDAP-server's capabilities...

Please, let me know if it worked (it did for me...), thanks.

Cheers,
Max

-- 
The first time any man's freedom is trodden on, we're all damaged.
                       <Cpt. Picard, "The Drumhead", StarTrek TNG>

http://homex.subnet.at/~max/