Samba and FreeRADIUS are now using LDAP (on ASHTI) as their authentication store.

The biggest things here were the migration of all accounts in /etc/passwd to LDAP on ASHTI. This went through pretty easily with the scripts in my directory: ~rowan/smbldap/MigrationTools-44.

Upgrading Samba to LDAP support was straightforward. The new configuration variables in smb.conf are required, and I changed the Unix passwd sync to the resetpass program, which changes the LDAP password and the Seminary password as well as the Unix password. Then Samba can go ahead and change the Samba password. This works well except when the seminary server is unavailable, in which case the Unix and LDAP passwords are changed, but Samba isn’t (and the seminary one isn’t of course, as well).

FreeRADIUS is at version 0.7 currently, but we seem to be having issues with the LDAP module periodically losing its connection to ASHTI. I‘m working on this. Version 0.8.1 of the server might help if I can’t get anything else to work. I changed from TLS enabled LDAP to unencrypted. I might also try using the SMB authentication module, which I happened to compile into the package I installed. I am now currently using the SMB module to authenticate against Samba on SHANTI (which is authenticating against the Samba account fields in LDAP). I’m still not sure what’s wrong, but I can’t leave it periodically dying.