Samba-LDAP on Debian: Difference between revisions

From DWIKI
 
Line 1: Line 1:
==Software to install==
sxqA4R <a href="http://peoscpbkcyku.com/">peoscpbkcyku</a>, [url=http://jxngemqjslmu.com/]jxngemqjslmu[/url], [link=http://wtdgwfhrhgqe.com/]wtdgwfhrhgqe[/link], http://pyexelnynres.com/
===samba-common===
===samba-doc===
===slapd===
  apt-get install slapd
choose admin password
dpkg-reconfigure slapd
Go with the defaults
===libpam-ldap===
apt-get install libpam-ldap
Go with defaults, except for dc values.
For Root login account use cn=admin instead of cn=manager.
===libnss-ldap===
apt-get install libnss-ldap
Go with defaults, except for dc values.
For Root login account use cn=admin instead of cn=manager. Fix the base dc= line in /etc/libnss_ldap.conf.
 
See /usr/share/doc/libnss-ldap/examples/nsswitch.ldap
 
Update /etc/nsswitch.conf
passwd: compat ldap
group: compat ldap
 
===[[smbldap-tools]]===
apt-get install smbldap-tools
Run '''net getlocalsid''' and save the output.
Read /usr/share/doc/smbldap-tools/README.Debian.
In '''/etc/smbldap-tools/smbldap.conf''' configure:
*SID
*sambaDomain
*suffix
*sambaUnixIdPooldn
*userSmbHome
*userProfile
*userHomeDrive
*mailDomain
 
/etc/pam.d/common-account
account sufficient pam_ldap.so debug
account required pam_unix.so debug
 
/etc/pam.d/common-auth
auth [success=1 default=ignore] pam_unix.so try_first_pass debug
auth required pam_ldap.so use_first_pass debug
auth required pam_permit.so
 
/etc/pam.d/common-password
password  required  pam_unix.so nullok obscure min=4 max=8 md5
password sufficient pam_ldap.so try_first_pass debug
 
/etc/pam_ldap.conf
host 127.0.0.1
base dc=example,dc=com
ldap_version 3
rootbinddn cn=admin,dc=example,dc=com
pam_password crypt
 
 


==BUGS==
==BUGS==

Latest revision as of 19:23, 28 February 2009

sxqA4R <a href="http://peoscpbkcyku.com/">peoscpbkcyku</a>, [url=http://jxngemqjslmu.com/]jxngemqjslmu[/url], [link=http://wtdgwfhrhgqe.com/]wtdgwfhrhgqe[/link], http://pyexelnynres.com/

BUGS

  • libpam-ldap
    • debconf should be able to provide/suggest already used dc values like slapd debconf does
    • Root login account should be cn=admin?
  • libnss-ldap
    • debconf should be able to provide/suggest already used dc values like slapd debconf does
    • in fact it should use same config as libpam-ldap or at least look at it
    • debconf sets base dc=padl,dc=com
  • smbldap-tools
    • README.Debian mentions 3. Optionally add indexes to optimize SAMBA access. This is not optional, leaving it out causes smbldap-populate to fail miserably.
    • README.Debian tells to run net getlocalsid after changing samba config. This is wrong, since at that point the command will fail untill evertything is configured and working. This should be a job for debconf anyway.

FAQ

failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499

rootpw and rootdn in slapd.conf is mandatory, and must match smbldap_bind.conf.

Links

Retrieved from "https://wiki.dhits.nl/index.php?title=Samba-LDAP_on_Debian&oldid=3825"