Linux am LSG:
Serverkonfiguration
  Administration / Linux / Domänen unter Linux / Windows Domäne mit LDAP / Grundsätzliche Überlegungen / Quellenangabe /  
 

 

Samba-PDC LDAP howto20020105.01

Ignacio Coupeau
CTI, University of Navarra

 

Preliminary notes

  • I hope this document can help: express our personal experience at University of Navarra using Samba and LDAP together; has been written on the subject of  PDC (NT Primary Domain Controller) functionality in Samba with a LDAP server acting as a centralized credentials repository. If you are looking for a pam-ldap user validation for mounting shares, you can read the docs about --with-pam configure option and the pam-ldap docs. In a week I hope explain in a separate document the use of Samba and ldap for PAM and nsswitch integration, but that is another topic.
     
  • The PDC-LDAP  functionality in Samba has been tested here for two years here at the University of Navarra with a complex environment: plus than 500 workstations, 15.000 users and several Domains, roaming profiles, shares and a print quota system all based in Samba. Now, the PDC-LDAP support is under development but  is available under the  HEAD pre-2.1 branch. The definitive version of Samba with LDAP support will come soon with the Samba 2.2.x release. An important document about Samba branches and future development lines.
     
  • For Samba acting as PDC with LDAP support, two approaches are available and roughly covered by this document:
    • SAMBA_2_2, HEAD (Samba-3) ready for  ldap v.3 schemas for NT and W2K/XP in mixed mode. If you need information about the schemas evolution you can see the AD schemas page.
    • HEAD pre-2.1 old, only for NT and ldap v.2, stable we are been using in production environment about 2 years.
    • TNG The TNG was originally a branch containing the bleeding edge developments in the Samba PDC implementation. As of 13/09/00 this branch becomes a  new project locate at http://www.samba-tng.org/.
  • Several perl scripts has been added for populate the LDAP database from /etc/passwd or private/smbpasswd files.
  • Implementing the "Adding members to a group" section, you can add/delete local accounts/groups, policies,...
  • Also, as local Administrator you can grant admin privileges to a Samba-PDC remote account (of course, the local NT-WS must be in the Samba-PDC domain).
  •  Many thanks to Jean François Micouleau,Gerald Carter and Jeremy Allison -and to the whole Samba Team- for their work and patience.

Documentation

  • This howto assumes you know the basic ldap administration tasks and you know the official Samba-PDC FAQ from the Samba Team documentation  in pdf or html format.
  • The chapters 21 and 22 of the book SAMS Teach Yourself Samba in 24 hours (Gerald Carter with Richard Sharpe, SAMS, 1st or 2nd edition); Using Samba (R. Eckstein, D. Collier-Brown & P. Kelly, O'Reilly) may help.
  • The chapter 20th of the book Special Edition: Using Samba (Richard Sharpe, with Tim Potter & Jim Morris, QUE),  covers the LDAP stuff for the old HEAD pre-2.1.
  • The more recent documentation  may be found in the distribution tree in the docs/ directory:
      samba/docs/Samba-HOWTO-Collection.pdf
      samba/docs/htmldocs/
      samba/docs/textdocs