Merge lp://qastaging/~ahasenack/serverguide/samba-ldap-fixes into lp://qastaging/serverguide/trunk

Proposed by Andreas Hasenack
Status: Merged
Approved by: Doug Smythies
Approved revision: 344
Merged at revision: 332
Proposed branch: lp://qastaging/~ahasenack/serverguide/samba-ldap-fixes
Merge into: lp://qastaging/serverguide/trunk
Diff against target: 347 lines (+117/-128)
1 file modified
serverguide/C/network-auth.xml (+117/-128)
To merge this branch: bzr merge lp://qastaging/~ahasenack/serverguide/samba-ldap-fixes
Reviewer Review Type Date Requested Status
Doug Smythies Approve
Review via email: mp+324433@code.qastaging.launchpad.net

Commit message

Update the samba-ldap.html guide to current Ubuntu Xenial.

Description of the change

Update the samba-ldap.html guide to current Ubuntu Xenial.

Many changes here:
- clarify the shown commands assume ldap and samba are on the same server. In that way we can use the -Y EXTERNAL SASL mechanism which we use all over the place in the server guide already
- the samba schema is already shipped as an ldif file in the samba package, so we don't have to go through all the hops of converting the schema into ldif and then importing it
- call attention to netbios name and workgroup config options before running smbldap-config, because if these parameters are changed afterwards the configuration will be inconsistent and odd errors like "invalid SID" will be shown when trying to authenticate users
- quickly explain some of the smbldap-config questions
- use a better smbldap-populate command that will avoid overlapping uids/gids with local users. Without it, the moment you create your first user with smbldap-useradd, for example, he will have uid=1000 which is the same uid of the first local non-root user in any ubuntu system.
- only restart smbd and nmbd after having set the ldap password with smbpasswd -W, or else there will be authentication errors in smbd's log
- change smbpasswd to use -W (upper case) instead of -w (lowercase) so we don't have to supply the password in the command line. This parameter probably wasn't available when this section of the guide was first written.
- call out the need to install libnss-ldap, and show how to. Without this, user authentication against this samba server won't work.
- added test commands for libnss-ldap, to make sure it's working
- add "-m" to the smbldap-useradd command so that the user's home directory is created
- switched the list of smbldap example commands from a numbered list to a bullet list, since it's not a sequence of commands that have to be run one after the other
- removed the add machine command from smb.conf since that is only used for domain controllers, which we are not configuring here

To post a comment you must log in.
Revision history for this message
Doug Smythies (dsmythies) wrote :

O.K. great, thanks.

See line 207 below, I'm going to change that tab character to a space.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches