Re: OpenBSD server with samba and openldap

2009-05-15 Thread BSD nuub 
On Thu, May 14, 2009 at 11:11 AM, Pedro Almeida
palme...@securenetworks.pt wrote:

 This was probably true by the time of this document write, but hopefully
 things change over time.
 Please take a look at ypldap(8). I think it solves the problem you refer.

 There are some small issues, but I bet they are being worked, and you'll
 find an workaround for them meanwhile. ;)

 Best regards,

 Pedro



Thanks to everyone that replied (both public and in private), pointing
me in the right direction.
I'll have a look at ypldap.

/bsdnuub

Re: OpenBSD server with samba and openldap

2009-05-15 Thread Leonardo Rodrigues 
Hi,

I've set up an OpenBSD PDC server for a client, serving some 40
computers, and did not encounter that performance issue you mentioned.
I did not use OpenLDAP, relying instead on tdbsam and unix accounts.
It runs OpenBSD 4.4 with samba from packages.

Also, as some have mentioned, some performance issues were fixed
(http://www.vnode.ch/fixing_seekdir). See if you're not running an
older samba version.

On Thu, May 14, 2009 at 7:45 PM, Paul M l...@no-tek.com wrote:
 I recall seeing in the samba docs that setting the account info in
 samba could optionally also add the entries on the unix side - meaning
 you only need to set set it once. I'm hazy on the details, perhaps look
 into alternatives to using LDAP. When I've done this I've always
 entered them separately.

 One unrelated point I'd like to make is performance - I've found
 really annoying connection delays, particularly with word and excel.
 Transfer rates are ok, it's opening and saving files that's an
 issue.
 Extensive googling and I could make it tolerable at best. As this is
 for a client, it's proved to be an embarasment. I would dearly love to
 find I'm doing something wrong, and I expect that I will, but my
 advice would be to check it out without committing yourself, if
 that's possible.
 I did find one article on the net that said that all bsd's suffer
 performance issues with samba, and the Samba docs do seem to be
 completely linux-centric.
 I'll check out the link below.


 paul

OpenBSD server with samba and openldap

2009-05-14 Thread BSD nuub 
Dear misc@ readers,
I'm planning to set up a OpenBSD 4.5 based server serving a local
network with Windows XP based client computers.
There's no mention of this in the OpenBSD faq, but I found a nice
guide that seems to be pretty recent and up-to-date.

http://www.kernel-panic.it/openbsd/pdc/pdc4.html
On this page, there's something that bothers me:

Please note that, though Samba account information will be stored in
LDAP, smbd(8) will still obtain the user's UNIX account information
via the standard C library calls, such as getpwnam() (see
documentation); unfortunately, OpenBSD's standard C libraries don't
support LDAP, thus forcing us to define Samba users also as local Unix
accounts.

This means a little more work for the system administrator, who will
need to define users twice, but won't affect the overall system
security since Unix users won't need to be able to logon to the
system.


Now, I'm thinking that this problem maybe can be solved with this:
http://openbsd.rutgers.edu/bsdauth/
+
http://openports.se/sysutils/login_ldap
?

Anyone else already done this in a better/smarter way?

Thanks for your time!
/bsdnuub

Re: OpenBSD server with samba and openldap

2009-05-14 Thread Pedro Almeida 

On May 14, 2009, at 9:25 AM, BSD nuub wrote:


On this page, there's something that bothers me:

Please note that, though Samba account information will be stored in
LDAP, smbd(8) will still obtain the user's UNIX account information
via the standard C library calls, such as getpwnam() (see
documentation); unfortunately, OpenBSD's standard C libraries don't
support LDAP, thus forcing us to define Samba users also as local Unix
accounts.

This means a little more work for the system administrator, who will
need to define users twice, but won't affect the overall system
security since Unix users won't need to be able to logon to the
system.


This was probably true by the time of this document write, but hopefully
things change over time.
Please take a look at ypldap(8). I think it solves the problem you
refer.

There are some small issues, but I bet they are being worked, and you'll
find an workaround for them meanwhile. ;)

Best regards,

Pedro

Re: OpenBSD server with samba and openldap

2009-05-14 Thread Paul M 

I recall seeing in the samba docs that setting the account info in
samba could optionally also add the entries on the unix side - meaning
you only need to set set it once. I'm hazy on the details, perhaps look
into alternatives to using LDAP. When I've done this I've always
entered them separately.

One unrelated point I'd like to make is performance - I've found
really annoying connection delays, particularly with word and excel.
Transfer rates are ok, it's opening and saving files that's an
issue.
Extensive googling and I could make it tolerable at best. As this is
for a client, it's proved to be an embarasment. I would dearly love to
find I'm doing something wrong, and I expect that I will, but my
advice would be to check it out without committing yourself, if
that's possible.
I did find one article on the net that said that all bsd's suffer
performance issues with samba, and the Samba docs do seem to be
completely linux-centric.
I'll check out the link below.


paul


On 14/05/2009, at 8:25 PM, BSD nuub wrote:


Dear misc@ readers,
I'm planning to set up a OpenBSD 4.5 based server serving a local
network with Windows XP based client computers.
There's no mention of this in the OpenBSD faq, but I found a nice
guide that seems to be pretty recent and up-to-date.

http://www.kernel-panic.it/openbsd/pdc/pdc4.html
On this page, there's something that bothers me:

Please note that, though Samba account information will be stored in
LDAP, smbd(8) will still obtain the user's UNIX account information
via the standard C library calls, such as getpwnam() (see
documentation); unfortunately, OpenBSD's standard C libraries don't
support LDAP, thus forcing us to define Samba users also as local Unix
accounts.

This means a little more work for the system administrator, who will
need to define users twice, but won't affect the overall system
security since Unix users won't need to be able to logon to the
system.


Now, I'm thinking that this problem maybe can be solved with this:
http://openbsd.rutgers.edu/bsdauth/
+
http://openports.se/sysutils/login_ldap
?

Anyone else already done this in a better/smarter way?

Thanks for your time!
/bsdnuub

Re: OpenBSD server with samba and openldap

2009-05-14 Thread richardtoohey 
Quoting Paul M l...@no-tek.com:

 I recall seeing in the samba docs that setting the account info in
 samba could optionally also add the entries on the unix side - meaning
 you only need to set set it once. I'm hazy on the details, perhaps look
 into alternatives to using LDAP. When I've done this I've always
 entered them separately.
 
 One unrelated point I'd like to make is performance - I've found
 really annoying connection delays, particularly with word and excel.
 Transfer rates are ok, it's opening and saving files that's an
 issue.
 Extensive googling and I could make it tolerable at best. As this is
 for a client, it's proved to be an embarasment. I would dearly love to
 find I'm doing something wrong, and I expect that I will, but my
 advice would be to check it out without committing yourself, if
 that's possible.
 I did find one article on the net that said that all bsd's suffer
 performance issues with samba,[cut]

Have you got a link?

Maybe it was fixed/improved by this?

http://www.vnode.ch/fixing_seekdir

[end-cut] and the Samba docs do seem to be
 completely linux-centric.
 I'll check out the link below.
 
 
 paul
 
 
 On 14/05/2009, at 8:25 PM, BSD nuub wrote:
 
  Dear misc@ readers,
  I'm planning to set up a OpenBSD 4.5 based server serving a local
  network with Windows XP based client computers.
  There's no mention of this in the OpenBSD faq, but I found a nice
  guide that seems to be pretty recent and up-to-date.
 
  http://www.kernel-panic.it/openbsd/pdc/pdc4.html
  On this page, there's something that bothers me:
 
  Please note that, though Samba account information will be stored in
  LDAP, smbd(8) will still obtain the user's UNIX account information
  via the standard C library calls, such as getpwnam() (see
  documentation); unfortunately, OpenBSD's standard C libraries don't
  support LDAP, thus forcing us to define Samba users also as local
 Unix
  accounts.
 
  This means a little more work for the system administrator, who will
  need to define users twice, but won't affect the overall system
  security since Unix users won't need to be able to logon to the
  system.
 
 
  Now, I'm thinking that this problem maybe can be solved with this:
  http://openbsd.rutgers.edu/bsdauth/
  +
  http://openports.se/sysutils/login_ldap
  ?
 
  Anyone else already done this in a better/smarter way?
 
  Thanks for your time!
  /bsdnuub