----------------------------------- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467
John H Terpstra <[EMAIL PROTECTED]> Envoyé par : Pour : Cybr0t McWhulf <[EMAIL PROTECTED]> [EMAIL PROTECTED] cc : [EMAIL PROTECTED] .samba.org Objet : Re: [Samba] Samba 3.0 + LDAP as PDC 26/09/03 03:12 On Thu, 25 Sep 2003, Cybr0t McWhulf wrote: > At the risk of having my inbox flooded with another 10,000 Emails from > "Microsoft" proporting the "latest security update".. > > Now that smb3.0 is out and about, I'd really like to use it for > authenticating windows users / PDC (With BDC in the plans) > > My problem is that there seems to be little to zero up to date > documentation on how to integrate Samba and LDAP, the most I found were a > couple oddball newsgroup postings and a "Samba 2.2.4/LDAP PDC howto" which > is well over a year old. This howto is for samba 2.2.x, not for 3.0.0. You can use this howto only for UNIX LDAP authentification (howto configure nsswitch.conf, ldap.conf, system-auth.conf), for the LDAP-SAMBA PART, you must read the samba-howto-collection avainlable with the tarball. John : the howto "Samba 2.2.4/LDAP PDC howto" can be downloaded here : http://www.linuxplusvalue.be/download/samba-ldap-howto.pdf The difference between your system for unix auth and the system proposed by this howto is the source of authentification : your howto say samba-auth (samba-pam), and the other howto say ldap-auth (ldap-pam). Are you understand ? How much homework did you do? Did you read the Samba-HOWTO-Collection.pdf that is part of the Samba-3.0.0 tarball. Its in the ~samba/docs directory and a little hard to miss! Oh, should also say that it has grown up a little since Samba-2.2.x (up from 88 pages to 462 pages). While I'm on the subject, the HOWTO is being published by Prentice Hall as "The Official Samba-3 HOWTO and REference Guide", and it is 732 pages. There is a little more in there than in the document that is in the Samba CVS tree. PS: We went to a LOT of trouble to put out half decent information. Please let us know what we might have missed. That way we can get it in for the next major update. > I have a working LDAP userstore authenticating linux/unix logons and > freeradius. Samba is the last bit in a month-long project for centralized > authentication (due mid-next month *eep*) I hope you find what you are looking for. > In my latest exploits I got as far as authenticating users for share > access, (and ldap password sync, yay!) but I was unable to add machines > to the domain, which may be a group mapping issue (What was so bad about > "domain admin group"? :( ) Now you can map any UNIX group you want to an NT Domain Group. Is that worse than "domain admin group"? > I'm really just looking for some decent-recent (nearly idiot proof ;) ) > instructions on how to accomplish this. Let me see ... Hmmm. Nah, I'll resist the jest! Let me know if the HOWTO is as hopeless as it could be! After all, I wrote most of it with the lights out. :)))) > Thanks alot to anyone able to help, > "life saver" isn't the right term, but it's the first that comes to mind. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba