[KLUG Advocacy] samba and ldap and heimdal
Adam Tauno Williams
adam at morrison-ind.com
Mon Apr 4 11:18:21 EDT 2005
> > It pukes when you try to change a password? There is a patch/hack
> > posted to the hiemdal list last week.
> I've had no issues with it after getting ldap to start with it. Do you
> have to change passwords from a certain ap to have the puking occur. I
> can change passwords with user manager or the passwd cli.
I've never seen the mentioned failure, but lots of other people do. I
change ALL my passwords via exop or via-exop-via-samba
> > > Ldap Account Manager or lam
> > > http://lam.sourceforge.net/
> > > 1. More like what I was looking for. But it still does not seem to be
> > > quite the tool. It does not seem to differentiate between the nt global
> > > and local groups like M$ user manager for domains connected to samba
> > > using the smbldap-tools do. Meaning defining a group as a list of uid's
> > > for one kind of group and a list of sid's for another.
> > I've only played with LAM as its focus is too narrow for our purposes.
> > But I don't have any groups that are a 'list of sids'?
> All local groups modified through user manager for domains are using the
> sambaSIDList attribute and ignoring the member. I'm assuming this will
> make this group useless for linux machines. This can be seen in my
> "Backup Operators" group object as an example.
Ah. What do these local groups actually do? I have them (as in they
exist) but I've never seen them actually used for anything.
> > > There is another one that I have not banged my head against long enough
> > > to get to work. This one is from the smbldap-tools people. Is there an
> > > apache mod-auth-ldap rpm for suse? Couldn't find it.
> > > http://www.idealx.org/prj/samba/index.en.html
> > Honestly, I think the smbldap-tools suck.
> Well of course you do. They are perl scripts, and you despise perl.
That, and having to hack a script to get your LDAP integration to
work.... seems so very wrong.
> > :) ! And it is all just plain stupid, stupid, and more stupid. We've
> > written a little .NET assembly that looks up the root container's etc...
> > in .... WHERE??? .... LDAP! <TA DA!> The whole "geee, we should glue
> > this together with a crappy perl script" attitude come to enterprise
> > systems is really annoying. I mean, if *I* could come up with a better
> > solution..... geeesh.
> > For example, "add machine script
> > = /usr/bin/mono /usr/local/bin/cifsaddmachine.exe %u *********" where
> > "********" is the password used to bind to the DSA and the %u is the
> > name of the machine account to add. cifsaddmachine.exe is a
> > little .NET app that is linked to our dseautomater.dll that looks up
> > config attribute value pairs in LDAP and thus the application can
> > 'learn' where to put the appropriate objects. I'd Open Source this but
> > I REALLY REALLY don't currently have the time to deal with the
> > inevitable flood of terminally stupid questions.
> Sounds interesting!! Ldap could be the configuration for LDAP.
Yep.
> > > Hey Adam, You still interested in cooperating on a c# multiplatform
> > > gui?
> > Yes, and I've got bits of one called "Wolvesbane" lying about, but I
> > won't have any free time to hack on it till April is over, too much
> > mayhem in these parts.
> I'll see if I can devote some time to get a hello world program in c#
> and then go from there. Hello world is sometimes harder then "war in
> peace" in a new language.
With Glade# simple UI's are easy, complicated UI's are still best banged
together by hand.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.kalamazoolinux.org/pipermail/advocacy/attachments/20050404/b47e8e41/attachment.bin
More information about the Advocacy
mailing list