In addition to the instructions below, you must have complied the NSS_LDAP from
www.padl.com on your SAMBA PDC. I have written a how-to with instructions to
compile NSS_LDAP and an example smb.conf attached to this email. I got the
detailed directions from the "SAMBA 3 by example" at
http://us1.samba.org/samba/docs/man/Samba-Guide/
Good luck,
Pat
-----Original Message-----
From: samba-bounces+patrick.hoferer=ngc.com@lists.samba.org
[mailto:samba-bounces+patrick.hoferer=ngc.com@lists.samba.org]On Behalf
Of Manfred Odenstein
Sent: Monday, August 09, 2004 2:59 AM
To: samba@lists.samba.org
Subject: Re: [Samba] LDAP Idmap
Hi,
at least you have to specify:
idmap backend = ldap:ldap://<host>
idmap uid = 10000-20000
idmap gid = 10000-20000
ldap idmap suffix = <suffix>
ldap admin dn = <admindn>
ldap suffix = <suffix>
you don't have to change the nsswitch if winbind is already in there
regards
odi
Am Freitag, 6. August 2004 13:51 schrieb Shannon
Johnson:> Thanks for the quick response... but I've already been there.
>
> As I said, I'm NOT looking for an LDAP PDC... I'm ONLY looking for
LDAP
> idmap. There is no documentation on idealx.org for an LDAP idmap that
> does NOT include the PDC... nor is there much documentation anywhere
> else about it.
>
>
> ____________________________
>
> Shannon Johnson
> Network Support Specialist / Systems Administrator
> Dept. of Mechanical and Nuclear Engineering
> 224 Reber Building
> University Park, PA 16802
> Phone: (814) 865-8267
> ____________________________
>
> > -----Original Message-----
> > From: Christian.Wittmer@intercomponentware.com
> > [mailto:Christian.Wittmer@intercomponentware.com]
> > Sent: Friday, August 06, 2004 3:59 AM
> > To: Shannon Johnson; samba@lists.samba.org
> > Subject: Re: [Samba] LDAP Idmap
> >
> > "Shannon Johnson" <sjohnson@engr.psu.edu>
> > Sent by:
> > samba-bounces+christian.wittmer=intercomponentware.com@lists.samba.org
> > 05.08.2004 22:59
> >
> >
> > To: <samba@lists.samba.org>
> > cc:
> > Subject: [Samba] LDAP Idmap
> >
> > Hi shannon,
> >
> > a good start you'll find at www.idealx.org. There is a very good
docu
>
> on
>
> > how to setup samba3-LDAP.
> > If you then running into problems.
> > ask the list.
> >
> > Chris
> >
> >
> >
> > I'm having quite a bit of trouble getting an LDAP directory set up
for
> > the idmap backend for winbind. I've been working on it for quite a
> > while, and haven't found any very helpful websites or anything.
I've
> > found quite a bit on how to set up a PDC using LDAP, which would be
> > nice, but I already have the PDC... I just need LDAP to host UID's
and
> > GID's. The things I'd like to know are:
> >
> > 1. What should the rootdn, suffix, and indexes be in the
> > slapd.conf? I think that the rootdn needs to match what I put in the
> > smb.conf for the "ldap admin dn", and I'm fairly sure
the suffix needs
> > to match the "ldap suffix" from the smb.conf... I don't
have any idea
> > about the indexes.
> > 2. What needs to be in the ldif file to create the
>
> directory
>
> > properly? I've tried several that I've found online, both from
the
>
> Samba
>
> > 3 By Example book, and lots of forum / mailing list posts. I'm not
>
> sure
>
> > if what I've tried has been correct, but it hasn't worked yet,
and
>
> this
>
> > is one part I'm not sure about.
> > 3. I think that once I get the first 2 things worked
>
> out, I
>
> > just
> > set about 6 things in my smb.conf (ldap suffix, ldap admin dn, idmap
> > backend (which should point to ldap:ldap://127.0.0.1, if the server is
> > running on the same machine, right?), ldap idmap suffix, idmap uid,
>
> and
>
> > idmap gid), enter my password from the "smbpasswd -w"
command, and
>
> once
>
> > I restart winbind, it should automatically start filling up the
> > directory, right?
> > 4. Once I get the server going and filled up with
UID's
>
> and
>
> > GID's,
> > for the clients, am I correct in saying that I alter the smb.conf to
> > include the ldap suffix, ldap admin dn, idmap backend, ldap idmap
> > suffix, idmap uid, and idmap gid, then again enter my password via
> > smbpasswd -w, change /etc/nsswitch.conf to be "passwd files
ldap"
> > instead of "passwd files winbind", and it should work?
> >
> > This isn't documented very well anywhere, so I'd appreciate
any hints
>
> or
>
> > suggestions anybody might have...
> >
> > Shannon
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
