-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 22 Jan 2003, Ronan Waide wrote:
> On January 22, [EMAIL PROTECTED] said: > > 1. What packages/ports do I need to install? Because most papers of LDAP > > online I could find mentioned little about Openssl. However, as I know, > > it's necessary for the option "ldap ssl = start_tls" in Samba . Also, I > > didn't find any ports of nss_ldap, but nss_ldap was mentioned by all > > samba+LDAP combination. What's wrong with that? nss_ladp didn't support > > FreeBSD? Without nss_ladp, can I still achieve my goal: Samba+ LDAP as PDC? > > FreeBSD doesn't support NSS, as I understand it. What the nss_* > modules do is act as lookup sources when the system needs to identify > a user, host, password, group, etc. So on a Linux system, for example, > you can instruct the system to first look in files (/etc/passwd, etc) > then try LDAP, and so on until a match is found or the sources are > exhausted. > > In the case of Samba, this facility is not strictly necessary; Samba's > requirement for working NSS support is solely so it can look up a Unix > account or Group to match the SMB account or group information. You > can get around this by either creating Unix accounts for all your > Samba users, or using one of the non-unix account backends (ldap_nua, > in your case). Note, as far as I know the _nua backends are only > available in Samba 3. > > > 2. Individual configuration/setting for every package. > > Tall order. Do you have a working LDAP setup already? You seem to have > a working Samba setup, so what you want is to migrate the information > in that into LDAP. I can't help you with that, since I've not done > it. I'd suggest browsing the mailing list archives. > > > 3. How to start every service? > > Again, a tall order. I'm not a FreeBSD user, so I can't really help > you on this. > hi, i've done here exactly what you want to do. all these things are a littly bit tricky of course of the lagging support for nss in FreeBSD. i've installed OpenLDAP-2.1.8 manually from source (NOT from ports!!!) samba is version 2.2.7 also from spurce (NOT from ports!!!) everything compiled perfectly and is running without problems. the only disadvantage is that OpenLDAP syslog support isn't working with FreeBSD. but i had no time to get deeper in it to find the problem. for migration of the old accounts (computer and user) i used the LDAP-Migrationtools from www.padl.com for this to work you need perl-ldap from the ports-tree. i made some minor changes to the migrationtools to work properly. (some atrribute types are spelled wrong) the main disadvatage for me is, that every user or computer in the ldap tree MUST have a entry in the system password database!!! also new is, that together with the ldap-backend every computer-account MUST have a unique UID. if you have computer-accounts sharing the same UID but a have different name (as i had) samba is looking up the computers name in the LDAP tree but only for normal operations it is done in this way. if you want to join a domain, it modifies the computer-account via the UID that is found for the computers-name. so if you have computer-accounts sharing the same UID, it modifies the first matching UID found, and didn't check if the name is correct or not. the first time this confused me a lot. also you have to generate the right 'rid' and 'primaryGroupID' for every account. this very important if you use the samba together with ldap. the next thing i found is, that variable substitution isn't working with ldap. if is set "smbHome: \\SAMBA_SERVER\%U" or "profilePath: \\SAMBA_SERVER\profiles\%U" the samba lookup returns exactly these values, without replacing the '%U' with the users name.. okay, thats all for the moment. i hope i didn't forget something important. if there are questions, feel free to ask. joerg -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+LpLASPOsGF+KA+MRAnGNAJ4yv/THt3r4ANfhzU395JQ4kmNixgCeJD2J sZoUNmTKC3M4oJ8y6NNY7+M= =YquR -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
