Here are my configs for RedHat 7.2. I also have them for Mandrake 8.2.
If you want, read them and we can later discuss portions you don't understand. There's a bunch of howto's out there on doing this. Look for: Samba+LDAP-Howto: (Samba docs) Winbind-Howto: (Samba docs) LDAP-Auth-Howto http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP-BindPW.html There may (likely, are) others, but this is one off the top of my head PAM-Docs It works like this: 1) Configure your Linux to do LDAP authentication (using nss_ldap, pam_ldap from http://www.padl.com). Configuration files (/etc/ldap.conf) are enclosed. 2) Configure Samba (at compile time) to have LDAPSAM backend, to use PAM for password synchronization, and "unix password sync = yes", "pam password change = yes" in smb.conf 3) Configure Samba to share the user database with the Linux user database. This achieves storing user information in the same LDAP record for both Samba stuff and Linux (posix) stuff 4) Configure Samba as a PDC 5) set up the PAM module config for samba to do password changes using all necessary modules EXCEPT the Samba modules (obviously, since samba itself would take care of this) 6) Set up the regular password change mechanisms (non-samba) to synch with all the necessary modules including the samba module. 7) Set up SSL certificates as necessary. 8) Gloat to your friends about your setup! ;) Key files to look at: init.ldif -> Used to initialize the LDAP tree (if not already done) etc/ldap.conf etc/nsswitch.conf etc/smb-{pdc,client}.conf etc/openldap/slapd.conf etc/pam.d/password etc/pam.d/samba etc/pam.d/system-auth-{pdc,client} This is a "cookie-cutter" config, and I'm very interested to see if you can succeed in using it as such. I have done no documentation on it, so I'm very interested in your feedback to see what needs to be fixed, or addressed. The end result for me has been: Only one password per user for any service, and password changes in one enviroment affects all others (some concurrency limitations from my previous post apply). Notes on client Linux machines: Winbind requires your machine to be joined into a domain, so it's important you understand how to do that (smbpasswd -j), and configure Samba for clients. A file called "smb-client.conf" is included for this purpose. Feel free to use it as a guideline. For PDC, a file called "smb-pdc.conf" is also included. Please don't pass these around just yet, as I want to get feedback before I post these on a website accompanied by a HOWTO. I used: Samba 2.2.7 OpenLDAP 2.0.25 nss_ldap-202 pam_ldap-153 Best Diego PS/ One detail - the PAM configurations need to be optimized to provide full failover, and other safety precautions. Right now, it's very basic, but it should allow you to: change passwords directly from windows using the "Change Password" command, change passwords from the Linux PDC using "passwd", change password from other linux clients using "passwd" as well, and any other common password-change mechanisms from Linux.
redhat-distr-auth.tar.gz
Description: GNU Zip compressed data