I'm having trouble wading through the various documents that only partially apply to my situation. I have an exsting LDAP instance providing NSS login data to my small group of linux machines. I want to also now provide domain logins against those user accounts. So far I have determined that I need to 1. add the samba schema to the directory 2. set the attribute access appropriately 3. add unix groups corresponding to the well known windows groups My immediate questions are 'what groups?' and 'do I add them to passwd or in the directory?'. If there is a document for this configuration, a pointer would help me out.
Adam Tauno Williams
2009-Mar-23 02:19 UTC
[Samba] integration with existing ldap directory
On Sun, 2009-03-22 at 19:58 -0400, jeff sacksteder wrote:> I'm having trouble wading through the various documents that only > partially apply to my situation. > I have an exsting LDAP instance providing NSS login data to my small > group of linux machines. I want to also now provide domain logins > against those user accounts. > So far I have determined that I need to > 1. add the samba schema to the directory > 2. set the attribute access appropriately > 3. add unix groups corresponding to the well known windows groupsThat is pretty much it.> My immediate questions are 'what groups?'You need to map the well-known domain groups.> and 'do I add them to passwd > or in the directory?'."passwd"? If NSS is working from LDAP you don't *need* anything in passwd/groups; the best solution is to configure a ldapsam:trusted yes setup.> If there is a document for this configuration, a pointer would help me out.<http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/> <http://us1.samba.org/samba/docs/man/Samba-Guide/> I'd avoid using any other documents as most are inaccurate or at best out-of-date. -- OpenGroupware developer: awilliam@whitemice.org <http://whitemiceconsulting.blogspot.com/> OpenGroupare & Cyrus IMAPd documenation @ <http://docs.opengroupware.org/Members/whitemice/wmogag/file_view>