[K12OSN] Samba and LDAP integration questions
julian_yap at yahoo.com
Sat Jan 28 08:28:40 UTC 2006
Thanks for your quick reply. See below:
On Sat, 2006-01-28 at 00:26 -0500, David Trask wrote:
> "Support list for opensource software in schools." <k12osn at redhat.com> on
> Friday, January 27, 2006 at 9:31 PM +0000 wrote:
> >Hi all,
> >I'm working on a project to integrate a Samba PDC with an LDAP Server
> >for authentication for K12LTSP terminals. This would all be on one
> >machine which would also be the file server for the users home
> >directories. This would allow for Roaming Profiles.
> I'm a little confused...one machine for holding the authentication and
> users home directories and another machine as the K12LTSP server...or one
> machine for both? If you go with a seperate server to hold the user
> info....in other words the LDAP server....you can then have many K12LTSP
> servers all pointing to this one authentication/home dir server.
The layout is:
1 machine for holding the authentication and users home directories.
18 K12LTSP servers eventually.
> >All the talk thus far on the list has been on using the smbldap scripts.
> >I've taken a look at the instructions for installation but I was hoping
> >to replicate the methodology and potentially using different components.
> >Namely, I want to use Fedora Directory Server as the LDAP server.
> do you need to have Windows workstations involved? If not...don't bother
> with smbldap....feel free to use FDS. Samba/LDAP is what many of us have
> to use to set up a common PDC/LDAP server for our mixed environments. The
> samba integration with FDS is not as mature as smbldap at this point which
> is why many of us are using it. Matt and I developed it
> (smbldap-installer) out of a need to provide open source centralized
> authentication for mixed networks. In my case my Samba/LDAP server is my
> PDC thus all my Windows servers and workstations suthenticate to it and it
> houses the Windows roaming profiles...as well as my Linux servers...in
> particular my K12LTSP servers point to it for authentication and NFS
> mounted home directories (/home is exported from the Samba/LDAP server)
We're holding a meeting tomorrow to put down the details into an
agreement. Samba was mentioned previously in initial talks so I'm not
certain if Windows workstations will be involved... I have an inkling
it may be.
Thanks for clarifying your use of smbldap vs Samba with FDS.
What is required for integration of Samba with FDS? FDS allows for "NT
user attributes" if that's any help.
> >I'm fairly new to the K12LTSP project so I have a few questions I hope
> >could be answered.
> >Why is a Samba PDC used instead of Posix user attributes? Is this just
> >to allow MS Windows workstations or is there an advantage for the
> >K12LTSP terminals to work with Samba?
> simply to accomodate Windows....Windows uses Samba and Linux uses the
> openldap...yes they are integrated, but that's the seperation simply put.
> If Windows was not part of the equation then OpenLDAP would simply be
> enough....for the most part.
Cool. I thought there was some other technical reason.
> >If a Samba PDC is not required then it's a matter of authenticating
> >logon off the LDAP server and perhaps auto-mounting the users home
> >directory off the file server using NFS.
> Yes....piece of cake....and FDS should make this simple.
Yep. I'm pretty sure I have this sorted. Would you just mount the
users home directory on the K12LTSP servers via NFS when it boots up or
have a more dynamic mount when the user logs in? Do you usually assign
the students with the same Group ID?
> Let us know exactly what the layout is of what you're trying to do and we
> can help....MANY of us are now running smbldap installations and have lots
> of experience with centralized authentication as a result. Also...Samba 4
> may turn out to be the holy grail in some respects....keep us posted :-)
Excellent. If you need more details, I'll provide them. We may or may
not require Samba integration. If so, I'm sure I'll have more
I took a look at Samba 4 today from Tridgell's latest talk at Linux Conf
Australia. Sounds very promising.
More information about the K12OSN