Réf. : Re: [Samba] Samba 3.0 + LDAP as PDC

stephane.purnelle at corman.be stephane.purnelle at corman.be
Fri Sep 26 13:43:27 GMT 2003


-----------------------------------
Stéphane PURNELLE                         stephane.purnelle at corman.be
Service Informatique       Corman S.A.           Tel : 00 32 087/342467


                                                                                                                                                     
                    John H Terpstra <jht at samba.org>                                                                                                  
                    Envoyé par :                                           Pour :  Cybr0t McWhulf <cybre at killcybre.org>                              
                    samba-bounces+stephane.purnelle=corman.be at lists        cc :    samba at lists.samba.org                                             
                    .samba.org                                             Objet :      Re: [Samba] Samba 3.0 + LDAP as PDC                          
                                                                                                                                                     
                                                                                                                                                     
                    26/09/03 03:12                                                                                                                   
                                                                                                                                                     
                                                                                                                                                     




On Thu, 25 Sep 2003, Cybr0t McWhulf wrote:

> At the risk of having my inbox flooded with another 10,000 Emails from
> "Microsoft" proporting the "latest security update"..
>
> Now that smb3.0 is out and about, I'd really like to use it for
> authenticating windows users / PDC  (With BDC in the plans)
>
> My problem is that there seems to be little to zero up to date
> documentation on how to integrate Samba and LDAP, the most I found were a
> couple oddball newsgroup postings and a "Samba 2.2.4/LDAP PDC howto"
which
> is well over a year old.

This howto is for samba 2.2.x, not for 3.0.0.
You can use this howto only for UNIX LDAP authentification (howto configure
nsswitch.conf, ldap.conf, system-auth.conf), for the LDAP-SAMBA PART, you
must read the samba-howto-collection avainlable with the tarball.


John : the howto "Samba 2.2.4/LDAP PDC howto" can be downloaded here :
http://www.linuxplusvalue.be/download/samba-ldap-howto.pdf

The difference between your system for unix auth and the system proposed by
this howto is the source
of authentification : your howto say samba-auth (samba-pam), and the other
howto say ldap-auth (ldap-pam).

Are you understand ?




How much homework did you do? Did you read the Samba-HOWTO-Collection.pdf
that is part of the Samba-3.0.0 tarball. Its in the ~samba/docs directory
and a little hard to miss! Oh, should also say that it has grown up a
little since Samba-2.2.x (up from 88 pages to 462 pages).

While I'm on the subject, the HOWTO is being published by Prentice Hall as
"The Official Samba-3 HOWTO and REference Guide", and it is 732 pages.
There is a little more in there than in the document that is in the Samba
CVS tree.

PS: We went to a LOT of trouble to put out half decent information. Please
let us know what we might have missed. That way we can get it in for the
next major update.

> I have a working LDAP userstore authenticating linux/unix logons and
> freeradius.  Samba is the last bit in a month-long project for
centralized
> authentication (due mid-next month *eep*)

I hope you find what you are looking for.

> In my latest exploits I got as far as authenticating users for share
> access, (and ldap password sync, yay!) but I was unable to add machines
> to the domain, which may be a group mapping issue (What was so bad about
> "domain admin group"? :( )

Now you can map any UNIX group you want to an NT Domain Group. Is that
worse than "domain admin group"?

> I'm really just looking for some decent-recent (nearly idiot proof ;) )
> instructions on how to accomplish this.

Let me see ... Hmmm. Nah, I'll resist the jest! Let me know if the HOWTO
is as hopeless as it could be! After all, I wrote most of it with the
lights out. :))))

> Thanks alot to anyone able to help,
> "life saver" isn't the right term, but it's the first that comes to mind.


- John T.
--
John H Terpstra
Email: jht at samba.org
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba







More information about the samba mailing list