[K12OSN] Re: lessons learned on smb/ldap setup in centos4 (Robert Moskowitz)

Matt Oquist moquist at majen.net
Tue Aug 1 18:18:54 UTC 2006 

> Date: Mon, 31 Jul 2006 12:16:04 -0400
> From: "Robert Moskowitz" <rgm at htt-consult.com>
> Subject: Re: [K12OSN] lessons learned on smb/ldap setup in centos4
> 
> After a long detour stepping my way into Linux (like first moving DNS 
> and Mail from NT server to Linux), I am back at converting my NT domain 
> to Linux.
> 
> I am committed to Centos, which is now at 4.3 and very soon at 4.4.
> 
> So I see that Centos is still not listed as a supported platform, but 
> then RedHat Enterprise is not listed either....
> Is the script mods listed below still apply (months later and newer 
> versions)?

Just use the 'fc5' option, and when it complains about not being able
to install something, find that package manually and install it. Then
re-run the script and everything should be fine.

I *believe* it's only one package that you'll have to find manually;
once you figure out which on it is shoot me an email -- or, better
yet, add a note to the wiki on a CentOSNotes page.

> > Then I did the CPAN Bundle::install thing

This shouldn't be necessary; there are RPMs available for all the
required packages.

> > Next, I ran the script(make all) and noted all the rpms it could not 
> > find.
> I ASSuME that if I am missing some, getting them (I use yemex and have 
> DAG repos included) and restarting causes no harm.

Precisely.

> > I then Went to the DAG (weirs) Site
> > http://dag.wieers.com/packages/ And downloaded any packages that the 
> > script said that were missing and
> > dependencies that the rpms called for.  Once all the packages were
> > installed and the script completed successfully, I rebooted.
> > At this point ldap  seemed to consistantly fail. Go into the 
> > /etc/openldap/ldap.conf and delete the TLS entry. Then I start ldap,

That's odd and interesting...I don't believe this happened at the
Gould NELS, where CentOS was used during the Samba/LDAP session.

> > 4. Originally setting the file server up on a different network. I just
> > couldn't seem to figure out how to combat that, soooo I reloaded on the
> > network that it was going to be on and that cured many little issues.
> This is a 'real' concern with me.  I am replacing an NT domain PDC, and 
> I do not want to play with names.

It's changing IP addresses that threw Mark off, I believe, and that
makes sense. The IP address is in several Samba/LDAP config files, so
if you change the system IP address you have several files to hunt
down and modify.

> So I have set up a separate network where I can install, the IP 
> addresses are changed slightly, I hope this will not be a problem?  I 
> have my host.conf  going to my hosts file before bind, and I have my 
> server setup in the hosts file....

If you use hostnames instead of IP addresses when you run the
configuration portion of the smbldap-installer, then you should be
fine as long as those hosts are set in /etc/hosts.

Would you mind adding this to the smbldap-installer documentation
wiki? (Linked from http://majen.net/smbldap/) It would be great if
other people knew how to do this.

> If I have to set up a whole dummy DNS, I can, I have done it for things 
> like unlocking PAP2 boxes...

This should only be necessary for the master/slave LDAP servers
themselves.

You may need to change /etc/exports yourself later if you change your
IP address scheme, but using the smbldap-installer to help set up your
export of /home is completely optional, anyway.

> > 5. Paying attention to were the smbldap tools are located and adjusting
> > the script and or tools location to make it work.
> Would like to know more on this one.

The smbldap-installer tries to figure out where the smbldap-tools
scripts get installed (the are usually not in $PATH on RH-based
systems) and use them there. If they show up in a location that the
script can't find, see distro_data.pm and add another entry with the
correct path to @smbldap_tools_path, and then (please!) email me about
it.

> Should I just proceed?  There was a comment early in the install about 
> being back-leveled and to do some update or other, but it scrollled off 
> the screen.

My preference is always to use the package management system to
install everything, but if you got your dependencies this way, it's
probably fine. :)

Beware of samba-3.0.23, which causes people problems on FC5; you may
automatically get it when you update your system.

--matt

--
Open Source Software Engineering Consultant
http://majen.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/k12osn/attachments/20060801/4d7cadd5/attachment.sig>

More information about the K12OSN mailing list