In my spare time over the last couple weeks I've been trying to do something that should be relatively simple: set up Samba as a primary domain controller using an LDAP back end. I am so completely frustrated!!!

First I thought I could just use Sun Directory Server alone as a PDC. It's made for that, except Windows can't use it since Windows requires an ActiveDirectory server, not an LDAP server. I remember at college to log into Windows we were using some sort of Novell client instead of the standard Windows login screen. I would need something like that to use Sun Directory Server as PDC.

Then I realized that I could use Samba in front of an LDAP back end to emulate an NT4 PDC. I even found a whole walk through for Suse 10.1 which is what I'm using on the server. I did most of it the way they explained but I wasn't using OpenLDAP.. Sun Directory Server instead. I quickly learned that my LDAP server needs to have a Samba schema file imported (in a standard ldif file format) to describe Samba account objects etc... Samba comes with a schema file built for Sun Directory Server 5.2 which is what I was using. I used Sun's admin console program to import the LDIF file -- no complaints. Then when I tried to use a special program to populate the LDAP server with Samba objects it gave me tons of object class violation errors. This means the schema isn't working right. Tons of people on the net have this problem, Samba's documentation says the schema file isn't completely up to date for Sun Directory Server, and nobody seems to have a solution.

I gave up with Sun Directory Server and decided to go with OpenLDAP which is what the article walks me through anyway. I got a lot further with OpenLDAP -- it did not complain about the schema when populating the LDAP database. I set up network shares etc.. very simple stuff. However, I can't get my XP pro machine to join the domain! It keeps giving me "user not found" error when using the domain admin account to add the machine to the domain. I spent a lot of time in newsgroups and on google. Many people having this problem, no solutions that worked for me. I can use my domain account to browse shares on Samba, but can't use the domain admin account to join the domain.

I am able to add a samba user and see it show up in the LDAP directory. When I try to delete the user it complains that the displayName object is invalid in the schema! WTF. I've been trying to set up a bloody PDC for weeks now -- I'm ready to put an effing hole in the wall. There's a million ways to configure it, there is no up to date documentation, all the tutorials out there are incomplete or wrong, everyone has problems and nobody has solutions. Effing open source crap!!!!! It's only good for sharing files. I read the problem I'm having is because of a bug that was supposively fixed in Samba 3.0.6 but I'm using 3.0.22!!

I think I might go back to a pure LDAP directory server (Sun directory server). This LDAP directory is going to be very important in my network and software I plan to eventually write. My mail server will authenticate against it, Sun Access Manager for single signon will use it, Sun portal server will use it, web services I write will use it, etc...

I might get everything using the LDAP directory server (including my linux workstation) and leave only my windows computer not on the domain. If I want to access network resources I'll only have to enter a username/password first. If I really want I can find some sort of LDAP client for Windows so it can use the Sun Directory Server.

It's getting late and I'm fed up with the computer for now. Time for bed.