Caution Regarding LDAP and Samba
Samba requires UNIX POSIX identity information as well as a place to store information that is
specific to Samba and the Windows networking environment. The most used information that must
be dealt with includes: user accounts, group accounts, machine trust accounts, interdomain
trust accounts, and intermediate information specific to Samba internals.
The example deployment guidelines in this book, as well as other books and HOWTO documents
available from the internet may not fit with established directory designs and implementations.
The existing DIT may not be able to accommodate the simple information layout proposed in common
sources. Additionally, you may find that the common scripts and tools that are used to provision
the LDAP directory for use with Samba may not suit your needs.
It is not uncommon, for sites that have existing LDAP DITs to find necessity to generate a
set of site-specific scripts and utilities to make it possible to deploy Samba within the
scope of site operations. The way that user and group accounts are distributed throughout
the DIT may make this a challenging matter. The solution will, of course, be rewarding, but
the journey to it may be challenging. Take time to understand site needs and do not rush
Above all, do not blindly use scripts and tools that are not suitable for your site. Check
and validate all scripts before you execute them to make sure that the existing infrastructure
will not be damaged by inadvertent use of an inappropriate tool.