[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Samba+LDAP+PDC
hi,
I'm in the same boat as the last user Jason, but I have me in as a user
and get:
May 23 14:36:39 robson slapd[8687]: conn=130 op=18 SRCH base="dc=jsthrower,dc=co
m" scope=2 filter="(&(objectClass=posixAccount)(uid=KAMLOOPS\5Cjleach))"
I don't think that is right. My domain is Kamloops and that will not match
any uid; uid is just 'jleach'.
Any ideas.
j.
On Thu, May 15, 2003 at 11:46:45PM +0200, Markus Schabel wrote:
> Jason Williams wrote:
> >Hello everyone.
> >
> >Well, I have been working very hard lately, trying to get a server up to
> >act as our Samba PDC with LDAP. So far, everything seems to be working
> >well. I've been able to get samba 2.2.8 and openldap 2.0.27 installed
> >with no problems. I've setup my config files (ldap.conf, slapd.conf,
> >smb.conf) as well as added some initial entries to the LDAP directory.
> >
> >I've been able to add a user to the directory and set the password for
> >that user.
> >
> >This is where I wanted to ask some questions:
> >
> >Now, let me try and explain what I want to do:
> >
> >As it is now, our network is setup in a workgroup, with 30+ users. I
> >want all of our users to be able to join the Domain/Samba PDC. They will
> >not be using roaming profiles, just login to their workstation into the
> >Domain.
> >
> >What I am trying to understand is the best way to go about adding my
> >users to the domain as well as authenticating against the domain. It may
> >seem vague, but im a little confused here myself.
> >
> >I thought i'd post some of my initial entries and go from there. Here goes:
> >
> ># mycompany, com
> >dn: dc=mycompany,dc=com
> >objectClass: top
> >objectClass: domain
> >dc: mycompany
> >description: mycompany comanization
> >
> ># Groups, mycompany, com
> >dn: ou=Groups,dc=mycompany,dc=com
> >objectClass: top
> >objectClass: organizationalUnit
> >ou: Groups
> >description: System Groups
> >
> ># Users, mycompany, com
> >dn: ou=Users,dc=mycompany,dc=com
> >objectClass: top
> >objectClass: organizationalUnit
> >ou: Users
> >description: Users of the comanization
> >
> ># Computers, mycompany, com
> >dn: ou=Computers,dc=mycompany,dc=com
> >objectClass: top
> >objectClass: organizationalUnit
> >ou: Computers
> >description: Windows Domain Computers
> >
> ># Domain Admins, Groups, mycompany, com
> >dn: cn=Domain Admins,ou=Groups,dc=mycompany,dc=com
> >objectClass: posixGroup
> >gidNumber: 200
> >cn: Domain Admins
> >memberUid: administrator
> >description: Windows Domain users
> >
> ># Domain Users, Groups, mycompany, com
> >dn: cn=Domain Users,ou=Groups,dc=mycompany,dc=com
> >objectClass: posixGroup
> >gidNumber: 201
> >cn: Domain Users
> >description: Windows Domain Users
> >
> ># Administrators, Groups, mycompany, com
> >dn: cn=Administrators,ou=Groups,dc=mycompany,dc=com
> >objectClass: posixGroup
> >gidNumber: 220
> >cn: Administrators
> >description: Windows Domain Members can administer the computer and Domain
> >
> >That is just some initial entries. Here is what I have questions about:
> >
> >I am going to have about 3-4 groups. For instance, officers, processors
> >and admin.
> >Now, I need to add my users to the PDC. From what I have read, not only
> >do I need to add my users to the PDC, but a machine/computer account as
> >well, correct?
>
> yes
>
> >So, my question is what is the best way to add my users to the PDC and
> >their machine accounts?
>
> the machine accounts can be created automatically when they join the
> domain, for the user accounts i'd suggest the smbldap-tools from
> http://samba.idealx.org or your own-cooked-perl-scripts...
>
> >Secondly, as you can see in my LDAP directory above, I have some initial
> >entires. I am unclear as how to add my users to the server and LDAP and
> >make sure they go into the correct group and correct part of the LDAP
> >Directory. That make sense? For example, if I have a user named Todd
> >that needs to go into the group "officers" how would I go about doing that?
>
> adding objectClass posixGroup and using Attribute "memberUid" for the
> user todd. (exactly specifying the uid of the user as value of the
> attribute memberUid)
>
> >Lastly, (for now :) ) when I go around to my Windows 2000 workstations
> >to have my users join the domain, from some prior testing, once I change
> >it from a workgroup to a domain, a username and password box will pop
> >up. What username and password must I use here? Is it what I have
> >specified in my slapd.conf and smb.conf: "cn=Manager,dc=company,dc=com"
>
> you have an objectClass "sambaAccount" which has an uid (=username) and
> two password strings (lmPassword for win9x and ntPassword for nt/2k/xp).
> these two are used for authentication.
>
> >I appreciate everyone's help.
> >
> >Thank you!
> >Best,
> >
> >Jason
>
> take a look at the documentation at http://samba.idealx.org/ and google.
> and probably switching to the samba-list would be helpful ;)
>
> regards
> --
> \\\ ||| /// _\=/_
> ( @ @ ) (o o)
> +--------oOOo-(_)-oOOo--------------------------oOOo-(_)-oOOo------+
> | Markus Schabel TGM - Die Schule der Technik www.tgm.ac.at |
> | IT-Service A-1200 Wien, Wexstrasse 19-23 net.tgm.ac.at |
> | markus.schabel@tgm.ac.at Tel.: +43(1)33126/316 |
> | markus.schabel@members.fsf.org Fax.: +43(1)33126/154 |
> | FSF Associate Member #597, Linux User #259595 (counter.li.org) |
> | oOOo Yet Another Spam Trap: oOOo |
> | ( ) oOOo yast@tgm.ac.at ( ) oOOo |
> +--------\ (----( )--------------------------\ ( -----( )-----+
> \_) ) / \_) ) /
> (_/ (_/
>
> Computers are like airconditioners:
> They stop working properly if you open windows.
>
>
--
......................
..... Jason C. Leach
..
Current PGP/GPG Key ID: 43AD2024