Once every week or two I sit down and spend maybe 3-4 hours swearing at my computer following various walk-throughs of setting up OpenLDAP + Samba + PAM, and not succeeding. I think I've been at it for 6 months now? Each time I try, I format the computer and do a fresh install of Ubuntu Server (which takes only a few minutes).

I can't believe how much bullshit you have to install, configure, and debug to get it working. I swear not one place on the internet has a working article. The closest I was to a working system was with this article. I had a working OpenLDAP server hooked up to Samba. I used special tools to create accounts that ended up in both Samba and OpenLDAP. I had a few problems though. I could not get PAM working (for linux to authenticate with OpenLDAP) and had some cryptic error. Google lead me to think it has something to do with certificates, which the article never mentions. I created a public share and that worked well. I think I was even able to access a home directory share for an OpenLDAP account. I could not access that share when in Windows though, even with the correct credentials.

All this bullshit makes me want to buy a Windows server just to have a central place for user and program accounts. However, I'm not sure if that solution will work with the apps I want to use which support LDAP. Active Directory is not LDAP. So I'm screwed? I have to use OpenLDAP? Or.. just maintain separate user accounts in every program.

Update : IT WORKS!!! After all these months, too many formats to count, and lots of cursing.. it works perfectly now! I spent my entire Saturday screwing with it and formatting a couple more times. I have tons of notes so if I have to format again, I think I'll be able to get it working fairly easily.

Now I can create an account that ends up going into OpenLDAP, and Samba. I can log into the computer using the LDAP account, it has a home folder, I have private home folder shares and a public share. The only problem left is when I reboot it seems some things that require authentication try to go to the LDAP server before it it started. It takes over 10 minutes before the computer gives up and becomes usable. I'm going to see if I can tweak the timeout periods and maybe even make OpenLDAP start as one of the first service.

So.. all that's left to do on this server is to set up BIND to be a DNS server for my internal LAN. One day I may look into setting up CUPS to make it a print server. I might also look into setting it up as VPN server. Those are not priorities at the moment so I will move onto server #2. I'm probably going to buy Red Hat Enterprise Linux 4 for that machine because two of the programs I want to put on there won't run on anything but RHEL. It sucks, but for what the programs do, the $350 US fee isn't that bad.