Topic: Group to figure out LDAP?

[dave rose]

Hey all.
  I have been trying unsuccessfully for a means of using LDAP directory as a single user directory to handle multiple servers authentications / sambas for passwords.  I figure that if a few of us were to put out heads together and our past experiences we might be able to get this to work.

Dave

[dave rose]

Been looking into this in my spare time.  

I believe that if I could get a Linux SME server to authenticate a user at the login prompt from a master LDAP server, then we can set the Samba on that LDAP-slave to authenitcate from a domain server, we would be close to an answer.

I tried copying LDAP libraries from a Redhat 7.2 machine I have, and then making what I believe are the appropriate soft links, and then ran AUTHCONFIG in hopes to correctly edit the .CONF files in /etc and beyond.  This did not allow me to authenticate from another server.  Although I'm not sure I had the context-information correct.

I did not really try to replicate the database to slave PCs because in my opinion that would require work on every PC whenever a new server is added.

Anyone else out there have any input for the mechanics of this idea, or know it's the wrong approach and won't work?

Dave

[Derek]

I don't really have to expertise to contribute to developing this, but I'm all for the idea. How would W98 clients authenticate from LDAP? Would they still be authenticating from the SME/Samba server with the SME/Samba server getting it's user/password lists from a seperate LDAP server?

Derek (beta tester in waiting)

[Les Mikesell]

Samba 2.2.3 and up can act as a domain controller while storing its data in a back-end LDAP server, so windows clients would still authenticate against samba.  The LDAP schema needs to have both posixAccount and sambaAccount objectclasses and they both need to be updated on the master server when users or passwords are changed.