[K12OSN] Samba and LDAP integration questions

David Trask dtrask at vcsvikings.org
Sat Jan 28 05:26:34 UTC 2006

"Support list for opensource software in schools." <k12osn at redhat.com> on
Friday, January 27, 2006 at 9:31 PM +0000 wrote:
>Hi all,
>I'm working on a project to integrate a Samba PDC with an LDAP Server
>for authentication for K12LTSP terminals.  This would all be on one
>machine which would also be the file server for the users home
>directories.  This would allow for Roaming Profiles.

I'm a little confused...one machine for holding the authentication and
users home directories and another machine as the K12LTSP server...or one
machine for both?  If you go with a seperate server to hold the user
info....in other words the LDAP server....you can then have many K12LTSP
servers all pointing to this one authentication/home dir server.
>All the talk thus far on the list has been on using the smbldap scripts.
>I've taken a look at the instructions for installation but I was hoping
>to replicate the methodology and potentially using different components.
>Namely, I want to use Fedora Directory Server as the LDAP server.

do you need to have Windows workstations involved?  If not...don't bother
with smbldap....feel free to use FDS.  Samba/LDAP is what many of us have
to use to set up a common PDC/LDAP server for our mixed environments.  The
samba integration with FDS is not as mature as smbldap at this point which
is why many of us are using it.  Matt and I developed it
(smbldap-installer) out of a need to provide open source centralized
authentication for mixed networks.  In my case my Samba/LDAP server is my
PDC thus all my Windows servers and workstations suthenticate to it and it
houses the Windows roaming profiles...as well as my Linux servers...in
particular my K12LTSP servers point to it for authentication and NFS
mounted home directories (/home is exported from the Samba/LDAP server)
>I'm fairly new to the K12LTSP project so I have a few questions I hope
>could be answered.
>Why is a Samba PDC used instead of Posix user attributes?  Is this just
>to allow MS Windows workstations or is there an advantage for the
>K12LTSP terminals to work with Samba?

simply to accomodate Windows....Windows uses Samba and Linux uses the
openldap...yes they are integrated, but that's the seperation simply put. 
If Windows was not part of the equation then OpenLDAP would simply be
enough....for the most part.
>If a Samba PDC is not required then it's a matter of authenticating
>logon off the LDAP server and perhaps auto-mounting the users home
>directory off the file server using NFS.

Yes....piece of cake....and FDS should make this simple.
>Is this the correct approach?  If so/If not, is there a standardized way
>of doing this without writing custom scripts?  Is there a standard way
>of tying LDAP authentication with Roaming Profiles with a Samba PDC or
>Part of this installation involves writing documentation.  I'm not sure
>the extent of the documentation, but I'm looking to Open Source it to
>the community.
>Thanks for your help,
>Member of the Board of Directors HOSEF (http://hosef.org)

Let us know exactly what the layout is of what you're trying to do and we
can help....MANY of us are now running smbldap installations and have lots
of experience with centralized authentication as a result.  Also...Samba 4
may turn out to be the holy grail in some respects....keep us posted  :-)

David N. Trask
Technology Teacher/Director
Vassalboro Community School
dtrask at vcsvikings.org

More information about the K12OSN mailing list