LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices



Reply
 
Search this Thread
Old 03-26-2007, 12:01 PM   #1
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,121

Rep: Reputation: 58
LDAP,Samba Central Administration


I have played around with LDAP Account Manager and have not really been impressed by it. I want a user friendly central point of administration to be able to administer windows and linux accounts under one roof. Can anyone suggestion a program that can do such and is easy to use that is compatible with LDAP. Just for the record LDAP Account Manager is a very poorly written program and is not user friendly in the least bit. I have several clients that cannot seem to get the hang of using it! I need something more user friendly! help!
 
Old 03-26-2007, 12:48 PM   #2
asommer
Member
 
Registered: Mar 2003
Location: North Carolina
Distribution: Gentoo
Posts: 168

Rep: Reputation: 30
I use these two:

http://phpldapadmin.sourceforge.net/

http://luma.sourceforge.net/

One's webbased the other is a KDE program. Between the two you should be able to do pretty much everything graphically.

Another one I've used is:

http://dev.mmgsecurity.com/projects/lat/
 
Old 03-26-2007, 04:24 PM   #3
XaViaR
Member
 
Registered: Dec 2004
Distribution: RHEL, CentOS, SuSE
Posts: 170

Rep: Reputation: 30
you can also use redhat directory services or its clone: fedora directory services. both of these directory services allows for central account managment. of course, you need to configure your smb.conf and pam_ldap for account logins.

good luck.
 
Old 03-26-2007, 11:10 PM   #4
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,121

Original Poster
Rep: Reputation: 58
many thanks. One more question:

I need some clarification. When using LAM, PHPLDAPADMIN, LAT and etc., if an account is created in LDAP and will it create an account in SAMBA as well so when the account logs into the network they will have access to windows shares as well as unix shares. I guess what I am trying to ask is when a standard linux account using LDAP using one of these apps will it create the same account under SAMBA and will I just have one account that allow me to access SAMBA and UNIX shares seamlessly without having to put in a password like MS ADS?

Last edited by metallica1973; 03-26-2007 at 11:33 PM.
 
Old 03-27-2007, 07:17 AM   #5
asommer
Member
 
Registered: Mar 2003
Location: North Carolina
Distribution: Gentoo
Posts: 168

Rep: Reputation: 30
You'll have add the Samba attributes to the user. PHPLDAPAdmin will do it, but I'm not sure Luma or LAT will. There's also command line tools to add the Samba attributes needed. I believe you will have to set both the Linux Password and the Samba password.

You can set the samba password using the smbpasswd command line tool, and set the Linux password from any of the GUI LDAP tools.
 
Old 03-28-2007, 10:21 AM   #6
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,121

Original Poster
Rep: Reputation: 58
What I am trying to do is duplicate a Microsoft NT PDC domain. I am confused. Im PHPLDAPADMIN if I add SAMBA attributes, Why wouldnt PHPLDAPADMIN automatically sync the passwords so that the user will have one central login? Why would I have to use smbpasswd, I would assume that PHPLDAPADMIN would do this under the GUI? Help
 
Old 03-28-2007, 10:52 AM   #7
asommer
Member
 
Registered: Mar 2003
Location: North Carolina
Distribution: Gentoo
Posts: 168

Rep: Reputation: 30
I believe it's because Samba keeps a separate password database from the underlying Linux password database. If you're users aren't going to be logging into the Linux from say a shell account then you'd only really need to set the Samba password. If however they are going to be logging into the Linux machine outside of Windows then I believe you'll need to set the password in both places.

When you setup your LDAP serve your users will have two password attributes one for Samba and one for Linux. The samba one is called sambaNTPassword and the Linux one is called userPassword.

The issue is really one of Single Sign On. LDAP will give you a central place to keep authentication information, but it's up to each individual program to use it. The way Active Directory gets away with it is that both the LDAP server AD and the workstation are using Microsoft Applications.

Another example would be running non-microsoft software on Windows that doesn't authenticate to Active Directory. If the software requires a username and password it will probably have it's own user database, which you'd have to manage.

PhpLDAPAdmin will let setup a user with the Samba attributes, it's just probably a good idea to set both the sambaNTPassword and the userPassword attributes to the same thing.

I hope this reply wasn't too long winded, but I've been dealing with the same issue. Luckily there's great scripting languages out there like Ruby and Perl to help manage the situation.
 
Old 03-28-2007, 11:49 AM   #8
drokmed
Member
 
Registered: Dec 2005
Location: St Petersburg, FL, USA
Posts: 219

Rep: Reputation: 30
Quote:
Originally Posted by metallica1973
What I am trying to do is duplicate a Microsoft NT PDC domain. I am confused. Im PHPLDAPADMIN if I add SAMBA attributes, Why wouldnt PHPLDAPADMIN automatically sync the passwords so that the user will have one central login? Why would I have to use smbpasswd, I would assume that PHPLDAPADMIN would do this under the GUI? Help
Hi metallica,

I'm at the same place you are! I too am disappointed with lam, and although phpldapadmin is nice, I wouldn't want to manage my server with it.

Have you looked at GOsa yet? I'm almost to the point to try it out, but i'm trying to resolve other issues first. It looks like an excellent gui tool. Some pics of it:

https://www.gosa-project.org/index.p...ery2&Itemid=33

Right now, I'm playing around with the idealx smbldap-* scripts, and they work great! They take care of the ldap and samba account simultaneously, so you don't have to do anything twice.

I've been reading the samba-howto and other manuals, and they are turning my brain to mush I never realized how advanced samba is, but I love it! I'm working through the net command chapter now, hoping net can be used to replace the idealx scripts.

Good luck. I'll check back when I figure out more

EDIT: Another tool I like is the SRVTOOLS.EXE tool from the Microsoft website. This is a windows gui you can use on your windows pc to connect to the samba pdc and manage shares and users. It is meant to be used managing an old NT4 server, but most of it's features work on the samba PDC.

Last edited by drokmed; 03-28-2007 at 12:23 PM.
 
Old 03-29-2007, 08:24 AM   #9
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,121

Original Poster
Rep: Reputation: 58
LAM and others still have a long ways to go but they do help out, Gentlemen, many thanks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba + LDAP shane200_ Linux - Networking 3 07-20-2005 03:47 PM
Central Authentication for SAMBA Matir Linux - Software 2 01-28-2005 05:16 PM
Samba and LDAP wslyhbb Linux - Networking 2 06-28-2004 10:51 AM
Samba administration from GUI Satriani Linux - Software 4 10-29-2003 05:32 PM
Samba Web Administration Tool Hone101 Linux - Newbie 3 03-22-2003 10:28 PM


All times are GMT -5. The time now is 01:39 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration