Re: The Openldap-2.2.X and Samba-3.0.X Howto

[Diego Julian Remolina <dijuremo@math.gatech.edu>]

Hi,

I am not very familiar with the smbldap-tools.  I also do not know if it
is possible to do sasl auths from the smbtools as opposed to keep your
plaintext password embedded in some configuration file.  Those are the two
reasons why I have not talked about smbldap-tools yet.  My current ldap
ACL configuration should only allow the uid=Sambaroot to add samba attributes
to ldap. It should not allow uid=Sambaroot to remove any entries from the
database.  That is why I mention that we have our own account scripts that
add/remove unix accounts to ldap and later on we use smbpasswd to add the
required samba attributes.

When I have some free time I will learn how to use the smbldap-tools and
see if that will be a good adition to our setup and the howto.

I will also test without the signorseal reg hack and remove it from the
howto when I confirm it works for me.  Since I do all my Windows XP
installs in unattended mode, that registry hack goes in by default, so i
need to check on a machine without the hack just to be sure ;).

Thanks for the suggestions,

Diego

On Thu, 11 Mar 2004, Buchan Milne wrote:

> On Thu, 11 Mar 2004, Diego Julian Remolina wrote:
>
> > I have created this howto which includes all steps from downloading up to
> > configuring an openldap (with gssapi auths) and samba servers (The process
> > includes how to build Berkeley db, Heimdal, Cyrus Sasl and your own Certificate
> > Authority).  I hope it is usefull to the comunity.
> >
> > http://www.math.gatech.edu/~dijuremo/ldap/
> >
> > If you have any suggestions or find any errors please let me know.
>
> With samba-3.0.x you should not need the signorseal reg hack.
>
> You should also mention smbldap-tools (for completeness).
>
> Regards,
> Buchan
>