Re: RFT: samba-ldap

To: Debian Edu Mailinglist <debian-edu@lists.debian.org>
Subject: Re: RFT: samba-ldap
From: Finn-Arne Johansen <faj@bzz.no>
Date: Mon, 12 Apr 2004 10:45:28 +0200
Message-id: <[🔎] 20040412084528.GA1289@bzzware.org>
In-reply-to: <[🔎] 20040409142940.GA5975@bzzware.org>
References: <[🔎] 20040409142940.GA5975@bzzware.org>

On Fri, Apr 09, 2004 at 04:29:40PM +0200, Finn-Arne Johansen wrote:
> I have recompiled samba-2.2.3a from debian.security.org with
> ldap-support.
> I have also created a samba-ldap package to bind the samba-package to
> the one compiled with ldap-support.

Well as noone has replied, I assume noone cares about samba. SO here I
go again. (or maybe its just easter :) )

Why do we need an ldap-enabled samba ?

Well actually, we don't :)

I've tested a bit with the samba that is in woody (from security.d.o),
and looked at what we get if we add ldap to samba. What we actually
gets is that we need to have an extra account that is allowed to write
to the ldap-backend. We (or some of us) thought that we needed to store
the samba-account in ldap, to be able to use them with multiple samba
servers.

Well, I've done a bit testing. And here is what I've found out.

Woody-2.2.3a (without ldap, installed right out of the box)
A standard smb.conf
(http://developer.skolelinux.no/~finnarne/smb-tjener.conf)
Stopped nscd (this one seems to be causing us some trouble)
Setting the password for root, by using
smbpasswd root
Added a user to ldap using WLUS, This actually creates an entry for the account in /etc/samba/smbpasswd
Booting my laptop into Win2K.
Joining the domain, using the root account.

Then I added a workstation to my test-network, added samba, with a
smb.conf set up to join a domain
(http://developer.skolelinux.no/~finnarne/smb-ws.conf)
The workstation hadd to be joined to the domain:
smbpasswd -j SKOLELINUX -U root -r tjener
I had to use the samba-root-password previously assigned on the
main-server

Then I could access the share on the workstation from Win2k

So, the bottom line is
We don't have to store our samba accounts in ldap to be able to use the
same samba acount on multiple servers.

So why do we need to have ldap in our samba ? I dont think we need it.
I think the problem is that Last time I tested, I was bit by nscd,
which caches non-existing passwords for 20 sec. And also the smb.conf
on the second server has to be slightly different set up, to achieve
the use of a central smbpasswd.

Any thoughts ??

BTW: to use WinXP, you need to apply this patch:
(http://developer.skolelinux.no/~finnarne/WinXP_SignOrSeal.reg)

--
Finn-Arne Johansen
faj@bzz.no
http://bzz.no/

Reply to:

Follow-Ups:
- Re: RFT: samba-ldap
  - From: Maximilian Wilhelm <max@rfc2324.org>
- Re: RFT: samba-ldap
  - From: Markus Schabel <markus.schabel@tgm.ac.at>
- RFT: samba-ldap
  - From: Petter Reinholdtsen <petter.reinholdtsen@usit.uio.no>

References:
- RFT: samba-ldap
  - From: Finn-Arne Johansen <faj@bzz.no>

Prev by Date: The WLUS 1.2-16 need more cleaning :-)
Next by Date: Cleaning up the help-text in WLUS 1.2-16
Previous by thread: RFT: samba-ldap
Next by thread: Re: RFT: samba-ldap
Index(es):
- Date
- Thread