Matteo Rosati
2007-May-23 15:31 UTC
[Samba] Samba PDC on a read-only (and not configurable) LDAP server
hi everybody, after an enoormous googling (event in the samba mailing list archive) i decided to subscribe to this ML since i can't find any solution to my problems. here is the situation. i work in an university and here we have a laboratory with more or less 20 windows XP computers. our server is equipped with slackware 9 and samba 3.0.1 (working as a PDC). users are stored *locally* in the /etc/smbpasswd file, and this password file is synchronized once a week with a file provided by secretariat, and a perl script, so every week we have reliable informations about our students. now, we want to change this system (obsolete), and the central administration has given us the possibility to connect via LDAP to their databases. we CANNOT modify the ldap entries and the configuration files, and we cannot isert the samba schemas into the ldap. in other words, we cannot touch in any way the ldap server. we only have full access to our server with samba, and we would like to connect to ldap so our users can do the login. do you have any suggestions? i am going crazy, i have no more ideas... some details: here is a sample output of ldapsearch: ------------------------------------------------------- # ldapsearch -LLL -h host.university.it -x -b ou=Studenti,ou=Account,o=unive.it dn: ou=Studenti, ou=Account, o=unive.it ou: Studenti objectClass: top objectClass: organizationalUnit dn: uid=000114,ou=Studenti,ou=Account,o=unive.it objectClass: top objectClass: inetOrgPerson objectClass: posixAccount uid: 000114 gidNumber: 503 homeDirectory: /home/000114 uidNumber: 4800114 loginShell: /bin/bash ou: 11 givenName: XXXXX XXXXXX sn: XXXXX cn: XXXXX XXXXXX departmentNumber: F08 ... ------------------------------------------------------- as you can see, the password is not visible... THANKS!!! (and sorry for my horrible english) -- Matteo Rosati Web: http://wwwstud.dsi.unive.it/~mrosati PGP: http://wwwstud.dsi.unive.it/~mrosati/pgp.html GNU/Linux registered user #398557
Wolfgang Ratzka
2007-May-23 15:55 UTC
[Samba] Samba PDC on a read-only (and not configurable) LDAP server
Matteo Rosati wrote: (...)> now, we want to change this system (obsolete), and the central > administration has given us the possibility to connect via LDAP to > their databases. > we CANNOT modify the ldap entries and the configuration files, and we > cannot isert the samba schemas into the ldap. in other words, we > cannot touch in any way the ldap server. we only have full access to > our server with samba, and we would like to connect to ldap so our > users can do the login. > > do you have any suggestions? > i am going crazy, i have no more ideas... >If you want to build a *real* PDC, your only chance is setting up your own LDAP-Server and somehow sync that to the central LDAP. In principle this is not much different to what you are doing now with your /etc/smbpasswd and the files distributed once a week, but on a technologically advanced level ;-). -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany