5:37 PM - More fun with LDAP
I haven't written about LDAP for a few years. I've been asked to do a samba setup at work with LDAP. I decided to document some of the steps required on FreeBSD.
Install samba port (i used 3.4.x)
install smbldap-tools (command line tools to help with user management)
install nss_ldap and pam_ldap ports. Make sure you can resolve accounts from ldap using id and getent group or else samba will not authenticate.
Configure /usr/local/etc/ldap.conf (and make sure it's linked to nss_ldap.conf)
Modify /etc/nsswtich.conf ; on freebsd 8 remove the compat entries and switch it to files ldap for passwd, group and shadow. When the compat keyword is used, nothing else works according to nsswitch.conf(5).
Setup your LDAP directory. If you configure the smbldap-tools properly, you can use the smbldap-populate command to create all the required parts of the ldap database.
Configure your shares and other settings in smb.conf (although part of this must be done before smbldap-tools works right)
optionally setup swat out of inetd via /etc/inetd.conf
This is by far not complete and should not be considered a "secure" setup but it does seem to work so far.
In smb.conf you would have something like:
passdb backend = ldapsam:"ldap://ipaddresshere
ldap://secondipaddress"
ldap user suffix = ou=people
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups