[Samba] Samba 3.0 + LDAP as PDC

John H Terpstra jht at samba.org
Fri Sep 26 01:12:36 GMT 2003

On Thu, 25 Sep 2003, Cybr0t McWhulf wrote:

> At the risk of having my inbox flooded with another 10,000 Emails from
> "Microsoft" proporting the "latest security update"..
> Now that smb3.0 is out and about, I'd really like to use it for
> authenticating windows users / PDC  (With BDC in the plans)
> My problem is that there seems to be little to zero up to date
> documentation on how to integrate Samba and LDAP, the most I found were a
> couple oddball newsgroup postings and a "Samba 2.2.4/LDAP PDC howto" which
> is well over a year old.

How much homework did you do? Did you read the Samba-HOWTO-Collection.pdf
that is part of the Samba-3.0.0 tarball. Its in the ~samba/docs directory
and a little hard to miss! Oh, should also say that it has grown up a
little since Samba-2.2.x (up from 88 pages to 462 pages).

While I'm on the subject, the HOWTO is being published by Prentice Hall as
"The Official Samba-3 HOWTO and REference Guide", and it is 732 pages.
There is a little more in there than in the document that is in the Samba
CVS tree.

PS: We went to a LOT of trouble to put out half decent information. Please
let us know what we might have missed. That way we can get it in for the
next major update.

> I have a working LDAP userstore authenticating linux/unix logons and
> freeradius.  Samba is the last bit in a month-long project for centralized
> authentication (due mid-next month *eep*)

I hope you find what you are looking for.

> In my latest exploits I got as far as authenticating users for share
> access, (and ldap password sync, yay!) but I was unable to add machines
> to the domain, which may be a group mapping issue (What was so bad about
> "domain admin group"? :( )

Now you can map any UNIX group you want to an NT Domain Group. Is that
worse than "domain admin group"?

> I'm really just looking for some decent-recent (nearly idiot proof ;) )
> instructions on how to accomplish this.

Let me see ... Hmmm. Nah, I'll resist the jest! Let me know if the HOWTO
is as hopeless as it could be! After all, I wrote most of it with the
lights out. :))))

> Thanks alot to anyone able to help,
> "life saver" isn't the right term, but it's the first that comes to mind.

- John T.
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list