Merge lp://qastaging/~ahasenack/serverguide/samba-ldap-fixes into lp://qastaging/serverguide/trunk
Status: | Merged |
---|---|
Approved by: | Doug Smythies |
Approved revision: | 344 |
Merged at revision: | 332 |
Proposed branch: | lp://qastaging/~ahasenack/serverguide/samba-ldap-fixes |
Merge into: | lp://qastaging/serverguide/trunk |
Diff against target: |
347 lines (+117/-128) 1 file modified
serverguide/C/network-auth.xml (+117/-128) |
To merge this branch: | bzr merge lp://qastaging/~ahasenack/serverguide/samba-ldap-fixes |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Doug Smythies | Approve | ||
Review via email:
|
Commit message
Update the samba-ldap.html guide to current Ubuntu Xenial.
Description of the change
Update the samba-ldap.html guide to current Ubuntu Xenial.
Many changes here:
- clarify the shown commands assume ldap and samba are on the same server. In that way we can use the -Y EXTERNAL SASL mechanism which we use all over the place in the server guide already
- the samba schema is already shipped as an ldif file in the samba package, so we don't have to go through all the hops of converting the schema into ldif and then importing it
- call attention to netbios name and workgroup config options before running smbldap-config, because if these parameters are changed afterwards the configuration will be inconsistent and odd errors like "invalid SID" will be shown when trying to authenticate users
- quickly explain some of the smbldap-config questions
- use a better smbldap-populate command that will avoid overlapping uids/gids with local users. Without it, the moment you create your first user with smbldap-useradd, for example, he will have uid=1000 which is the same uid of the first local non-root user in any ubuntu system.
- only restart smbd and nmbd after having set the ldap password with smbpasswd -W, or else there will be authentication errors in smbd's log
- change smbpasswd to use -W (upper case) instead of -w (lowercase) so we don't have to supply the password in the command line. This parameter probably wasn't available when this section of the guide was first written.
- call out the need to install libnss-ldap, and show how to. Without this, user authentication against this samba server won't work.
- added test commands for libnss-ldap, to make sure it's working
- add "-m" to the smbldap-useradd command so that the user's home directory is created
- switched the list of smbldap example commands from a numbered list to a bullet list, since it's not a sequence of commands that have to be run one after the other
- removed the add machine command from smb.conf since that is only used for domain controllers, which we are not configuring here
O.K. great, thanks.
See line 207 below, I'm going to change that tab character to a space.