---------- Forwarded message ----------
Date: 19 Oct 2003 22:29:01 -0500
From: Chuck Stuettgen <cstuettgen@myrealbox.com>
To: John H Terpstra <jht@samba.org>
Cc: cstuettgen@myrealbox.com
Subject: Samba+e-Directory Working!
John,
I am sending this to you as my posts are still not making it to the list
and I have not heard from Martin Pool. Is he still the list admin?
Anyway,
I thought I would bring you up-to-date on my project to get Samba 2.2.8a
to use Novell's e-Directory 8.71 running on a NetWare 6.0SP3 server for
authentication.
The exciting news is; I have Samba+e-Directory authentication working!
I have been able to successfully authenticate 2 different e-Directory
user accounts to a Samba server and access a printer and the users
respective Samba home directories for saving files, using a Windows 2000
SP3 workstation.
The ONLY local Linux account on the Samba server (RH8) is the root
account.
At this point the users Samba home directory is not being created
automatically the first time the user connects to the Samba server,
however, as I mentioned in a earlier post, my goal is to setup dedicated
Samba print servers that require a user be authenticated before they can
print, so home directories are not a requirement for me.
But, if someone else needed auto-created home directories, I think it
might be able to be accomplished by utilizing the exec parameter. Or
maybe a mod to the samba file in /etc/pam.d/ such as this.
session required /lib/security/pam_mkhomedir.so skel=/etc/skel
umask=0077
Anyway, as in a Windows Domain, you must use LDAP to access e-Directory.
But, the really interesting part is, you do NOT need to create machine
accounts in e-Directory or import the samba schema into it.
I believe the key to getting Samba+e-Directory implemented is getting
Linux to use e-Directory first.
Here is a quick synopsis of the Samba configuration steps.
1. I had to rebuild the Samba-2.2.8a-2 RPM to include LDAP support.
2. I added these lines to the smb.conf #comments below some parameters.
ldap admin dn = cn=admin,o=context
#e-Directory context where users account reside
ldap server = ipaddress of server
ldap suffix = o=context
#same as above.
ldap port = 686
#I'm using SSL
ldap ssl = on
Make this change to a default setting
encrypt passwords = no
3. Execute smbpasswd -w adminpassword
Three really simple steps.
Over the next few days I will be putting together a more complete HOW-To
that will include all the steps necessary to get it working. Also, I
want to make sure this isn't a fluke and that I can repeat it, so I am
going to setup a second Redhat 8 Samba server from bare metal.
That is it for now.
--
Like the dinosaur, Windows on the desktop is destined to
become extinct...
Chuck Stuettgen cstuettgen@myrealbox.com
http://www.cfs-tech.homelinux.net