[Samba] smb-ldap or not to smb-ldap

Antony Gelberg antony at wayforth.co.uk
Sat Apr 1 11:56:38 GMT 2006


[Sorry for my previous empty post, lost it for a second.]

Craig White wrote:
> On Fri, 2006-03-31 at 16:30 +0100, Antony Gelberg wrote:
> 
>>Hi all,
>>
>>We are deploying a Linux server and desktops for a customer.  We will
>>have the users and groups in LDAP on the server, and files shared via NFS.
>>
>>However, one never knows if Windows desktops will be needed in the
>>future.  Is it a good idea to add users with smb-ldap even if samba is
>>not initially used, as adding the samba attributes to an existing LDAP
>>database is painful, and the smb-ldap created users will have the
>>relevant POSIX credentials to be able to login anyway?
> 
> ----
> It would seem to me that a successful LDAP implementation is going to
> have an administrator who can script changes to the users attributes
> when necessary, otherwise, it's not just a down the road implementation
> of samba that will make things difficult.
> 
> My thinking is that time spent now to acquire skill sets is better than
> spending time to configure an imagined samba implementation which may
> happen down the road.

You're right, but time is not always that easy to come by and
smbldap-tools is a real time-saver, being so powerful.

> That being said, it probably won't hurt anything to implement
> smbldap-tools but consider that the real issue is the tool sets you use
> to create/modify existing users outside of the samba realm must all
> anticipate the samba schema because the smbldap-tools are for samba
> based tools.

There is no requirement to have users who aren't part of the samba realm
i.e. with POSIX login only, so we can always use the smbldap-tools
toolset.  Or did I misunderstand your point?



More information about the samba mailing list