I'm in the middle of a migration from Samba 2.2.7a to 3.0. I'm trying
to
create an LDAP enabled back-end like I had in 2.2.7a.
During my testing, I've discovered that I no longer can use the user account
information in the LDAP directory to gain Unix shell access as I had
previously. This may be "by design", but I just want to make sure
that I
didn't miss something.
I have done the following so far:
-Built the test server (RedHat Enterprise Linux ES 3.0)
-Installed Samba
-Installed OpenLDAP
-Dumped the previous LDAP directory to an LDIF file
-Used 'net rpc getsid' to extract the existing Domain SID
-Used 'convertSambaAccount' to translate the old LDAP info to new LDAP
info
-Used 'slapadd' to import the new info in the LDAP directory
-Made changes to /etc/openldap/slapd.conf, /etc/openldap/ldap.conf,
/etc/ldap.conf to make the new LDAP directory available
-Made changes to /etc/pam.d/system-auth to allow the PAM access to the LDAP
directory
-Ran "authconfig" to use LDAP as an authentication source
-Rebooted the server
-Tried to login using user account information in LDAP
-Login fails.
While this may not be a bad thing, I will need to discover how to re-enable
this for 3 of my 10 machines.
BTW, most of what I described above is covered in the IDEALX Samba+LDAP PDC
Howto. If I'm looking in the wrong place, just let me know.
Thanks,
--
Kevin L. Collins, MCSE
Systems Manager
Nesbitt Engineering, Inc.
