-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I am looking for someone to help me with setting up a new network using Samba & OpenLDAP to operate as PDC. I know there are many people out there that have this working successfully, and would like to pick your brains to get it working quickly. It's a simple network of about 30-40 users with one office. At this point, I'm ready for copies of config files, ldif's, etc to get a working, stable environment. If anyone is willing to help with this, I'd really appreciate it. I've attached a long-winded description below, so if you make it to the end and feel you can help, but need more info, please get it touch. Thanks in advance. Dennis Pinckard Network Administrator Aegis Learning Group Here's the background: I am currently in the process of combining the networks of two merged companies, one with Windows 2000 AD and one that is peer-to-peer (Windows 2000, WinNT, Linux). The goal is to establish a Linux only server room. I've installed RedHat 7.2 and configured Samba 2.2.1a as a PDC in a new domain. I've successfully created an OpenLDAP repository for users and groups and Samba can authenticate from it via PAM. File shares, printer shares, and printer drivers have also been configured. I use Directory Administrator to create and edit the users/groups in LDAP. I've compiled a custom kernel to include LVM and XFS support (system started as Mandrake, but we've decided to standardize on RedHat). The box is a Dell 4100 single 1GHz processor with 512MB of ram and 220 GB of storage using LVM. A single 4GB hard drive holds the OS. I'm using XFS for most logical volumes so that users can manage permissions using Windows 2000's security tab in Explorer. I was just about ready to turn it on when I saw that 2.2.3a has the ability to store the smbpasswd info in LDAP directly. RedHat doesn't yet have a 2.2.3a for download, but I downloaded their RawHide version. Rebuilt it using the IdealX.com Samba2.2.2/LDAP PDC howto to include LDAP support. I also used the CVS version of IDEALX.com's scripts to create/manage users and groups in LDAP. I modified them somewhat to add an additional LDAP object class (inetOrgPerson, I think, don't have it in front of me, but it's the schema that includes mail, jpeg photo, etc. Directory Administrator uses these attributes) At that point things started getting wierd. Groups were no longer showing up on the Windows 2000 Pro workstation that I'd joined to the domain. Instead of group names, I'd get something like 'unix_group.nnnnnnnn' where nnnnnnnn is some number. I'd created about 7 or 8 unix groups that would control access to the various file systems (Finance, IT, Devel). Under 2.2.1a, I could see those groups in Windows and manage users and files easily. After about 2 days of fighting with 2.2.3, including downloading the source from a samba mirror and compiling that, I gave up and attempted to back down to 2.2.1a. Of course, there's no system backup, why would I backup a test system?! I do have the config files I used to set up the Mandrake and RedHat systems though. I uninstalled the samba rpms, deleted all samba config files, and deleted the LDAP databases. Then I reinstalled Samba from the RedHat RPMS, restore the smb.conf, and rebuild the LDAP database. But for some reason, I can only get "Domain Admins" to appear on the Windows 2000 Pro workstation. Password sync is also broken. I can change the SMB password just fine, but no luck with sync turned on. I've tried passwd and smbldap-passwd.sh but they both keep failing. Remember my user accounts are in LDAP. The server is configured via auth-config to use LDAP. Some extra bullet points that may or may not be relevant (my fingers are tired!) * We will use RedHat as the server OS (I know there are other excellent distro's, but the decision is made). * All desktops will be Windows 2000 Pro, joined to the domain. * System (root,etc) and service accounts (oracle, ArcServ, etc) will live in the /etc/passwd files for the various linux servers, User accounts will exist in LDAP. (Again, LDAP is a decision that's been made) * Home directories are shared via Samba and NFS so that users have one home directory no matter what machine they login on. * To ease management and updates, I would like to stay with stock RPMS as much as possible. Reconfigured and recompiled SRPMS are OK as well. As a last resort, I'll work with pure source. References I've used: http://IDEALX.com - Samba-2.2.2/LDAP PDC HOWTO and accompanying scripts Samba 2.2.x - Samba-LDAP-HOWTO Various LDAP Howto's and tutorials. -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPJtVpXBWGat9hZ87EQKpOACfWNN1o5hmaC+gVpd9hWOJNPiiEl4AmgIX CybdXaHBwWA656TeR9gWA+J0 =NHTW -----END PGP SIGNATURE-----