Thanks Mike, What about migrating existing machine accounts to LDAP. Is there a script of some sort that will make life easier so I don't have to make the machines rejoin the domain? I have the old samba SID so I can change the new Samba server's SID to this.
Should I just go ahead and create an ldif file of current users, groups and machine accounts and plug them in that way? Darren On Tue, 2005-04-19 at 09:32, Michael MacIsaac wrote: > Darren, > > > I am wanting to have the *** new *** Samba server authenticate against > > an LDAP server on a different image? Is that possible or should I have > > both services (ldap, samba) on the same linux image? > > This is a tricky setup, but SLES9 makes it easier with OpenLDAP and yast > modules. First a disclaimer - I don't have this setup in production, I > just have hacked around with it to understand it. > > I would guess it would be better to have your Samba server separate from > your OpenLDAP server. If you do a default SLES9 install, then OpenLDAP is > installed and configured. If you then add users or groups throught yast, > they should go into LDAP and not into /etc/passwd, /etc/group. You should > be able to logon to that server using an LDAP user/password. > > Then install another SLES9 but choose "skip configuration" on the LDAP and > CA management screen. Rather, point the LDAP client to the first LDAP > server on the screen that follows. Now you should be able to logon to the > second server with the user ID/password defined on the first. > > Then configure Samba to use LDAP. The yast modules are very helpful here - > trying to do this manually via smb.conf and ldap.conf is fraught with > error. I spoke about this at the most recent SHARE. There are > presentations on http://linuxvm.org/present/ under SHARE 104 - session > numbers 9207 and 9206. When you have configured that, you should be able > to get Samba shares with both local users and LDAP users. > > "Mike MacIsaac" <[EMAIL PROTECTED]> (845) 433-7061 > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390