samba - Mar 2005 - Seeking Good Documentation for... (freebsd+ldap+samba(pdc)+kerberos)

... Setting up a Samba PDC with the following:

FreeBSD 5.3
Samba 3.0.x
OpenLDAP 2.2.x
Kerberos (Heimdal)

Would like LDAP to take care of both posixAccount(s) and 
sambaSamAccount(s). Posix account via nsswitch+pam_ldap.

Hope to find one complete documentation that describes this setup from 
scratch, start to finish. A Ports style install of all packages is fine 
but I can download, compile and install packages by hand if needed.

Problem I am currently having is that I can set up a kerberos server and 
an ldap server, access both and use ldap for authentication to both the 
system and samba. I can add users via smbpasswd and use those users (in 
ldap) to access shares. Where I run into problems is trying to add 
computers (Windows 2kPro) from the windows systems. Have tried much 
playing around at this point but am unable to figure out the 
configuration that allows for this.

I have been working from the O'Reilly LDAP book and various differing 
documentation I have found on the net. The O'Reilly book describes a 
Samba 2.x style samba.schema but I have moved to a 3.x samba.schema set 
up now as I attempt to learn this. My current Kerb/LDAP server is 
FreeBSD 5.3. The Samba PDC is Slackware 10 and it's lack of PAM support 
is possibly causing some issues but do not know for sure. I want to drop 
Slackware at this point and make the PDC FreeBSD 5.3 as well. I want to 
keep the Kerb/LDAP server separate from the PDC. I don't have the 
resources to separate the Kerberos and LDAP servers at this time.

I hope to have documentation that describes setting up the needed ldap 
containers and how to populate them. I have worked from the samba.org 
documentation too but found I got stuck at a few points. This 
documentation shows me ldif examples of how records should look but I 
didn't get a good idea of how to add these records. I didn't believe 
that copying those and ldapadd(ing) them would be best due to wrong data 
in fields such as sambaNTPassword and sambaLMPassword. Maybe I wasn't 
looking in the right places of the samba.org docs?

I hope this well describes what I am hoping to find. Thank you all in 
advance.

Chris

-- 

Number 41 Media Corporation
Suite 103 - 645 Fort Street
Victoria BC V8W 1G2

T 250.414.0410
F 250.414.0411

On Tue, 2005-03-01 at 15:43 -0800, Chris Lawder wrote:
> ... Setting up a Samba PDC with the following:
> 
> FreeBSD 5.3
> Samba 3.0.x
> OpenLDAP 2.2.x
> Kerberos (Heimdal)
Have you read:

https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap

Also, Howard Chu has a module in current OpenLDAP called smbk5pwd, which
was constructed to allow LDAP to 'set' all the different password types.
(Unfortunately I don't use it yet, despite being the person it was
constructed for...)

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20050302/460bbad4/attachment-0001.bin