Hi Quinn, here's short summary what I did to make Linux use S4's LDAP/Kerberos. I'm running Oracle Enterprise Linux on our boxes, so I'm not sure how different that is from Ubuntu. I tried Suse before but that was quite a pain. OEL asks where user accounts come from when the setup runs after installation. I entered all information about the LDAP bits there as well as the Kerberos server, realm and so forth. At this point this setup does not yet work. I then used the samba3 bits from OEL to join the client to the S4 domain. This creates the service principals for the client on the DC. Once the client has joined the domain I used 'net ads keytab create' to dump the clients keytab from the DC into a file. This keytab enables the use of kerberized authentication. Last thing to do is to set passwd, group and shadow to use ldap in /etc/nsswitch.conf After that everything is in place and ready for use. I had no need to utilize anything not provided by OEL. Packages of interest are nss_ldap, openldap and openldap-clients (names most likely differ on Ubuntu).
Prerequisite for this setup is the proper LDAP schema (rfc2307) to include all the Unix related information. I don't think I had to modify the default mapping on the clients. Again - I don't know much about Ubuntu. But I would guess as a end user/desktop oriented distribution things might be a little harder. I could provide the config files with the LDAP/Kerberos client settings. Hope that helps, Bernd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
