|
Samba-PDC LDAP howto20020105.01
Ignacio
Coupeau
CTI,
University of Navarra
Preliminary notes
- I hope this document can help: express our personal experience at
University of Navarra using Samba
and LDAP together; has
been written on the subject of PDC (NT Primary Domain
Controller) functionality in Samba with a LDAP server acting as a
centralized credentials repository. If you are looking for a pam-ldap
user validation for mounting shares, you can read the docs about --with-pam
configure option and the pam-ldap
docs. In a week I hope explain in a separate document the use of Samba
and ldap for PAM and nsswitch integration, but that is another topic.
- The PDC-LDAP functionality in Samba
has been tested here for two years here at the University of Navarra
with a complex environment: plus than 500 workstations, 15.000 users
and several Domains, roaming profiles, shares and a print quota system
all based in Samba. Now, the PDC-LDAP support is under development but
is available under the HEAD pre-2.1 branch. The
definitive version of Samba with LDAP support will come soon with the
Samba 2.2.x release. An important document about Samba
branches and future development lines.
- For Samba acting as PDC with LDAP support, two
approaches are available and roughly covered by this document:
- SAMBA_2_2,
HEAD (Samba-3) ready for ldap v.3 schemas
for NT and W2K/XP in mixed mode. If you need information about the
schemas evolution you can see the AD
schemas page.
- HEAD
pre-2.1 old, only for NT and ldap v.2, stable
we are been using in production environment about 2 years.
- TNG
The TNG was originally a branch containing the bleeding edge
developments in the Samba PDC implementation. As of 13/09/00 this
branch becomes a new project locate at http://www.samba-tng.org/.
- Several perl scripts has been added for populate the LDAP database
from /etc/passwd or private/smbpasswd files.
- Implementing the "Adding members to a group"
section, you can add/delete local accounts/groups, policies,...
- Also, as local Administrator you can grant admin privileges to a
Samba-PDC remote account (of course, the local NT-WS must be in the
Samba-PDC domain).
- Many thanks to Jean François Micouleau,Gerald Carter
and Jeremy Allison -and to the whole Samba Team- for
their work and patience.
Documentation
- This howto assumes you know the basic ldap administration tasks and
you know the official Samba-PDC
FAQ from the Samba Team documentation in pdf
or html
format.
- The chapters 21 and 22 of the book SAMS
Teach Yourself Samba in 24 hours (Gerald Carter with Richard
Sharpe, SAMS, 1st or 2nd edition); Using Samba (R.
Eckstein, D. Collier-Brown & P. Kelly, O'Reilly) may help.
- The chapter 20th of the book Special
Edition: Using Samba (Richard Sharpe, with Tim
Potter & Jim Morris, QUE), covers the LDAP stuff
for the old HEAD pre-2.1.
- The more recent documentation may be found in the distribution
tree in the docs/ directory:
samba/docs/Samba-HOWTO-Collection.pdf
samba/docs/htmldocs/
samba/docs/textdocs
|
|