[Samba] We need help with a bug....smbldap-installer script (long)

David Trask dtrask at vcs.u52.k12.me.us
Mon Feb 7 03:54:10 GMT 2005

Craig White <craigwhite at azapple.com> on Sunday, February 6, 2005 at 9:57
PM +0000 wrote:
>I admire your efforts but would caution you...
>- doesn't make much sense to start programming a solution in which you
>don't have the map in front of you - i.e. a complete how-to, run through
>each step manually and you could even grab everything you did from the
>'history' command

The how-to is included in the package as documentation and is on the web
at http://web.vcs.u52.k12.me.us/linux/smbldap
>- the concept is interesting in that it attempts to promote the 'lesser
>skilled' into an actual working environment but of course, they won't be
>able to maintain it.

Why not?  Many folks on the K12OS list have been doing so for a couple
years now since my first how-to.  I've been using it for two years now and
I'm not nearly as skilled as you think.
>- if I had any quantity of users, I am sure I wouldn't use /home as base
>and thus would be editing /etc/default/useradd and adjust entries in my
>DSA accordingly

What do you consider a "quantity"?  I have 600 users and use /home....I'm
not sure where you're going with this...what's wrong with /home?  I use my
Samba/LDAP server for K12LTSP, Windows XP network, and Win 2003 Terminal
server network....works fine.  Although I will say that the newest version
of the smbldap-useradd-bulk script allows folks to get more specific about
the location of home dirs.  For example:  Mrs. Jones class can be located
in  /home/mrsjones/username   Also....don't confuse Matt's annoucement
about the useradd script as being what smbldap-installer is all about. 
The smbldap-useradd-bulk script is and add-on in addition to
smbldap-installer (which sets up the server).
>- there are so many other files that are involved / impacted by your
>scenario besides the obvious smbldap_conf.pm (or whatever it is called
>these days...I'm still on an older version). Files such
>as /etc/ldap.conf, /etc/nsswitch.conf, slapd.conf and I presume that you
>are going to have people hand edit them and they will pull their hair

No....the script fills in the values for you and copies the conf files to
the correct locations.  That's precisely what we're trying avoid.  Run the
script...answer the prompts...and voila!  You have a working Samba/LDAP
server.  We'll even take care of the exporting of /home for you if you
want.  It's one of the prompts.  And yes....the primary audience is not
the uber-geek, but rather the common IT guy employed by a school or a
small to mid-sized company.
>- I am firmly of the opinion that no one should be running LDAP if they
>can't easily use tools such as ldapmodify and ldapsearch - they can't
>troubleshoot. There is no shortcut on knowledge on this one.

I agree to some extent, but also feel that even newbies can use LDAP in a
low-mission-critical environment especially if they back up data.  I had a
Samba/LDAP server problem earlier this fall, but since I back up the /home
dirs to another server....I was able to easily rebuild the server....plug
the users back in....copy /home back over....rerun the user creation
script I use  to fix permissions and away we went without skipping a beat.
>- You're looking at everything in a vacuum, it's likely people are going
>to want their server to do things other than be a samba server.
>Integration with openldap - well if they don't understand it, it's going
>to present a real challenge.

I hear you, but what we're finding is that 90% of the people who asked for
and are using this script (it's been out for about three weeks)....are
folks like me....those who want to provide centralized authentication for
a mixed Linux, Windows, OS X network.  Mail is sometimes figured in, but
often not.
>- I can see the need for the type of thing you are trying to do but I
>think it has to almost be a distro in and of itself. Probably should
>have a perl program that is web accessible where it writes ALL of the
>config files out and not just populate the DSA. By all, I mean openldap,
>samba, bind, dhcp padl's nsswitch & ldap.conf, obviously the
>smbldap_conf files and of course, this is pretty much a one shot deal.

The script does write out the configs.  Most of the conf files are in the
templates directory....the script prompts for things like domain names,
passwords, etc.  And then writes the configs.  It also backs up your
current configs.  It doesn't do dhcp as that is done when you set up the

Thanks, but I hope folks will still help us try to get over the roaming
profiles issue.  Baby steps....let's start with this script and grow from

David N. Trask
Technology Teacher/Coordinator
Vassalboro Community School
dtrask at vcs.u52.k12.me.us

More information about the samba mailing list