Followup on the Novell eDirectory situation….

In my previous post on the subject, I was telling you that we are moving our Mac directory services from Apple Open Directory to eDirectory by Novell.

I did not have many surprises. But some things are breaking, all can be fixed.

  • The Wiki service won’t like to authenticate to an external alien LDAP server by default. The fix is here: http://support.apple.com/kb/TS1619. Group membership is still problematic in my case. I plan to ditch the wikis anyway….
  • Samba won’t work properly unless you follow some fun procedures listed here: http://aput.net/~jheiss/samba/ldap.shtml. What is not written in this article is:
    • Since Apple is using a custom version of Samba that seems to rely on the Password Server, you have to write not so intuitive directives in the /etc/smb.conf file to disable the whole OpenDirectory routines before LDAPSAM will actually work.
    • You will have to extend the LDAP schema.
    • Windows passwords have to be entered with a small utility called mkntpwd. You take the output of that program to actually craft to user properties with iManager (sambaNTpassword and sambaLMpassword)
    • The Windows User passwords won’t be synchronized with their actual eDirectory password.

I will make a full post regarding Samba soon. I will toy more with it also…

Oh ! And regarding SMB2, the new Apple SMB server in Mac OS X starting with Lion (10.7) there is no way to have it to authenticate with an external LDAP.

Leave a Reply