[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Samba+LDAP+PDC

Jason Williams wrote:
Hello everyone.

Well, I have been working very hard lately, trying to get a server up to act as our Samba PDC with LDAP. So far, everything seems to be working well. I've been able to get samba 2.2.8 and openldap 2.0.27 installed with no problems. I've setup my config files (ldap.conf, slapd.conf, smb.conf) as well as added some initial entries to the LDAP directory.

I've been able to add a user to the directory and set the password for that user.

This is where I wanted to ask some questions:

Now, let me try and explain what I want to do:

As it is now, our network is setup in a workgroup, with 30+ users. I want all of our users to be able to join the Domain/Samba PDC. They will not be using roaming profiles, just login to their workstation into the Domain.

What I am trying to understand is the best way to go about adding my users to the domain as well as authenticating against the domain. It may seem vague, but im a little confused here myself.

I thought i'd post some of my initial entries and go from there. Here goes:

# mycompany, com
dn: dc=mycompany,dc=com
objectClass: top
objectClass: domain
dc: mycompany
description: mycompany comanization

# Groups, mycompany, com
dn: ou=Groups,dc=mycompany,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Groups
description: System Groups

# Users, mycompany, com
dn: ou=Users,dc=mycompany,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Users
description: Users of the comanization

# Computers, mycompany, com
dn: ou=Computers,dc=mycompany,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Computers
description: Windows Domain Computers

# Domain Admins, Groups, mycompany, com
dn: cn=Domain Admins,ou=Groups,dc=mycompany,dc=com
objectClass: posixGroup
gidNumber: 200
cn: Domain Admins
memberUid: administrator
description: Windows Domain users

# Domain Users, Groups, mycompany, com
dn: cn=Domain Users,ou=Groups,dc=mycompany,dc=com
objectClass: posixGroup
gidNumber: 201
cn: Domain Users
description: Windows Domain Users

# Administrators, Groups, mycompany, com
dn: cn=Administrators,ou=Groups,dc=mycompany,dc=com
objectClass: posixGroup
gidNumber: 220
cn: Administrators
description: Windows Domain Members can administer the computer and Domain

That is just some initial entries. Here is what I have questions about:

I am going to have about 3-4 groups. For instance, officers, processors and admin.
Now, I need to add my users to the PDC. From what I have read, not only do I need to add my users to the PDC, but a machine/computer account as well, correct?


So, my question is what is the best way to add my users to the PDC and their machine accounts?

the machine accounts can be created automatically when they join the domain, for the user accounts i'd suggest the smbldap-tools from http://samba.idealx.org or your own-cooked-perl-scripts...

Secondly, as you can see in my LDAP directory above, I have some initial entires. I am unclear as how to add my users to the server and LDAP and make sure they go into the correct group and correct part of the LDAP Directory. That make sense? For example, if I have a user named Todd that needs to go into the group "officers" how would I go about doing that?

adding objectClass posixGroup and using Attribute "memberUid" for the user todd. (exactly specifying the uid of the user as value of the attribute memberUid)

Lastly, (for now :) ) when I go around to my Windows 2000 workstations to have my users join the domain, from some prior testing, once I change it from a workgroup to a domain, a username and password box will pop up. What username and password must I use here? Is it what I have specified in my slapd.conf and smb.conf: "cn=Manager,dc=company,dc=com"

you have an objectClass "sambaAccount" which has an uid (=username) and two password strings (lmPassword for win9x and ntPassword for nt/2k/xp). these two are used for authentication.

I appreciate everyone's help.

Thank you!


take a look at the documentation at http://samba.idealx.org/ and google. and probably switching to the samba-list would be helpful ;)

          \\\ ||| ///                               _\=/_
           (  @ @  )                                (o o)
| Markus Schabel      TGM - Die Schule der Technik   www.tgm.ac.at |
| IT-Service          A-1200 Wien, Wexstrasse 19-23  net.tgm.ac.at |
| markus.schabel@tgm.ac.at                   Tel.: +43(1)33126/316 |
| markus.schabel@members.fsf.org             Fax.: +43(1)33126/154 |
| FSF Associate Member #597, Linux User #259595 (counter.li.org)   |
|        oOOo        Yet Another Spam Trap:     oOOo               |
|       (    )    oOOo    yast@tgm.ac.at       (   )     oOOo      |
+--------\  (----(   )--------------------------\ ( -----(   )-----+
          \_)     ) /                            \_)      ) /
                 (_/                                     (_/

Computers are like airconditioners:
  They stop working properly if you open windows.