[K12OSN] RE SME Server Authentication

Craig White craig at tobyhouse.com
Tue Nov 20 19:45:46 UTC 2007 

On Tue, 2007-11-20 at 11:16 -0500, Jim Kronebusch wrote:
> On Tue, 20 Nov 2007 04:29:06 -0500, Larry McPherson wrote
> > Do you authenticate OSX against your SME server, and if so, do you know 
> > of a how-to?
> > 
> > Great how to on contribs!! With pictures too.
> > 
> > Larry
> 
> I put this together a few years ago for authenticating OSX to smb/ldap.  I've never
> tried it against SME Server, but it may be a good start.
> 
> http://www.1-cs.com/osxldap.html
> 
> Hope that helps,
> Jim
----
- I never found the need to 'enable' root user in NetInfo for this

- I did need to add Apple.schema to LDAP configuration and to make that
work, I had to 'uncomment' some sections of the samba.schema (it was a
tacky setup)

YMMV ;-)

you can download the apple.schema from Apple
http://www.info.apple.com

samba.schema changes...
# diff
-u /etc/openldap/schema/samba.schema /etc/openldap/schema/samba.schema~
--- /etc/openldap/schema/samba.schema   2007-05-13 15:58:10.000000000
-0700
+++ /etc/openldap/schema/samba.schema~  2007-05-13 15:57:33.000000000
-0700
@@ -133,15 +133,15 @@
 ##
 ## user and group RID
 ##
-attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid'
-       DESC 'NT rid'
-       EQUALITY integerMatch
-       SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID'
-       DESC 'NT Group RID'
-       EQUALITY integerMatch
-       SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+#attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid'
+#      DESC 'NT rid'
+#      EQUALITY integerMatch
+#      SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID'
+#      DESC 'NT Group RID'
+#      EQUALITY integerMatch
+#      SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )


anyway, my notes for enabling Mac clients to authenticate to my LDAP
setup (and I have them mounting NFS shares for the user $HOME
directories) are rather crude but:

Macintosh Systems
Directory Access - Authentication
Server srv1.example.com
LDAP Custom mappings (RFC-2307)

      * Users
              * base ou=People,dc=example,dc=com
              * NFSHomeDirectory apple-user-homeDirectory
              * HomeDirectory (new) apple-user-homeurl
      * Groups
              * base ou=Groups,dc=example,dc=com
      * Mounts
              * ou=mounts,dc=example,dc=com

Contacts (see above) My LDAP address books

      * Employee Directory
              * base ou=People,dc=example,dc=com
      * Shared Contacts
              * base ou=AddressBook,dc=example,dc=com

More information about the K12OSN mailing list