Tuesday, 10 June 2008

Samba and LDAP: a Wind-up

I had to revisit this because I thought I must have missed something: must have got something wrong. But I really don't think I have. The developerWorks document I quoted in an earlier post was written before the release of Samba 3. It says that "There are two things a Samba/LDAP installation cannot do 'out of the box' ". The first is "Retrieve user account information from an Windows 2000 Active Directory server"; the second is "Alleviate the need for /etc/passwd." Both these issues, the document confidently expects "will be resolved with the release of Samba 3.0." But it didn't happen. Instead, the Samba documentation states that "The second item [removing the need for /etc/passwd] can be accomplished by using LDAP NSS and PAM modules." Except that these modules are already installed on Fedora. Checking the /etc/nsswitch.conf file for the necessary entries:

passwd: files ldap
group: files ldap

shows that these entries are in place.

Everything I've read implies that I should be able to achieve what I want to do with Samba and LDAP: create groups and user accounts in LDAP and have them access file and print resources on the Samba server. And yet I've not been able to achieve that in the time I've had available. I'm disappointed. My feeling is that unless you really need to use the features of LDAP you are probably better off using Samba's tdbsam backend instead.

No comments: