Re: OpenBSD server with samba and openldap
On Thu, May 14, 2009 at 11:11 AM, Pedro Almeida palme...@securenetworks.pt wrote: This was probably true by the time of this document write, but hopefully things change over time. Please take a look at ypldap(8). I think it solves the problem you refer. There are some small issues, but I bet they are being worked, and you'll find an workaround for them meanwhile. ;) Best regards, Pedro Thanks to everyone that replied (both public and in private), pointing me in the right direction. I'll have a look at ypldap. /bsdnuub
Re: OpenBSD server with samba and openldap
Hi, I've set up an OpenBSD PDC server for a client, serving some 40 computers, and did not encounter that performance issue you mentioned. I did not use OpenLDAP, relying instead on tdbsam and unix accounts. It runs OpenBSD 4.4 with samba from packages. Also, as some have mentioned, some performance issues were fixed (http://www.vnode.ch/fixing_seekdir). See if you're not running an older samba version. On Thu, May 14, 2009 at 7:45 PM, Paul M l...@no-tek.com wrote: I recall seeing in the samba docs that setting the account info in samba could optionally also add the entries on the unix side - meaning you only need to set set it once. I'm hazy on the details, perhaps look into alternatives to using LDAP. When I've done this I've always entered them separately. One unrelated point I'd like to make is performance - I've found really annoying connection delays, particularly with word and excel. Transfer rates are ok, it's opening and saving files that's an issue. Extensive googling and I could make it tolerable at best. As this is for a client, it's proved to be an embarasment. I would dearly love to find I'm doing something wrong, and I expect that I will, but my advice would be to check it out without committing yourself, if that's possible. I did find one article on the net that said that all bsd's suffer performance issues with samba, and the Samba docs do seem to be completely linux-centric. I'll check out the link below. paul
OpenBSD server with samba and openldap
Dear misc@ readers, I'm planning to set up a OpenBSD 4.5 based server serving a local network with Windows XP based client computers. There's no mention of this in the OpenBSD faq, but I found a nice guide that seems to be pretty recent and up-to-date. http://www.kernel-panic.it/openbsd/pdc/pdc4.html On this page, there's something that bothers me: Please note that, though Samba account information will be stored in LDAP, smbd(8) will still obtain the user's UNIX account information via the standard C library calls, such as getpwnam() (see documentation); unfortunately, OpenBSD's standard C libraries don't support LDAP, thus forcing us to define Samba users also as local Unix accounts. This means a little more work for the system administrator, who will need to define users twice, but won't affect the overall system security since Unix users won't need to be able to logon to the system. Now, I'm thinking that this problem maybe can be solved with this: http://openbsd.rutgers.edu/bsdauth/ + http://openports.se/sysutils/login_ldap ? Anyone else already done this in a better/smarter way? Thanks for your time! /bsdnuub
Re: OpenBSD server with samba and openldap
On May 14, 2009, at 9:25 AM, BSD nuub wrote: On this page, there's something that bothers me: Please note that, though Samba account information will be stored in LDAP, smbd(8) will still obtain the user's UNIX account information via the standard C library calls, such as getpwnam() (see documentation); unfortunately, OpenBSD's standard C libraries don't support LDAP, thus forcing us to define Samba users also as local Unix accounts. This means a little more work for the system administrator, who will need to define users twice, but won't affect the overall system security since Unix users won't need to be able to logon to the system. This was probably true by the time of this document write, but hopefully things change over time. Please take a look at ypldap(8). I think it solves the problem you refer. There are some small issues, but I bet they are being worked, and you'll find an workaround for them meanwhile. ;) Best regards, Pedro
Re: OpenBSD server with samba and openldap
I recall seeing in the samba docs that setting the account info in samba could optionally also add the entries on the unix side - meaning you only need to set set it once. I'm hazy on the details, perhaps look into alternatives to using LDAP. When I've done this I've always entered them separately. One unrelated point I'd like to make is performance - I've found really annoying connection delays, particularly with word and excel. Transfer rates are ok, it's opening and saving files that's an issue. Extensive googling and I could make it tolerable at best. As this is for a client, it's proved to be an embarasment. I would dearly love to find I'm doing something wrong, and I expect that I will, but my advice would be to check it out without committing yourself, if that's possible. I did find one article on the net that said that all bsd's suffer performance issues with samba, and the Samba docs do seem to be completely linux-centric. I'll check out the link below. paul On 14/05/2009, at 8:25 PM, BSD nuub wrote: Dear misc@ readers, I'm planning to set up a OpenBSD 4.5 based server serving a local network with Windows XP based client computers. There's no mention of this in the OpenBSD faq, but I found a nice guide that seems to be pretty recent and up-to-date. http://www.kernel-panic.it/openbsd/pdc/pdc4.html On this page, there's something that bothers me: Please note that, though Samba account information will be stored in LDAP, smbd(8) will still obtain the user's UNIX account information via the standard C library calls, such as getpwnam() (see documentation); unfortunately, OpenBSD's standard C libraries don't support LDAP, thus forcing us to define Samba users also as local Unix accounts. This means a little more work for the system administrator, who will need to define users twice, but won't affect the overall system security since Unix users won't need to be able to logon to the system. Now, I'm thinking that this problem maybe can be solved with this: http://openbsd.rutgers.edu/bsdauth/ + http://openports.se/sysutils/login_ldap ? Anyone else already done this in a better/smarter way? Thanks for your time! /bsdnuub
Re: OpenBSD server with samba and openldap
Quoting Paul M l...@no-tek.com: I recall seeing in the samba docs that setting the account info in samba could optionally also add the entries on the unix side - meaning you only need to set set it once. I'm hazy on the details, perhaps look into alternatives to using LDAP. When I've done this I've always entered them separately. One unrelated point I'd like to make is performance - I've found really annoying connection delays, particularly with word and excel. Transfer rates are ok, it's opening and saving files that's an issue. Extensive googling and I could make it tolerable at best. As this is for a client, it's proved to be an embarasment. I would dearly love to find I'm doing something wrong, and I expect that I will, but my advice would be to check it out without committing yourself, if that's possible. I did find one article on the net that said that all bsd's suffer performance issues with samba,[cut] Have you got a link? Maybe it was fixed/improved by this? http://www.vnode.ch/fixing_seekdir [end-cut] and the Samba docs do seem to be completely linux-centric. I'll check out the link below. paul On 14/05/2009, at 8:25 PM, BSD nuub wrote: Dear misc@ readers, I'm planning to set up a OpenBSD 4.5 based server serving a local network with Windows XP based client computers. There's no mention of this in the OpenBSD faq, but I found a nice guide that seems to be pretty recent and up-to-date. http://www.kernel-panic.it/openbsd/pdc/pdc4.html On this page, there's something that bothers me: Please note that, though Samba account information will be stored in LDAP, smbd(8) will still obtain the user's UNIX account information via the standard C library calls, such as getpwnam() (see documentation); unfortunately, OpenBSD's standard C libraries don't support LDAP, thus forcing us to define Samba users also as local Unix accounts. This means a little more work for the system administrator, who will need to define users twice, but won't affect the overall system security since Unix users won't need to be able to logon to the system. Now, I'm thinking that this problem maybe can be solved with this: http://openbsd.rutgers.edu/bsdauth/ + http://openports.se/sysutils/login_ldap ? Anyone else already done this in a better/smarter way? Thanks for your time! /bsdnuub