Hello all, I'm new to OpenLDAP and a moderate Samba admin. My nights became not so good while trying to get running OpenLDAP + Samba as PDC on a Slackware 12.1 server... Well, the scenario is: I have a functional and already running OpenLDAP base that provides login for users on Web apps. My actual PDC is an old MS NT4 Server. I'm using the default Samba (v. 3.0.28a) installed by Slackware 12.1 distro. Samba (configured as PDC) and OpenLDAP (v. 2.4.11) are on the same server. Questions: 1. There is a way to populate Samba (users, groups) with the OpenLDAP base? 2. It's really needed to get users at: linux local system, samba and openldap? Where's is the "single sign on" idea in this case? Thanks for suggestions, Jo?o Ferreira
The project "smbldap-tools", designed to manager user and groups stored on Ldap Look here for more information: https://gna.org/projects/smbldap-tools/ Reggards, Iarly Selbir On Wed, Oct 8, 2008 at 1:35 PM, Joao Amancio <jjamancio@gmail.com> wrote:> Hello all, > > I'm new to OpenLDAP and a moderate Samba admin. > My nights became not so good while trying to get running OpenLDAP + Samba > as > PDC on a Slackware 12.1 server... > Well, the scenario is: > > I have a functional and already running OpenLDAP base that provides login > for users on Web apps. > My actual PDC is an old MS NT4 Server. > > I'm using the default Samba (v. 3.0.28a) installed by Slackware 12.1 > distro. > Samba (configured as PDC) and OpenLDAP (v. 2.4.11) are on the same server. > > Questions: > > > 1. There is a way to populate Samba (users, groups) with the OpenLDAP > base? > 2. It's really needed to get users at: linux local system, samba and > openldap? Where's is the "single sign on" idea in this case? > > > Thanks for suggestions, > Jo?o Ferreira > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >
Joao Amancio a ?crit :> Questions: > > > 1. There is a way to populate Samba (users, groups) with the OpenLDAP > base?If you already have your users in your base, you just have to add additional classes and attributes to them.> 2. It's really needed to get users at: linux local system, samba and > openldap? Where's is the "single sign on" idea in this case?The single sign on idea is exactly the opposite: make all your users LDAP entries members of posixAccount and sambaSamAccount classes. And use smbkrb5 overlay to ensure password sync. You'd better start having a correctly configured linux user base in OpenLDAP first. Then configure samba to also, and run 'smbpasswd -a' for each of your users to add sambaSamAccount attributes to them, as well as initialising their windows password. -- Guillaume Rousse Moyens Informatiques - INRIA Futurs Tel: 01 69 35 69 62
Joao Amancio wrote:> > 1. There is a way to populate Samba (users, groups) with the OpenLDAP > base?1) smbldap-tools 2) lam> 2. It's really needed to get users at: linux local system, samba and > openldap? Where's is the "single sign on" idea in this case?No need. Im use only LDAP users. Its makes via "nss_ldap" program and editing your nsswitch.conf to work with ldap. That is how it work on my PDC: %cat /etc/nsswitch.conf group: files ldap hosts: files dns networks: files passwd: files ldap shadow: files ldap shells: files grep -v # /usr/local/etc/nss_ldap.conf | egrep -v '^$' host 127.0.0.1 base ou=Samba,dc=domain,dc=org ldap_version 3 binddn cn=root,dc=domain,dc=org bindpw secret rootbinddn cn=root,dc=domain,dc=org port 389 scope one timelimit 30 bind_timelimit 30 bind_policy soft nss_connect_policy persist idle_timelimit 3600 nss_paged_results yes pagesize 1000 pam_login_attribute uid pam_password crypt nss_base_group ou=Groups,ou=Samba,dc=domain,dc=org?one nss_base_passwd ou=Users,ou=Samba,dc=domain,dc=org?one nss_base_passwd ou=Computers,ou=Samba,dc=domain,dc=org?one nss_base_hosts ou=Computers,ou=Samba,dc=domain,dc=org?one nss_base_shadow ou=Users,ou=Samba,dc=domain,dc=org?one -- Best regards, Proskurin Kirill