-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 11 Sep 2003, lskuo wrote:
> Because now before creating a samba account, one must
> create an unit account, right?
right!
> My goal is as follows:
>
> 1. Master LDAP (server A): responsible for the master copy
> of the account information
> 2. Slave LDAP (server B): synchronizing the database with
> the Master LDAP through LDAP's slurpd
> 3. Samba PDC server (server C): the option of the ldap
> server is pointed to server B.
sounds good, thats exactly what i've done here..
> Is it doable for current samba?
> I am using FreeBSD 5.0
no easy way..
first upgrade your system to FreeBSD-5.1 (this is the point in time where
FreeBSD starts supporting dynamic NSS modules. you need it because
nss_ldap is the way to get unix accounts out of an LDAP tree)
> If anyone knows how to do it, please instruct me in
> details. Thank you very much.
okay, i will try it.
1. install/upgrade your system to FreeBSD-5.1
2. use 'cvsup' to get the latest ports-tree \
(not necessary when using binary packages)
3. install openldap21 from ports (net/openldap21-server)
4. configure it
5. install nss_ldap from ports (net/nss_ldap)
6. configure nss_ldap and \
symlink '/usr/local/etc/ldap.[conf|secret]' to '/etc' \
because ist hardcoded in the nss module
7. create '/etc/nsswitch.conf' and insert the follwoing 3 lines:
- --snip
passwd: files [NOTFOUND=continue] ldap
group: files [NOTFOUND=continue] ldap
hosts: files dns
- --snap
8. install samba from ports (net/samba) it's samba-2.2.8a \
DON'T forget to pass 'WITH_LDAP=yes' to the 'make'
command
9. configure samba to use LDAP \
(read the Samba-HOWTO-Collection or 'man 5 smb.conf')
10. copy \
'/usr/ports/net/samba/work/samba-2.2.8a/examples/LDAP/samba.schema'
\
to '/usr/local/etc/openldap/schema/samba.schema' and include it in \
your '/usr/local/etc/openldap/slapd.conf'
11. add 'slapd_enable="YES"' to your '/etc/rc.conf'
12. add 'slurpd_enable="YES"' to your '/etc/rc.conf' \
(only on the LDAP Master / PDC)
13. start 'slapd' with '/usr/local/etc/rc.d/slapd.sh start'
14. add the main LDAP entries as mentioned in the OpenLDAP documentation
15. add account entries as mentioned in the Samba-HOWTO-Collection
16. check if FreeBSD recognizes the new added account(s) using 'id'
17. start samba with '/usr/local/etc/rc.d/samba.sh start'
18. try to connect from a windows machine and to join the domain
if everything is working you've finished the hard part..
for the LDAP Slaves / BDC's repeat step 1 to 11.
for the steps after 11 read the OpenLDAP doc's about replication and read
the Samba doc's about setting up an BDC
HINT: add 'local4.* /var/log/slapd.log' to '/etc/syslog.conf'
and restart
syslogd to see the 'slapd' log messages. don't forget to 'touch
/var/log/slapd.log'
and add '/var/log/slapd.log 640 7 * @T00 J' to
'/etc/newsyslog.conf' to
get the a new log for every day.
happy trying
keep on asking if you have further questions..
joerg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (FreeBSD)
iD8DBQE/YdOJSPOsGF+KA+MRAt1qAKDPoW2wBLYMuPAyMdBZLEE3TjgNpwCgmjny
Qql6BCXpy29RIU54w5BtfF4=TCur
-----END PGP SIGNATURE-----