Linux integration with OSX (Open Directory + Samba 3 – as PDC)

[Vuong]

I realize that I have the unlimited client license for OSX Server, but I would like to get more performance out of my OSX server by separating Home Directories and Group Directories i.e. file services to a distributed Linux server running Samba 3.x.

The questions I have are focused on this:
How does one integrate Linux Samba 3.x into Open Directory / Samba such that
1. Users can use their Open Directory accounts to access the Linux samba server without having to relogon or authenticate.
2. Can Linux Samba be configured to communicate to the OSX 10.4.8 Server to lookup account information against the OpenDirectory (OpenLDAP)?
3. Or Does the Linux Samba Server look at the OSX Server (Open Directory /PDC) server as a PDC under a given domain– defined under OSX?

My clients authenicating against the server are only XP
Thanks!
Vuong

[Jonesy16]

Did you ever figure out a solution to this? I’m struggling with the same thing here.

[bomek]

I’m trying to do that with 10.5.6. No luck. I tried to join the OD PDC with samba, but it’s doesnt work. The same config work perfectly on a non-OD PDC…

[abalamut]

Hello, I have the same setup expect I have Ubuntu server (but I think it does not matter).
I would like setup addition file server for our win users, with samba & authentication from OD.
In my Ubuntu box I setup ldap to look to OD & it works. I even modify nsswitch & PAM. I can “getent passwd” & see my OD users, also I setup netatalk on the same box, configure kerberos & I able login to netatalk server using OD credentials. Everything is working expect samba…

I did a little research & found this:
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html
samba docs says that Unix(Linux) password & windows passwords stores in different ways, thats why samba use its own passed db.
“Many people ask why Samba cannot simply use the UNIX password database. Windows requires passwords that are encrypted in its own format. The UNIX passwords can’t be converted to Windows-style encrypted passwords. Because of that, you can’t use the standard UNIX user database, and you have to store the LanMan and NT hashes somewhere else.”
So where is password stores in OD? I don’t know. When I check samba configuration file from ox server, there is a line
passdb backend = odsam
using man it is not hard to understand that it is “pdb_odsam – Open Directory account information database for smbd”
As far as I know it is not open source Apple solution to read account information from from OD to samba.

So the main question is – is it possible bind some linux server to OD, setup samba to win users & use credentials dorm OD to authenticate users (kerberos preferred)?

I also found this article on the web
http://blog.irisproservices.com/2010/01/26/using-apple’s-open-directory-pdc-to-authenticate-linux-samba-servers/
I try this setup with no luck, also I post some question, but my comment awaiting for moderation for a some days.

If some one have the setup, please help me

Alex

[newtron35]

Have you thought about going this way? We implement this setup in schools using multiple systems. We just use LDAP and NFS to authenticate and mount home files. File permissions get passed via LDAP.

First we set up Open Directory / LDAP with the homes set to NFS and allow it to export it to our LTSP servers. Just use Workgroup manager and set your accounts just as you would for any other mac configuration including login as /bin/bash.

Once you have your accounts set up on the Mac server, configure your linux boxes to authenticate to an LDAP server. Each flavor of linux is a little different, but you’ll need to configure your search base (dc=example,dc=com), the uri ldap (which points to your server), and set your bind policy=soft. Just follow a cookbook for setting up a LDAP client (should be able to google). After you do this you should be able to log in but it should also give you a message about home folders. Some will show you the path that is expected.

Next, mount your NFS homefiles onto you linux box via fstab. In Ubuntu, you’ll need to install nfs-common and a couple of other things. For example: the homefiles (called Student_home) are exported on /Network/Servers/my.example.com/Student_home.

Now you should be able to log in to your linux box and mount your home files automatically.

SMB will handle the homefiles when they authenticate via windoze.

Hope this helps.
Nathan

[Author]

Posts