[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP - Samba

To: Terry Haley <terry_haley@DFCI.HARVARD.EDU>
Subject: Re: LDAP - Samba
From: Michael Ströder <michael@stroeder.com>
Date: Tue, 30 Dec 2008 10:17:34 +0100
Cc: openldap-technical@openldap.org
In-reply-to: <A0629C83-EA17-4F8F-9A56-95E3838AC34C@dfci.harvard.edu>
References: <A0629C83-EA17-4F8F-9A56-95E3838AC34C@dfci.harvard.edu>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.19) Gecko/20081204 SeaMonkey/1.1.14

Terry Haley wrote:
> I have a samba server acting as my PDC with an LDAP server used for
> authentication. Question #1: the password contained within the LDAP
> directory for my 'admin' account should = the 'rootpw' entry in
> slapd.conf correct?

I would create an extra service account for the Samba server and assign
appropriate ACLs. The rootdn circumvents all ACLs. Therefore in
production no LDAP client should use the rootdn as bind-DN.

> Question #2: the 'ldap admin dn' entry in my smb.conf file should equal
> the 'rootdn' entry in my slapd.conf file, afterwhich, this should be
> updated to samba using smbpasswd -w correct?

???

Isn't smbpasswd -w just for using this tool non-interactively?

> 
> Question #3: the 'admin users' entry within the smb.conf are the users
> that allow access to the domain correct?

This is a pure Samba question not related to the LDAP backend. Read
smb.conf(5). IMHO it's pretty clear in this regard.

Ciao, Michael.

References:
- LDAP - Samba
  - From: Terry Haley <terry_haley@DFCI.HARVARD.EDU>

Prev by Date: LDAP - Samba
Next by Date: Re: LDAP - Samba
Index(es):
- Chronological
- Thread