Fedora 3.4.8 PDC smbldap-tools integration with 10.6 ODM

[mosx86]

We’ve gotten pretty far along in our attempt to integrate a Samba 3.4.8 PDC into our Open Directory infrastructure. So far we are able to read account information directly from our test ODM, but have run into issues when it comes to adding users via the smbldap-tools to our ODM. The problem comes down to the schema Apple is using for its implementation of Samba. /etc/openldap/schema/samba.schema is based off of Samba v2.0.x and the tools are expecting a v 3.x implementation. There are quite a few object classes and entities that are in the new spec and not part of Apple’s implementation.

Apple’s schema extender relies upon some entries from the samba.schema extension so we can’t simply swap out schemas (and I am unsure if this is wise). Additionally when I attempt to add my own schema extender the objectclass and attributes are not showing up in the final schema. I’ve added the additional file to slapd.conf as an include and when I use slaptest it clears the test. Is there an additional step in extending the 10.6 openldap schema that I’m not aware of?

I’m curious if anyone else has attempted this?

[mosx86]

It is turning out to be a bit more complicated. After poking around we’ve done the following:

• Replaced Apple’s samba.schema with the schema included by our samba 3 installation on the PDC.
• Edited apple.schema to match the new Samba 3 attributes/objectclasses.
• Edited slapd_macosxserver.conf to match apple.schema changes.

When slapd is relaunched, the new objectclasses and attributes are not visible in the schema. Since we had pre-populated the ODM with test users, we thought that since the database had been created our modifications to the schema were not sticking (have not found documentation for or against that notion). We decided to demote the ODM to standalone and promote back ODM to recreate the database, but we then discovered that both slapd.conf and slapd_macosxserver.conf files are destroyed and recreated.

After scouring the system drive, I am unable to locate any master files these may be pulled from.

Any ideas?

[abalamut]

Hello, I have the same setup expect I have Ubuntu server (but I think it does not matter).
I would like setup addition file server for our win users, with samba & authentication from OD.
In my Ubuntu box I setup ldap to look to OD & it works. I even modify nsswitch & PAM. I can “getent passwd” & see my OD users, also I setup netatalk on the same box, configure kerberos & I able login to netatalk server using OD credentials. Everything is working expect samba…

I did a little research & found this:
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html
samba docs says that Unix(Linux) password & windows passwords stores in different ways, thats why samba use its own passed db.
“Many people ask why Samba cannot simply use the UNIX password database. Windows requires passwords that are encrypted in its own format. The UNIX passwords can’t be converted to Windows-style encrypted passwords. Because of that, you can’t use the standard UNIX user database, and you have to store the LanMan and NT hashes somewhere else.”
So where is password stores in OD? I don’t know. When I check samba configuration file from ox server, there is a line
passdb backend = odsam
using man it is not hard to understand that it is “pdb_odsam – Open Directory account information database for smbd”
As far as I know it is not open source Apple solution to read account information from from OD to samba.

So the main question is – is it possible bind some linux server to OD, setup samba to win users & use credentials dorm OD to authenticate users (kerberos preferred)?

I also found this article on the web
http://blog.irisproservices.com/2010/01/26/using-apple’s-open-directory-pdc-to-authenticate-linux-samba-servers/
I try this setup with no luck, also I post some question, but my comment awaiting for moderation for a some days.

If some one have the setup, please help me

Alex

[Author]

Posts