Find the answer to your Linux question:
Results 1 to 9 of 9
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Samba, OpenLDAP, DHCP, DNS

    I have a network of 130 computers, mixture of Windows and Linux.

    There is one windows server for server based windows apps.

    All machines have local log-on, some have network printer and file sharing, some are public machines. I have different workgroups for different areas.

    I am not looking for a complete network solution, I will work that out myself. What I am looking for is a starting point.
    I use Suse 11 if it makes any difference.
    I want to set some systems, if not all eventually to network authenticated.

    I have read many blind links and articles that do not really put 2 and 2 together. If someone would help me get started, please ......

    I need internal DNS and I understand that it can be updated via the DHCP. That takes care of the hardware end? ( I assign IP by MAC so I can configure each machine and control who tries to connect )
    I want to use Samba and OpenLDAP ( I get pieces of articles where Samba can't do all alone, LDAP works the rest of the picture )
    Which service do you start with? Samba and LDAP pulls info from there or LDAP and work Samba off it? I saw at one point where LDAP can be updated from DHCP.
    Surely you do not need to manually do all 4?

    The books and articles I have read do not show how to use these services together, not even hints.

    This is not a very complete listing because I am not looking for a complete solution, just ideas of how and where to start.
    network auth, file server / sharing, network print servers and sharing.



  2. #2
    In all of your reading, you should have found that LDAP is nothing but a database. Just like an empty MySQL database, what you put in it and how you use it is *up to you.*

    If you search for something like "linux user management ldap", you'll get links like this. If you want to use an external LDAP server for Windows clients, you'll need to do more work/research on how to change Windows to support that. In many cases, it involves an agent install on the Windows machine. Other *directory services* that support user management (and more) include Novell's eDirectory - and many others.

    Samba's primary purpose is file sharing via the CIFS/SMB protocol (also called "Windows File Sharing") with Samba's smb and nmb daemons (which also support the "printer sharing" as found in Windows.) Almost as important/common is Samba's winbind daemon which interfaces with Windows domains (NT4 and AD.)

    Given the issue of "changing Windows to support external LDAP," you will probably want to look into making a Samba server *emulate* a Windows domain controller (assuming you don't have a Windows DC and aren't going to fork out the $$ to make one.) Do more reading and you will find that Samba can emulate an NT4-style domain controller, but not anything like an Active Directory DC (you can play with Samba 4 *alpha* code for AD emulation.) This setup will be the easiest to configure both your Linux and Windows clients to authenticate against the domain controller.

    DNS and DHCP are completely separate services. Can their information be stored in an LDAP database? Yes. You'd have to install/configure an LDAP-enabled DNS and DHCP server. The typical default DNS is bind, altho several simpler DNS servers exist.

    The client machines (getting an IP via DHCP) can update DNS on their own - this is called "dynamic DNS updates" and must be supported and enabled in the DNS server. You can Google for more information.

    In short, this is a rambling collection of information and I hope it shows how each of these are independent and only tied together by either the user or some special software "package."
    Last edited by HROAdmin26; 02-24-2010 at 09:52 PM.

  3. #3
    Thank you very much for your reply.

    All my reading left me very confused most times. One time I think I have it nearly figured out, the next ......
    I could not really see the need for the LDAP but some kept telling me I had to have it, but I could not connect the pieces. It looked to me like Samba would do all I needed.

    If I have DHCP assign IPs to "known" MACs, internal DNS update off of DHCP and Samba for file and printer share ( and it can be the DC if I go that way also). It preforms WINS for the windows machines.

    There are no other back-ground services I need than those. (?)

    I feel I can leave LDAP alone, at least for now since I can see it fill no need I require.
    Since DNS and DHCP are separate like it seemed, those are long done already.
    I can concentrate on honing Samba.



  4. $spacer_open
  5. #4
    Quote Originally Posted by HROAdmin26 View Post
    The client machines (getting an IP via DHCP) can update DNS on their own - this is called "dynamic DNS updates" and must be supported and enabled in the DNS server.
    This is not entirely true. I don't know the details, but there is some Cisco hardware/configuration that will not allow *Linux* to update DNS. I've been trying to figure out if there is a work around for this, but haven't been able to find anything, mostly because I'm not one of the network admins here and I'm not sure what it's called that Windows can do but the Linux "can't". I'm waiting for word back from one of the network admins, but I figure I'll learn more by trying to discover the workaround myself.

  6. #5
    this is called "dynamic DNS updates" and must be supported and enabled in the DNS server.
    Please re-read that statement - several times.

    /Welcome to vendor lock-in/specialized client support. Or it could be an admin-enabled security option. Or a misconfigured device...the list goes on.

  7. #6
    right, it *is* "supported and enabled" for Windows. What I'm trying to figure out is how to mimic Windows networking with Linux. I installed likewise-open, but that by itself does not do it.

    My network admin said this: "I wouldn't expect your Linux box to be able to update DNS on our network. Only domain Windows member PCs are supposed to be able to do that."

    However, you can add Linux boxes to the domain using Likewise-open, so that's where I'm confused.

  8. #7
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    The Keystone State
    If your DHCP server is a windows machine and you have your linux box setup to use DHCP then the windoews DHCP server will update DNS.


    The adventure of a life time.

    Linux User #296285
    Get Counted

  9. #8
    just goto youtube and type samba pdc + ldap...u will get what u want

  10. #9
    Quote Originally Posted by Lazydog View Post
    If your DHCP server is a windows machine and you have your linux box setup to use DHCP then the windoews DHCP server will update DNS.
    No, it doesn't. I thought I clearly started it doesn't before, but perhaps. That's the entire issue. It should work like that, I agree. We've got 4200+ employees, so there are a lot of cooks in the kitchen. We were contemplating mirroring the Windows DNS and just running a bind server, but that wasn't really a path we wanted to go down and we ended up getting it "resolved" though the final touches are still being

    The problem is twofold.

    1) dhclient in ubuntu doesn't actually update DNS for some reason even when send hostname is enabled (which it is by default). It may actually send, but it is not received and it's useless in our environment and hence problem #2...

    2) I believe this to be because the DHCP is coming from, which is the Windows machine which does not except non-domain machines (it does not accept non-domain Windows machines either). At this point there was a second DNS server set up called does accept non-domain machines. No matter how you run dhclient, it will not update If I name the machine and everywhere the computer thinks it is on it will still not do it because is still the DHCP server. So, what I have to do is use nsupdate. This works great except nsupdate doesn't know the IP address, so it's still not dynamic, which is what you need for laptops. I've got

    DNSSERVER=$(/bin/cat /etc/resolv.conf | /bin/grep -m 1 nameserver | /usr/bin/awk  '{print $2}')
    written for another script, so it should just be a matter of getting the info from ifconfig instead of resolv.conf and feeding a dhclient-exit-hooks script.

    Now, since I'm new to nsupdate, the thing I have not figured out is how to run it in one line. Right now it takes 4 lines (or something like that) which I don't think is going to work very well in the dhclient-exit-hooks.d folder.

    As somewhat of an aside the ubuntu /etc/dhcp3/dhclient-exit-hooks.d folder is poorly documented. There all sorts of references to a dhclient-script file that does not exist. Quite frustrating but I eventually figured it out for another script.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts