[LDAP-interop] Distro / Setup Suggestions

Buchan Milne bgmilne at obsidian.co.za
Tue Aug 16 02:45:10 EDT 2005 

On Mon, 15 Aug 2005, Ron Wheeler wrote:

> I am not sure how much this helps you but I am using samba as a client 
> to ADS with pam under Mandriva 10.1.
> 
> Was not hard to set up and the pam works well.
> 
> I have not set up openLDAP since my box is not a PDCorBDC - just an 
> innocent bystander.
> I am not sure how recent the version of openLDAP that ships with 
> Mandriva is but generally things hold together pretty well.
> 

Usually, whatever was stable at the time we hit version freeze. However, 
we normally package a more up-to-date version (which can be installed in 
parallel) in contrib (ie 10.1 shipped 
with 2.1.25 IIRC, but with 2.2.13 or so in contrib), current cooker has 
2.2.27, with 2.3.4 in contrib. Additionally, I try and ensure that the 
packages will rebuild cleanly on older distributions.

We also try and address some issues which experienced users may know 
about, but which newbies often miss ...

> 
> Peter Stickney wrote:
> 
> > All -
> >
> > I am at a < 100 person company.  Our goal is to eliminate an aging NT4 
> > Domain Controller and replace it with a shiny new Linux Domain 
> > Controller.  Our idea is samba with an openldap backend, to really 
> > centralize our employee information.  This would be the PDC and we 
> > would eventually make a BDC.
> >
> > We have Slackware running on a few other servers and it is our distro 
> > of choice.  Ive got OpenLDAP 2.3.4 running on one of these Slackware 
> > 10.1 with 2.6.12.3 kernel and samba 3.0.14.  OpenLDAP seems to be up 
> > and running fine.  Using phpldapadmin to administer, after some 
> > initial command line additions.  Anyway, I added some initial entries 
> > and was able to hook up Thunderbird ( windows ) and Outlook 2000 to 
> > the ldap server.  I considered that a victory on my end.
> >
> > As I said, our goal was to have samba with an openldap backend ( and 
> > maybe have openldap use mysql as its backend ) be our PDC as well as 
> > Employee LDAP directory.  However, with Slackware's non-support of 
> > PAM, I am finding it increasingly difficult to realize this goal. 

As others have said, samba doesn't need PAM> However, if you will be using 
your LDAP server as more than just a passdb backend for samba, you will 
most likely want to be able to authenticate additional services to your 
LDAP serer, in which case PAM may be useful (ie for UW-IMAP or similar 
servers which don't have native LDAP support, but do have PAM support).

Regarding the samba aspects, not all distributions ship with the tools 
required to glue theings together to make all features work as intended 
... Mandriva does, including examples in the default smb.conf (for 'add 
user script','add machine script'etc) which should work out-the-box (once 
you have configured the smbldap-tools etc, given samba an LDAP dn to 
use, set its password with 'smbpasswd -w <password>' and joined the NT4 
domain, you should be able to migrate the domain by running 'net rpc 
vampire).

> >
> > Where I would like to stick to Slack because it is what we run on our 
> > other linux servers, I am willing to accept that it might not be the 
> > right distro for the job.  Was wondering if anyone had any insight to 
> > getting all this to work on Slack, or if not, what the best distro for 
> > the job might be.
> >

Any distribution can be used successfully, the question is just how much 
time you want to invest in implementing something on Slackware which works 
with minimal effort on other distributions. Since we don't know enough 
about ou your environment nment to give a recommendation, all I can say is 
that I have been deploying samba/LDAP domain controllers  on Mandrake 
since abot 8.0 (in the days of samba 2.2.5, openldap-2.0.x), and have 
tried to make it as easy as possible (although, if you want it *really* 
easy, you have to pay: http://www.mandriva.com/switch), and additionally, 
we try to have as many other tools LDAP-ready (bind, dhcp, sudo etc etc).

Regards,
Buchan

_______________________________________________
LDAP-interop mailing list
LDAP-interop at fini.net
http://lists.fini.net/mailman/listinfo/ldap-interop

More information about the LDAP-interop mailing list