Re: RFT: samba-ldap

To: Debian Edu Mailinglist <debian-edu@lists.debian.org>
Subject: Re: RFT: samba-ldap
From: Maximilian Wilhelm <max@rfc2324.org>
Date: Mon, 12 Apr 2004 15:11:08 +0200
Message-id: <[🔎] 20040412131107.GB486@rfc3514.org>
Mail-followup-to: Debian Edu Mailinglist <debian-edu@lists.debian.org>
In-reply-to: <[🔎] 20040412084528.GA1289@bzzware.org>
References: <[🔎] 20040409142940.GA5975@bzzware.org> <[🔎] 20040412084528.GA1289@bzzware.org>

Am Montag, den 12. April hub Finn-Arne Johansen folgendes in die Tasten:

> Why do we need an ldap-enabled samba ? 

To have all items stored in *one* database so we do *not* have to care
about synchronizing two or more databases.

> Well actually, we don't :) 

If you want to handle this, go ahead...

[...]
> Then I added a workstation to my test-network, added samba, with a
> smb.conf set up to join a domain
> (http://developer.skolelinux.no/~finnarne/smb-ws.conf)
> The workstation hadd to be joined to the domain: 
>  smbpasswd -j SKOLELINUX -U root -r tjener
> I had to use the samba-root-password previously assigned on the
> main-server

> Then I could access the share on the workstation from Win2k

Sure this works, but what does your workstation do?
It asks the Domain Master Server via SMB if the user data is correct.
This is the behavior that all windows or "windows" machines do, if they
are joined to a domain.

> So, the bottom line is
> We don't have to store our samba accounts in ldap to be able to use the
> same samba acount on multiple servers. 

Of corse we do not _have_ to do that, but what do we lose if we do so?

> So why do we need to have ldap in our samba ? I dont think we need it.
> I think the problem is that Last time I tested, I was bit by nscd,
> which caches non-existing passwords for 20 sec. And also the smb.conf
> on the second server has to be slightly different set up, to achieve
> the use of a central smbpasswd. 

> Any thoughts ??

With this setup we got two databases in which userinformation is stored
 * LDAP for Unix-aata
 * smbpasswd for samba-data

So now, we have to worry about providing integrity of this databases;
e.g. if you delete a user you do not only have to delete a object out
of the LDAP tree, you have to delete his entry in the smbpasswd file.

As I remember some talks in Oslo in Sommer of 2003, I think of
statements like "onyl use on DB" and "donŽt want to care of data
integrity"...
I donŽt want to care about handling many DBs with user information,
because noone knows which could be "outsourced" next...

> BTW: to use WinXP, you need to apply this patch: 
> (http://developer.skolelinux.no/~finnarne/WinXP_SignOrSeal.reg)

To avoid that samba 3 could come to mind.

Max
-- 
	May the penguin be with you!

Reply to:

References:
- RFT: samba-ldap
  - From: Finn-Arne Johansen <faj@bzz.no>
- Re: RFT: samba-ldap
  - From: Finn-Arne Johansen <faj@bzz.no>

Prev by Date: Cleaning up the help-text in WLUS 1.2-16
Next by Date: Re: Some questions about translation
Previous by thread: Re: RFT: samba-ldap
Next by thread: Re: RFT: samba-ldap
Index(es):
- Date
- Thread