Samba-LDAP on Debian: Difference between revisions
From DWIKI
(→Links) |
|||
| Line 20: | Line 20: | ||
group: compat ldap | group: compat ldap | ||
===smbldap-tools=== | ===[[smbldap-tools]]=== | ||
apt-get install smbldap-tools | apt-get install smbldap-tools | ||
Run '''net getlocalsid''' and save the output. | Run '''net getlocalsid''' and save the output. | ||
| Line 46: | Line 46: | ||
password required pam_unix.so nullok obscure min=4 max=8 md5 | password required pam_unix.so nullok obscure min=4 max=8 md5 | ||
password sufficient pam_ldap.so try_first_pass debug | password sufficient pam_ldap.so try_first_pass debug | ||
==BUGS== | ==BUGS== | ||
Revision as of 16:30, 20 March 2007
Software to install
samba-common
samba-doc
slapd
apt-get install slapd
choose admin password
dpkg-reconfigure slapd
Go with the defaults
libpam-ldap
apt-get install libpam-ldap
Go with defaults, except for dc values. For Root login account use cn=admin instead of cn=manager.
libnss-ldap
apt-get install libnss-ldap
Go with defaults, except for dc values. For Root login account use cn=admin instead of cn=manager. Fix the base dc= line in /etc/libnss_ldap.conf.
Update /etc/nsswitch.conf
passwd: compat ldap group: compat ldap
smbldap-tools
apt-get install smbldap-tools
Run net getlocalsid and save the output. Read /usr/share/doc/smbldap-tools/README.Debian. In /etc/smbldap-tools/smbldap.conf configure:
- SID
- sambaDomain
- suffix
- sambaUnixIdPooldn
- userSmbHome
- userProfile
- userHomeDrive
- mailDomain
/etc/pam.d/common-account
account sufficient pam_ldap.so debug account required pam_unix.so debug
/etc/pam.d/common-auth
auth [success=1 default=ignore] pam_unix.so try_first_pass debug auth required pam_ldap.so use_first_pass debug auth required pam_permit.so
/etc/pam.d/common-password
password required pam_unix.so nullok obscure min=4 max=8 md5 password sufficient pam_ldap.so try_first_pass debug
BUGS
- libpam-ldap
- debconf should be able to provide/suggest already used dc values like slapd debconf does
- Root login account should be cn=admin?
- libnss-ldap
- debconf should be able to provide/suggest already used dc values like slapd debconf does
- in fact it should use same config as libpam-ldap or at least look at it
- debconf sets base dc=padl,dc=com
- smbldap-tools
- README.Debian mentions 3. Optionally add indexes to optimize SAMBA access. This is not optional, leaving it out causes smbldap-populate to fail miserably.
- README.Debian tells to run net getlocalsid after changing samba config. This is wrong, since at that point the command will fail untill evertything is configured and working. This should be a job for debconf anyway.
