Re: [Samba] smb-ldap or not to smb-ldap
On Fri, 2006-03-31 at 16:30 +0100, Antony Gelberg wrote: Hi all, We are deploying a Linux server and desktops for a customer. We will have the users and groups in LDAP on the server, and files shared via NFS. However, one never knows if Windows desktops will be needed in the future. Is it a good idea to add users with smb-ldap even if samba is not initially used, as adding the samba attributes to an existing LDAP database is painful, and the smb-ldap created users will have the relevant POSIX credentials to be able to login anyway? Do use LDAP, having something that does the stuff is awesome. Recently The Linux Journal had a series that goes into your kind of questions and gives so very good overall answers. While I disagree with some of the implementation, Ti Leggett has done some very good work to bring things together. He brings in quite a bit of the planning and why-fors etc to the article. This is good, as many many people ignore most of these things while trying to get things working, creating a serious mess that is very discouraging. You could nearly go line for line on his configs. Ti Leggett also refers to some previous articles at the LJ, also you should be at least able to skim these referenced articles and completely understand them. If you can't or don't understand the reference articles, you need to sit down and work them out before proceeding here. Single Sign-On and the Corporate Directory, Part 1 http://www.linuxjournal.com/article/8374 Single Sign-On and the Corporate Directory, Part 2 http://www.linuxjournal.com/article/8375 Single Sign-On and the Corporate Directory, Part 3 http://www.linuxjournal.com/article/8376 Single Sign-On and the Corporate Directory, Part 4 http://www.linuxjournal.com/article/8377 A follow on from Single Sign-On and the Corporate Directory (Part 1-4), in my opinion goes very well with the previous series and may have well been intended. Using Wikis and Blogs to Ease Administration http://www.linuxjournal.com/article/8779 The last one goes into making sure you cover you assets and documentation is a wonderful thing. Using these articles as a reference for steering your decisions is a good idea. You may disagree with Ti on some things or particular items that you won't/can't/forbidden to use, but then again consider the whole picture he gives us. Good luck and hope to hear good news. -- greg, [EMAIL PROTECTED] The technology that is Stronger, Better, Faster: Linux Use Debian GNU/Linux, its a bazaar thing NOTICE: Due to Presidential Executive Orders, the National Security Agency may have read this email without warning, warrant, or notice, and certainly without probable cause. They may do this without any judicial or legislative oversight. You have no recourse nor protection. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smb-ldap or not to smb-ldap
[Sorry for my previous empty post, lost it for a second.] Craig White wrote: On Fri, 2006-03-31 at 16:30 +0100, Antony Gelberg wrote: Hi all, We are deploying a Linux server and desktops for a customer. We will have the users and groups in LDAP on the server, and files shared via NFS. However, one never knows if Windows desktops will be needed in the future. Is it a good idea to add users with smb-ldap even if samba is not initially used, as adding the samba attributes to an existing LDAP database is painful, and the smb-ldap created users will have the relevant POSIX credentials to be able to login anyway? It would seem to me that a successful LDAP implementation is going to have an administrator who can script changes to the users attributes when necessary, otherwise, it's not just a down the road implementation of samba that will make things difficult. My thinking is that time spent now to acquire skill sets is better than spending time to configure an imagined samba implementation which may happen down the road. You're right, but time is not always that easy to come by and smbldap-tools is a real time-saver, being so powerful. That being said, it probably won't hurt anything to implement smbldap-tools but consider that the real issue is the tool sets you use to create/modify existing users outside of the samba realm must all anticipate the samba schema because the smbldap-tools are for samba based tools. There is no requirement to have users who aren't part of the samba realm i.e. with POSIX login only, so we can always use the smbldap-tools toolset. Or did I misunderstand your point? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smb-ldap or not to smb-ldap
Craig White wrote: On Fri, 2006-03-31 at 16:30 +0100, Antony Gelberg wrote: Hi all, We are deploying a Linux server and desktops for a customer. We will have the users and groups in LDAP on the server, and files shared via NFS. However, one never knows if Windows desktops will be needed in the future. Is it a good idea to add users with smb-ldap even if samba is not initially used, as adding the samba attributes to an existing LDAP database is painful, and the smb-ldap created users will have the relevant POSIX credentials to be able to login anyway? It would seem to me that a successful LDAP implementation is going to have an administrator who can script changes to the users attributes when necessary, otherwise, it's not just a down the road implementation of samba that will make things difficult. My thinking is that time spent now to acquire skill sets is better than spending time to configure an imagined samba implementation which may happen down the road. That being said, it probably won't hurt anything to implement smbldap-tools but consider that the real issue is the tool sets you use to create/modify existing users outside of the samba realm must all anticipate the samba schema because the smbldap-tools are for samba based tools. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smb-ldap or not to smb-ldap
On Sat, 2006-04-01 at 12:56 +0100, Antony Gelberg wrote: [Sorry for my previous empty post, lost it for a second.] Craig White wrote: On Fri, 2006-03-31 at 16:30 +0100, Antony Gelberg wrote: Hi all, We are deploying a Linux server and desktops for a customer. We will have the users and groups in LDAP on the server, and files shared via NFS. However, one never knows if Windows desktops will be needed in the future. Is it a good idea to add users with smb-ldap even if samba is not initially used, as adding the samba attributes to an existing LDAP database is painful, and the smb-ldap created users will have the relevant POSIX credentials to be able to login anyway? It would seem to me that a successful LDAP implementation is going to have an administrator who can script changes to the users attributes when necessary, otherwise, it's not just a down the road implementation of samba that will make things difficult. My thinking is that time spent now to acquire skill sets is better than spending time to configure an imagined samba implementation which may happen down the road. You're right, but time is not always that easy to come by and smbldap-tools is a real time-saver, being so powerful. That being said, it probably won't hurt anything to implement smbldap-tools but consider that the real issue is the tool sets you use to create/modify existing users outside of the samba realm must all anticipate the samba schema because the smbldap-tools are for samba based tools. There is no requirement to have users who aren't part of the samba realm i.e. with POSIX login only, so we can always use the smbldap-tools toolset. Or did I misunderstand your point? yeah, I think you did miss the point - not that it was very important. He's asking about pre-configuring smbldap-tools without an intention or a plan to implement for the near future as a just in case proposition because he doesn't know how to go back in add attributes/objectclasses to his existing DSA. I'm suggesting that learning to do that would likely be a better investment in time than trying to calculate what an unneeded samba setup would look like so he can configure it now in anticipation. I'm suggesting that the problem down the road won't be because he didn't configure smbldap-tools out now, but more likely to be not knowing how to manipulate the entries in LDAP on a mass scale. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smb-ldap or not to smb-ldap
Hi all, We are deploying a Linux server and desktops for a customer. We will have the users and groups in LDAP on the server, and files shared via NFS. However, one never knows if Windows desktops will be needed in the future. Is it a good idea to add users with smb-ldap even if samba is not initially used, as adding the samba attributes to an existing LDAP database is painful, and the smb-ldap created users will have the relevant POSIX credentials to be able to login anyway? Antony -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smb-ldap or not to smb-ldap
On Fri, 2006-03-31 at 16:30 +0100, Antony Gelberg wrote: Hi all, We are deploying a Linux server and desktops for a customer. We will have the users and groups in LDAP on the server, and files shared via NFS. However, one never knows if Windows desktops will be needed in the future. Is it a good idea to add users with smb-ldap even if samba is not initially used, as adding the samba attributes to an existing LDAP database is painful, and the smb-ldap created users will have the relevant POSIX credentials to be able to login anyway? It would seem to me that a successful LDAP implementation is going to have an administrator who can script changes to the users attributes when necessary, otherwise, it's not just a down the road implementation of samba that will make things difficult. My thinking is that time spent now to acquire skill sets is better than spending time to configure an imagined samba implementation which may happen down the road. That being said, it probably won't hurt anything to implement smbldap-tools but consider that the real issue is the tool sets you use to create/modify existing users outside of the samba realm must all anticipate the samba schema because the smbldap-tools are for samba based tools. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smb-ldap or not to smb-ldap
On Fri, 31 Mar 2006, Antony Gelberg wrote: We are deploying a Linux server and desktops for a customer. We will have the users and groups in LDAP on the server, and files shared via NFS. However, one never knows if Windows desktops will be needed in the future. Is it a good idea to add users with smb-ldap even if samba is not initially used, as adding the samba attributes to an existing LDAP database is painful, and the smb-ldap created users will have the relevant POSIX credentials to be able to login anyway? we have this configuration. We had some windows boxes, which used samba. Our database was an ldap backend. We now use the ldap backend for everything including global address book, proxy authentication, email, intranet application etc.. Having an ldap backend is very useful -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba