[Samba] My story installing Samba-LDAP PDC (it has a happy ending)

Beast indorama at rad.net.id
Thu Jan 15 05:54:25 GMT 2004


On Wed, 14 Jan 2004 22:13:11 -0400
Vegeta <lord.vegeta at ica.luz.ve> wrote:

Hi, tks for sharing. Better post in some web page so other can find it as reference. In fact, I was going to make 'working' and clean documentation to make samba work with ldap backend. I've try it many times and last week it seems i make a great movement, all features i've tested works!!.

However this week I've been try to create same environment but it only work once, so i can not claim that my setup will work any time (weird, eh?:-)

The key for adding machine trust (manualy or "on the fly") is in :
ldap filter = (uid=%u)

It also make ldap log 'pretty' :

filter="(&(uid=TBIRD$)(objectClass=sambaSamAccount))" 

not like before :

filter="(&(&(uid=administrator)(objectClass=sambaSamAccount))(objectClass=sambaSamAccount))"

 
But I need some clarification from samba team (Jerry?) whether we can use this filter without breaking any other functions or not, because they must be has strong reason using default filter.

However, this filter *solved* most of my problem, thanks!


For id map stuff, imo it did not necessary when not using winbind, since there's already clear mapping between unix uid and sid.

For administartor account, you need to have sid 500 and groupsid 512, this is what we have in NT (try using pwdump).

I'll try ou=computer and several other combination also (ie. base ou=site,dc=dom,dc=com) and let you know. Btw, 'drop in' replacement of existing NT domain is works for me (without needing to rejoin ws and using users old password).


--beast



More information about the samba mailing list