subject:"Re\: \[CentOS\] Samba \+ Openldap"

Re: [CentOS] Samba + Openldap

2011-10-25 Thread Al

I'm still going to stick to trying to get Samba3 and try and get  
openldap to work.  I've got it going in my test environment with a  
clean install of samba and openldap.  I'm currently making the  
modifications to a dev. version of the production ldap database to see  
if I can get it working with Samba3.  I'm not worried about Active  
Directory, openldap works with our environment.  Thanks for the  
suggestions!

On Oct 25, 2011, at 11:38 AM, Adam Tauno Williams wrote:

> On Fri, 2011-10-21 at 12:18 +0200, Giles Coochey wrote:
>> On Fri, October 21, 2011 12:14, Adam Tauno Williams wrote:
>>> On Tue, 2011-10-18 at 16:43 -0400, Al wrote:
 Anyone have an update tutorial/howto for samba to authenticate to  
 ldap?
>>> This are lots of docs.
>>> But DO NOT DO T.
>>> A Samba 3.x DC is very very *obsolete*.  The Windows world has  
>>> moved on
>>> to Active Directory.  If you want to do that you need Samba 4 -  
>>> and no
>>> OpenLDAP.
>>> From the samba Wiki:
>> Samba 4 is currently not yet in a state where it can replace existing
>> production deployments. [1]
>> [1] http://wiki.samba.org/index.php/Samba4#Current_Status
>
> That is the official story - but try it - it works *BETTER* than an  
> NT4
> Samba 3.x domain.  Seriously, really.  Recent Samba 4 builds *are* in
> production at several sites.  It works.
>
> 
>
> Note that Samba 4 is best discussed on the technical list, not yet on
> the users list.
> 
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba + Openldap

2011-10-25 Thread Christopher Chan

On Wednesday, October 26, 2011 10:16 AM, Adam Tauno Williams wrote:
> On Wed, 2011-10-26 at 07:57 +0800, Christopher Chan wrote:
>> On Tuesday, October 25, 2011 11:38 PM, Adam Tauno Williams wrote:
 Samba 4 is currently not yet in a state where it can replace existing
 production deployments. [1]
 [1] http://wiki.samba.org/index.php/Samba4#Current_Status
>>> That is the official story - but try it - it works *BETTER* than an NT4
>>> Samba 3.x domain.  Seriously, really.  Recent Samba 4 builds *are* in
>>> production at several sites.  It works.
>>> 
>>> Note that Samba 4 is best discussed on the technical list, not yet on
>>> the users list.
>> /me salutes the white mice that will make samba4 better and completely
>> ready to take over the Windows AD service.
>
> You can already have a mix of Samba 4 and Windows 2008R2 domain
> controllers in the same domain.

I know...but I wanna not have to have any Windows AD.

>
> If you create an S3 domain you face the grisly prospects of having to
> upgrade that domain to an S4/AD domain someday.  Which is *not* fun.
>

Thanks. I'll stick with the current Windows 2000 AD until samba4 is ready!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba + Openldap

2011-10-25 Thread Adam Tauno Williams

On Wed, 2011-10-26 at 07:57 +0800, Christopher Chan wrote:
> On Tuesday, October 25, 2011 11:38 PM, Adam Tauno Williams wrote:
> >> Samba 4 is currently not yet in a state where it can replace existing
> >> production deployments. [1]
> >> [1] http://wiki.samba.org/index.php/Samba4#Current_Status
> > That is the official story - but try it - it works *BETTER* than an NT4
> > Samba 3.x domain.  Seriously, really.  Recent Samba 4 builds *are* in
> > production at several sites.  It works.
> > 
> > Note that Samba 4 is best discussed on the technical list, not yet on
> > the users list.
> /me salutes the white mice that will make samba4 better and completely 
> ready to take over the Windows AD service.

You can already have a mix of Samba 4 and Windows 2008R2 domain
controllers in the same domain.

If you create an S3 domain you face the grisly prospects of having to
upgrade that domain to an S4/AD domain someday.  Which is *not* fun.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba + Openldap

2011-10-25 Thread Christopher Chan

On Tuesday, October 25, 2011 11:38 PM, Adam Tauno Williams wrote:

>> Samba 4 is currently not yet in a state where it can replace existing
>> production deployments. [1]
>> [1] http://wiki.samba.org/index.php/Samba4#Current_Status
>
> That is the official story - but try it - it works *BETTER* than an NT4
> Samba 3.x domain.  Seriously, really.  Recent Samba 4 builds *are* in
> production at several sites.  It works.
>
> 
>
> Note that Samba 4 is best discussed on the technical list, not yet on
> the users list.

/me salutes the white mice that will make samba4 better and completely 
ready to take over the Windows AD service.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba + Openldap

2011-10-25 Thread Adam Tauno Williams

On Fri, 2011-10-21 at 12:18 +0200, Giles Coochey wrote:
> On Fri, October 21, 2011 12:14, Adam Tauno Williams wrote:
> > On Tue, 2011-10-18 at 16:43 -0400, Al wrote:
> >> Anyone have an update tutorial/howto for samba to authenticate to ldap?
> > This are lots of docs.
> > But DO NOT DO T.
> > A Samba 3.x DC is very very *obsolete*.  The Windows world has moved on
> > to Active Directory.  If you want to do that you need Samba 4 - and no
> > OpenLDAP.
> >From the samba Wiki:
> Samba 4 is currently not yet in a state where it can replace existing
> production deployments. [1]
> [1] http://wiki.samba.org/index.php/Samba4#Current_Status

That is the official story - but try it - it works *BETTER* than an NT4
Samba 3.x domain.  Seriously, really.  Recent Samba 4 builds *are* in
production at several sites.  It works.



Note that Samba 4 is best discussed on the technical list, not yet on
the users list.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba + Openldap

2011-10-21 Thread Al

Openldap, I've been able to get it to work in a staging environment, I'm going 
to try implementing it on one of our dev servers that has the exact openldap 
setup as productions.  It looks to me, I'll be asking more questions if I run 
into any road blocks, but the information everyone has been providing me on 
this thread has helped me a lot.  Thank you!

On Oct 21, 2011, at 7:29 PM, John R Pierce wrote:

> On 10/21/11 2:30 PM, Al wrote:
>> We're a linux mostly enviroment, some of the users have windows.  It sounds 
>> to me, maybe I should start over instead of trying to implement it in our 
>> current openldap enviroment.  We're running openldap 2.3.43 and Samba 3.x..
> 
> what do the windows users authenticate with now?presumably, Samba is 
> to provide file services to these Windows users?
> 
> 
> 
> -- 
> john r pierceN 37, W 122
> santa cruz ca mid-left coast
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba + Openldap

2011-10-21 Thread John R Pierce

On 10/21/11 2:30 PM, Al wrote:
> We're a linux mostly enviroment, some of the users have windows.  It sounds 
> to me, maybe I should start over instead of trying to implement it in our 
> current openldap enviroment.  We're running openldap 2.3.43 and Samba 3.x..

what do the windows users authenticate with now?presumably, Samba is 
to provide file services to these Windows users?



-- 
john r pierceN 37, W 122
santa cruz ca mid-left coast

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba + Openldap

2011-10-21 Thread Al

We're a linux mostly enviroment, some of the users have windows.  It sounds to 
me, maybe I should start over instead of trying to implement it in our current 
openldap enviroment.  We're running openldap 2.3.43 and Samba 3.x..

On Oct 21, 2011, at 6:18 AM, Giles Coochey wrote:

> On Fri, October 21, 2011 12:14, Adam Tauno Williams wrote:
>> On Tue, 2011-10-18 at 16:43 -0400, Al wrote:
>>> Anyone have an update tutorial/howto for samba to authenticate to ldap?
>> 
>> This are lots of docs.
>> 
>> But DO NOT DO IT.
>> 
>> A Samba 3.x DC is very very *obsolete*.  The Windows world has moved on
>> to Active Directory.  If you want to do that you need Samba 4 - and no
>> OpenLDAP.
>> 
>> From the samba Wiki:
> 
> Samba 4 is currently not yet in a state where it can replace existing
> production deployments. [1]
> 
> [1] http://wiki.samba.org/index.php/Samba4#Current_Status
> 
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba + Openldap

2011-10-21 Thread Giles Coochey

On Fri, October 21, 2011 12:14, Adam Tauno Williams wrote:
> On Tue, 2011-10-18 at 16:43 -0400, Al wrote:
>> Anyone have an update tutorial/howto for samba to authenticate to ldap?
>
> This are lots of docs.
>
> But DO NOT DO IT.
>
> A Samba 3.x DC is very very *obsolete*.  The Windows world has moved on
> to Active Directory.  If you want to do that you need Samba 4 - and no
> OpenLDAP.
>
>From the samba Wiki:

Samba 4 is currently not yet in a state where it can replace existing
production deployments. [1]

[1] http://wiki.samba.org/index.php/Samba4#Current_Status


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba + Openldap

2011-10-21 Thread Adam Tauno Williams

On Tue, 2011-10-18 at 16:43 -0400, Al wrote:
> Anyone have an update tutorial/howto for samba to authenticate to ldap?

This are lots of docs. 

But DO NOT DO IT. 

A Samba 3.x DC is very very *obsolete*.  The Windows world has moved on
to Active Directory.  If you want to do that you need Samba 4 - and no
OpenLDAP.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba + Openldap

2011-10-20 Thread Arun Khan

On Thu, Oct 20, 2011 at 8:02 PM, Al  wrote:
> I would just need to add those attributes in openldap?  I'm not very 
> experienced, that is why I asked for howto/tutorials... I've been building an 
> openldap and samba environment in a staged virtual system, so I can get a 
> better understanding on how it all works.  It seems to me I would have to add 
> additional attributes to all those users and load the samba.schema onto the 
> master server, then go on the samba server and configure it to use ldap?  I'm 
> not so sure, I guess it'll take some time for me to figure it all out...

Yes, you have to add the samba.schema to your openLDAP setup.  The
schema automatically brings in the user attributes.  You will need to
populate them for the Samba specific attributes.  Indeed, doing it in
a virtual machine is a good way to learn about the LDAP+Samba
integration.

As some one else has suggested, smb-ldap tools does the user
management work for both Unix and Samba.  LAM is a PHP based web app
to manage your LDAP setup, it does support the SAMBA extensions.

HTH,

-- Arun Khan
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba + Openldap

2011-10-20 Thread Al

I would just need to add those attributes in openldap?  I'm not very 
experienced, that is why I asked for howto/tutorials... I've been building an 
openldap and samba environment in a staged virtual system, so I can get a 
better understanding on how it all works.  It seems to me I would have to add 
additional attributes to all those users and load the samba.schema onto the 
master server, then go on the samba server and configure it to use ldap?  I'm 
not so sure, I guess it'll take some time for me to figure it all out...

On Oct 19, 2011, at 1:31 PM, Craig White wrote:

> 
> On Oct 19, 2011, at 8:16 AM, Al wrote:
> 
>> This isn't what I was talking about ... Let me be a little more specific ... 
>> I've got an openldap system configured, just need to setup Samba to use 
>> openldap to allow them to access there shells via Windows Explorer.  They 
>> usually login via SSH, but want to have the ability to copy things over to 
>> the Windows without using SFTP.
> 
> I can't see how that actually matters because you want them to gain access to 
> the samba server using their accounts and samba requires both a POSIX & a 
> SAMBA user and the logical place for a SAMBA user is to have their SAMBA 
> attributes in the same LDAP record.
> 
> At that point, they could easily mount a SAMBA share on their Windows box 
> using the same account (though Windows passwords use a Windows compatible 
> hashed password). Basically, the user account in LDAP has both POSIX & SAMBA 
> attributes including userPassword (POSIX) and sambaNTPassword (SAMBA) and 
> group memberships that may be one or both (though I tend to create groups 
> that are both).
> 
> The easiest way to demonstrate is to use my own setup...
> 
> # ldapsearch -x '(uid=craig)' -D uid=craig,ou=people,dc=azapple,dc=com -W
> Enter LDAP Password: 
> # extended LDIF
> #
> # LDAPv3
> # base  (default) with scope subtree
> # filter: (uid=craig)
> # requesting: ALL
> #
> 
> # craig, people, azapple.com
> dn: uid=craig,ou=people,dc=azapple,dc=com
> sambaPwdMustChange: 2147483647
> labeledURI: http://linuxserver/horde/kronolith/fb.php?c=craig
> sambaSID: S-1-5-21-1423820788-2381578139-XX-1000
> calFBURL: http://srv2.azapple.com/horde/kronolith/fb.php?c=craig
> sambaPasswordHistory: 
> 
> displayName: Craig White
> sambaMungedDial: 1
> shadowMax: 9
> sambaLogonScript: logon.bat
> sambaProfilePath: \\SRV2\profiles\craig
> cn: Craig White
> uidNumber: 1000
> shadowWarning: 7
> sambaPrimaryGroupSID: 1423820788-2381578139-XX-513
> sambaAcctFlags: [U  ]
> gecos: Craig White
> shadowLastChange: 15199
> sambaPwdLastSet: 1313206319
> mail: cr...@azapple.com
> userPassword:: REMOVED...
> sambaLMPassword: REMOVED
> uid: craig
> sambaPwdCanChange: 1313206319
> sambaHomePath: \\SRV2\homes\craig
> homeDirectory: /home/craig
> description: Craig is a local user
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: person
> objectClass: inetOrgPerson
> objectClass: sambaSamAccount
> objectClass: top
> objectClass: calEntry
> gidNumber: 100
> sambaDomainName: AZAPPLE
> givenName: Craig
> sambaHomeDrive: h:
> sambaNTPassword: REMOVED
> sn: White
> loginShell: /bin/bash
> 
> # search result
> search: 2
> result: 0 Success
> 
> # numResponses: 2
> # numEntries: 1
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba + Openldap

2011-10-19 Thread Craig White

On Oct 19, 2011, at 8:16 AM, Al wrote:

> This isn't what I was talking about ... Let me be a little more specific ... 
> I've got an openldap system configured, just need to setup Samba to use 
> openldap to allow them to access there shells via Windows Explorer.  They 
> usually login via SSH, but want to have the ability to copy things over to 
> the Windows without using SFTP.

I can't see how that actually matters because you want them to gain access to 
the samba server using their accounts and samba requires both a POSIX & a SAMBA 
user and the logical place for a SAMBA user is to have their SAMBA attributes 
in the same LDAP record.

At that point, they could easily mount a SAMBA share on their Windows box using 
the same account (though Windows passwords use a Windows compatible hashed 
password). Basically, the user account in LDAP has both POSIX & SAMBA 
attributes including userPassword (POSIX) and sambaNTPassword (SAMBA) and group 
memberships that may be one or both (though I tend to create groups that are 
both).

The easiest way to demonstrate is to use my own setup...

# ldapsearch -x '(uid=craig)' -D uid=craig,ou=people,dc=azapple,dc=com -W
Enter LDAP Password: 
# extended LDIF
#
# LDAPv3
# base  (default) with scope subtree
# filter: (uid=craig)
# requesting: ALL
#

# craig, people, azapple.com
dn: uid=craig,ou=people,dc=azapple,dc=com
sambaPwdMustChange: 2147483647
labeledURI: http://linuxserver/horde/kronolith/fb.php?c=craig
sambaSID: S-1-5-21-1423820788-2381578139-XX-1000
calFBURL: http://srv2.azapple.com/horde/kronolith/fb.php?c=craig
sambaPasswordHistory: 

displayName: Craig White
sambaMungedDial: 1
shadowMax: 9
sambaLogonScript: logon.bat
sambaProfilePath: \\SRV2\profiles\craig
cn: Craig White
uidNumber: 1000
shadowWarning: 7
sambaPrimaryGroupSID: 1423820788-2381578139-XX-513
sambaAcctFlags: [U  ]
gecos: Craig White
shadowLastChange: 15199
sambaPwdLastSet: 1313206319
mail: cr...@azapple.com
userPassword:: REMOVED...
sambaLMPassword: REMOVED
uid: craig
sambaPwdCanChange: 1313206319
sambaHomePath: \\SRV2\homes\craig
homeDirectory: /home/craig
description: Craig is a local user
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: top
objectClass: calEntry
gidNumber: 100
sambaDomainName: AZAPPLE
givenName: Craig
sambaHomeDrive: h:
sambaNTPassword: REMOVED
sn: White
loginShell: /bin/bash

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba + Openldap

2011-10-19 Thread Al

This isn't what I was talking about ... Let me be a little more specific ... 
I've got an openldap system configured, just need to setup Samba to use 
openldap to allow them to access there shells via Windows Explorer.  They 
usually login via SSH, but want to have the ability to copy things over to the 
Windows without using SFTP.

On Oct 18, 2011, at 6:59 PM, Craig White wrote:

> 
> On Oct 18, 2011, at 2:56 PM, Miguel Medalha wrote:
> 
>> 
>>> Anyone have an update tutorial/howto for samba to authenticate to ldap?
>>> 
>> 
>> http://www.samba.org/samba/docs/man/Samba-Guide/happy.html
> 
> indeed - that is one of the chapters from the 'By Example' to which I 
> referred to earlier
> 
> Craig
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba + Openldap

2011-10-19 Thread Al

Thanks for the information, I'll refer to it ...

On Oct 18, 2011, at 5:56 PM, Miguel Medalha wrote:

> 
>> Anyone have an update tutorial/howto for samba to authenticate to ldap?
>> 
> 
> http://www.samba.org/samba/docs/man/Samba-Guide/happy.html

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba + Openldap

2011-10-18 Thread Craig White


On Oct 18, 2011, at 2:56 PM, Miguel Medalha wrote:

> 
>> Anyone have an update tutorial/howto for samba to authenticate to ldap?
>> 
> 
> http://www.samba.org/samba/docs/man/Samba-Guide/happy.html

indeed - that is one of the chapters from the 'By Example' to which I referred 
to earlier

Craig

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba + Openldap

2011-10-18 Thread Miguel Medalha


> Anyone have an update tutorial/howto for samba to authenticate to ldap?
>

http://www.samba.org/samba/docs/man/Samba-Guide/happy.html
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba + Openldap

2011-10-18 Thread Brett Serkez

> > Anyone have an update tutorial/howto for samba to authenticate to ldap?
> -
>
Not so much a Samba issue, make sure you have a known local username and
password so you are not locked out if the LDAP server fails to start for
whatever reason, especially if you disable network logins as root, as you
should!

Brett
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba + Openldap

2011-10-18 Thread Craig White


On Oct 18, 2011, at 1:43 PM, Al wrote:

> Anyone have an update tutorial/howto for samba to authenticate to ldap?

use the real documentation from samba

'By Example' (walks you by the hand)

Craig

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba + Openldap

2011-10-18 Thread Paul Heinlein

On Tue, 18 Oct 2011, Al wrote:

> Anyone have an update tutorial/howto for samba to authenticate to ldap?

I recommend the smbldap-tools suite of applications for that task:

   https://gna.org/projects/smbldap-tools/

-- 
Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba + Openldap

Re: [CentOS] Samba + Openldap

Re: [CentOS] Samba + Openldap

Re: [CentOS] Samba + Openldap

Re: [CentOS] Samba + Openldap

Re: [CentOS] Samba + Openldap

Re: [CentOS] Samba + Openldap

Re: [CentOS] Samba + Openldap

Re: [CentOS] Samba + Openldap

Re: [CentOS] Samba + Openldap

Re: [CentOS] Samba + Openldap

Re: [CentOS] Samba + Openldap

Re: [CentOS] Samba + Openldap

Re: [CentOS] Samba + Openldap

Re: [CentOS] Samba + Openldap

Re: [CentOS] Samba + Openldap

Re: [CentOS] Samba + Openldap

Re: [CentOS] Samba + Openldap

Re: [CentOS] Samba + Openldap

Re: [CentOS] Samba + Openldap

20 matches

Site Navigation

Mail list logo

Footer information