[Date Prev][Date Next]
Unix auth via LDAP & now need to add Samba!
I'm quite new to LDAP/OpenLDAP and just starting with Samba :)
I've recently setup OpenLDAP 2.0.21, pam_ldap & nss_ldap and authenticate
Unix logins via LDAP. I only have the root account in both passwd (shadow)
and in LDAP. All other test 'user' accounts are in LDAP only.
I created a test base dn "o=local" and used Padl's base, passwd & group
migration scripts to build up the ldbm. I only keep the user accounts in
LDAP under ou=People. All system accounts remain in the passwd file. All
groups are in both the group file and LDAP under ou=Group.
Unix passwords in LDAP are 'crypt'ed and the cn=manager,o=local password
I have the Mandrake (8.2) Samba 2.2.3a RPM installed (it's not clear from
the changelog if it was built with LDAP support!) and want to start using
Right from the start I want Samba to authenticate via LDAP against the
existing People & Group ou's but am not sure how to integrate this.
I've read the info on samba.idealx.org and see, like Padl, that they also
provide some migration scripts (smbldap-tools) and a sample "Initial
Entries" LDIF that will setup various gids amongst other things.
The output from both Padl's and Idealx's migration scripts doesn't seem
straightforward to combine. Also, I'm not sure whether it's worth adding an
additional (Samba only) ou=Computers, as proposed by Idealx. Wouldn't it be
simpler to just stick with only ou=People & ou=Group?
I could proceed by;
a) manually adding Samba related objectClasses, etc. to the few test uid's
under ou=People and adding necessary Samba groups to ou=Group or;
b) delete my ldbm and start again using only Idealx's migration scripts or;
c) another way suggested by you gurus ;-)
For a) above I'm not sure what to add manually so I'd need help or pointers
to a good resource.
Also, is there a good resource to help with setting up correct ACL's in
slapd.conf for a Unix/Samba account authentication based OpenLDAP?
Once all is setup correctly, I will test the "Directory administrator"
program ( http://diradmin.open-it.org/index.php ) and hopefully use it to
create a new user template(s) to ease the process of adding combined
Unix/Samba accounts into LDAP in the future.
FYI, I'm not familiar with shell scripting (just bought a book which has a
shell scripting chapter :) ).
Sorry if I've posed too many questions. I'm most interested in feedback
about combining integrated Unix/Samba account authentication into OpenLDAP.
P.S. It would be nice if Webmin could administer pam_ldap'ed Unix & Samba
accounts. Guess I'd better drop them a suggestion ;-)
Send and receive Hotmail on your mobile device: http://mobile.msn.com