Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Mail Systems
Eclipse Documentation

How To Guides
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Problem Solutions
Privacy Policy




Samba HowTo Guide
Prev Home Next

IDMAP Storage in LDAP Using Winbind

The storage of IDMAP information in LDAP can be used with both NT4/Samba-3-style domains and ADS domains. OpenLDAP is a commonly used LDAP server for this purpose, although any standards-complying LDAP server can be used. It is therefore possible to deploy this IDMAP configuration using the Sun iPlanet LDAP server, Novell eDirectory, Microsoft ADS plus ADAM, and so on.

An example is for an ADS domain is shown in ADS Domain Member Server using LDAP.

Example13.4.ADS Domain Member Server using LDAP

# Global parameters
workgroup = SNOWSHOW
netbios name = GOODELF
server string = Samba Server
security = ADS
log level = 1 ads:10 auth:10 sam:10 rpc:10
ldap admin dn = cn=Manager,dc=SNOWSHOW,dc=COM
ldap idmap suffix = ou=Idmap
ldap suffix = dc=SNOWSHOW,dc=COM
idmap backend = ldap:ldap://
idmap uid = 150000-550000
idmap gid = 150000-550000
template shell = /bin/bash
winbind use default domain = Yes

In the case of an NT4 or Samba-3-style domain the realm is not used, and the command used to join the domain is net rpc join . The above example also demonstrates advanced error-reporting techniques that are documented in Reporting Bugs.

Where MIT kerberos is installed (version 1.3.4 or later), edit the /etc/krb5.conf file so it has the following contents:

 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

 default_realm = SNOWSHOW.COM
 dns_lookup_realm = false
 dns_lookup_kdc = true

 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false

Where Heimdal kerberos is installed, edit the /etc/krb5.conf file so it is either empty (i.e., no contents) or it has the following contents:

        default_realm = SNOWSHOW.COM
        clockskew = 300

        SNOWSHOW.COM = {
                kdc = ADSDC.SHOWSHOW.COM
[domain_realm] = SNOWSHOW.COM

Samba HowTo Guide
Prev Home Next

  Published under the terms fo the GNU General Public License Design by Interspire