samba/ldap/nss
OK - I've decided to look into using a debian box as a PDC using a
combination of samba and openldap (this is on sid).
I decided to start by getting users into ldap.
So - slapd is running. The samba schema is available. nsswitch.conf has
ldap for the passwd, group and shadow settings. pam has ldap as
sufficient for common-auth, common-password and common-account.
Now - I found the migration tools from padl.com (referenced in the
samba-doc LDAP examples files). These convert /etc/passwd, shadow, group
etc.
Things I'm not so sure about:
1) If users and groups are moved into ldap - what about aptitude
installation of packages that add either a user or a group - will these
auto-add into ldap or just into the /etc files?
2) What about system users - I had thought only to insert real people -
but - I see that the migration tools convert the whole file, root
included. What is the recommended way here? I mean - I feel dodgy about
only having root in ldap - what if slapd breaks - this is running on
unstable after all.
3) Groups - should I stick all groups in ldap (same as q 2 really this).
I know that getent passwd | grep chris now shows 2 entries - so it is
finding both ldap and /etc/passwd - so that's good :)
Oh - one other question - I had made a start on the smb stuff. One site
I found suggested setting the passwd (smbpasswd -w) for the admin user.
Now sudo requires two passwords to log in - any pointers for a debian
specific howto for samba pdc would be nice :) I'm working thru the samba
docs - but it doesn't quite seem to fit.
--
Chris
Reply to: