[Samba] New Samba 3.0 Schema

Collins, Kevin KCollins at nesbittengineering.com
Tue Jan 13 22:15:26 GMT 2004

I'm in the middle of a migration from Samba 2.2.7a to 3.0.  I'm trying to
create an LDAP enabled back-end like I had in 2.2.7a.

During my testing, I've discovered that I no longer can use the user account
information in the LDAP directory to gain Unix shell access as I had
previously.  This may be "by design", but I just want to make sure that I
didn't miss something.

I have done the following so far:

-Built the test server (RedHat Enterprise Linux ES 3.0)
-Installed Samba
-Installed OpenLDAP
-Dumped the previous LDAP directory to an LDIF file
-Used 'net rpc getsid' to extract the existing Domain SID
-Used 'convertSambaAccount' to translate the old LDAP info to new LDAP info
-Used 'slapadd' to import the new info in the LDAP directory
-Made changes to /etc/openldap/slapd.conf, /etc/openldap/ldap.conf,
/etc/ldap.conf to make the new LDAP directory available
-Made changes to /etc/pam.d/system-auth to allow the PAM access to the LDAP
-Ran "authconfig" to use LDAP as an authentication source
-Rebooted the server
-Tried to login using user account information in LDAP
-Login fails.

While this may not be a bad thing, I will need to discover how to re-enable
this for 3 of my 10 machines.

BTW, most of what I described above is covered in the IDEALX Samba+LDAP PDC
Howto.  If I'm looking in the wrong place, just let me know.

Kevin L. Collins, MCSE
Systems Manager
Nesbitt Engineering, Inc. 

More information about the samba mailing list