Thank you very much Mr.Lovenberg for the item number1 at least I am clearer about the version. If you have time please kindly answers the other questions,no rush. Although I am a newbie to Linux but I don't fear to climb the steep learning curve. I understand that this is kinda jump start for me. As your suggestion to take a builtin password for the authentication. I have made success with basic setup for Fedora core 7 + Samba 3.0.28fc7 with builtin password and user files. I was able to join Linux domain with WindowsXp and Windows2000 machine That's why I would like to take further step to the Ldap authentication. I understand that this'll be tough for me. I would like to have a feeling of the setup this system myself whether it will suit our environment before hiring a consultant.
Thank you and Best Regards, tom Scott Lovenberg wrote: > Tom, > As for item 1: This is possible, however, CentOS-4.6 ships with > samba-3.0.12(ish... it's an older build with Red Hat's blessed > patches), for a Samba 3.0.25, you'll want to use CentOS-5.1, I > believe. You can use a never samba than the shipped version, but as a > Linux newbie, I wouldn't recommend it unless you feel very comfortable > at a command line. I've had a good deal of trouble with Fedora-DS, > but I was building from source, YMMV. I'm sure it's a great software > package, but I had to fight with it a bit. > > On a side note, are you locked in to using CentOS and Fedora DS, and > having separate authentication, or can you "take baby steps" using the > builtin password and user files? You are taking on a great amount of > work and introducing yourself to a very steep learning curve with your > proposed setup. And, being new to Linux at the same time will only > compound this. I'm not trying to discourage you, quite the contrary, > I just think that trying to get right up to this level of server and > service sophistication might leave you with a very long uphill battle > ahead if you choose to take it head on like this. > > >> Adam Williams wrote: >> >>> whoa you have so many things wrong its hard to decide even where to >>> start. read >>> http://www.iallanis.info/smbldap-tools/docs/samba-ldap-howto/, and >>> chapter 5 of samba 3 by example, and >>> http://directory.fedoraproject.org/wiki/Howto:Samba >>> >>> suphakit Chamwuthipricha wrote: >>> >>>> Hi >>>> I am new to linux & Samba. I would like to setup Samba as a >>>> domain controller and using Fedora-ds for authentication. >>>> I have read some documents from www.samba.org but I am still in >>>> the mist. >>>> >>>> Here is my dumb questions about Samba as follows. >>>> >>>> 1. Is CENTOS4.6+SAMBA3.0.25 as PDC +FEDORA-DS possible? >>>> 2. Is this HOWTO from >>>> http://directory.fedoraproject.org/wiki/Howto:Samba sufficient >>>> information? please suggest more >>>> 3. Since I tried to integrate Samba+Fedora-ds ,I am always stuck >>>> at this step "net groupmap add". >>>> Does these command need to be done? What will happen if we >>>> skip them? >>>> # net groupmap add rid=2512 ntgroup='Domain Admins' >>>> unixgroup='Domain Admins' >>>> # net groupmap add rid=2513 ntgroup='Domain Users' >>>> unixgroup='Domain Users' >>>> # net groupmap add rid=2514 ntgroup='Domain Guests' >>>> unixgroup='Domain Guests' >>>> # net groupmap add rid=2515 ntgroup='Domain Computers' >>>> unixgroup='Domain Computers' >>>> >>>> 3.1 Linux won't allow me to add unix group name with space >>>> like Domain Admins ,can we change to DomainAdmins (no space) >>>> as I tried to add unix group DomainAdmins in linux box >>>> and run the command , It is failed. >>>> # net groupmap add rid=2512 ntgroup='Domain Admins' >>>> unixgroup='DomainAdmins' >>>> I also noticed that this somehow relates to smb.conf >>>> file >>>> Some source says: >>>> ldap admin dn = cn=Directory Manager >>>> or >>>> ldap admin dn = cn=Directory Manager,dc=mycompany,dc=com >>>> >>>> 3.1.1 If I use this one ldap dn = cn=Directory Manager >>>> The result of net groupmap show failed to add >>>> group map >>>> 3.1.2 If I use this one ldap admin dn = cn=Directory >>>> Manager,dc=mycompany,dc=com >>>> The result of net groupmap show cannot find object >>>> "cn=Directory Manager,dc=mycompany,dc=com" >>>> 3.2 Where does the command looks for ntgroup="Domain Admins' >>>> to map with unixgroup=Domain Admins >>>> 3.3 Some source say the net group map should add type=d at >>>> the end of the line ,is it true? >>>> # net groupmap add rid=2512 ntgroup='Domain Admins' >>>> unixgroup='Domain Admins' type=d >>>> 4. Does this line in my smb.conf look ok? (I installed Samba >>>> & Fedora-ds in same machine) >>>> passdb backend = ldapsam:ldap://192.168.100.7 >>>> >>>> 5. Does these line need to be included in smb.conf file? >>>> What will happen if we don't include them? >>>> ldap idmap suffix = ou=Users >>>> ldap passed sync = Yes >>>> 6. Does user add scripts need to be included in smb.conf >>>> file? >>>> How it works and when these lines are used. >>>> What will happen if we don't include them. >>>> >>>> # Useradd scripts >>>> add user script = >>>> /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-useradd >>>> -m %u >>>> delete user script = >>>> /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-userdel >>>> -r %u >>>> add group script = >>>> /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-groupadd >>>> %g >>>> delete group script = >>>> /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-groupdel >>>> %g >>>> add user to group script >>>> =/usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-groupmod >>>> -G %g %u >>>> add machine script = >>>> /usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-useradd >>>> -w %u >>>> idmap uid = 15000-20000 >>>> idmap gid = 15000-20000 >>>> passwd program >>>> =/usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/smbldap-passwd %u >>>> >>>> 7. What does this command do? Do we have to do this with >>>> every users? >>>> # pdbedit -U $( net getlocalsid | sed 's/SID for >>>> domain YOURWORKGROUP is: //' )-500 -u Administrator -r >>>> 8. In many HOWTO from website ,they state about PAM and NSS >>>> config with ldap ,do we need it ,can we skip this? >>>> >>>> 9. I hardly find the instruction on how to set up Samba as >>>> PDC + Fedora-ds ,please advise] >>>> >>>> Thank you and Best Regards, >>>> Tom >>>> >>>> ---------------------------------------------------------------------- >>>> Finally - A spam blocker that actually works. >>>> http://www.bluebottle.com/tag/4 >>>> >>>> >>>> >>> >> >> ---------------------------------------------------------------------- >> Finally - A spam blocker that actually works. >> http://www.bluebottle.com/tag/4 >> >> > ---------------------------------------------------------------------- Get a free email account with anti spam protection. http://www.bluebottle.com/tag/2 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba