[Samba] Some questions about Samba and LDAP
Olivier Nicole
on at cs.ait.ac.th
Fri Apr 10 11:09:47 GMT 2009
Hello,
I have been using Samba for years (login onto the PC, files and
printers sharing) and since recently I have a LDAP server running and
serving authentication to few Unix systems (mail, web, Zope, ssh,
etc.)
Now that I set-up a new server to use with Samba, I would like to
integrate Samba into the existing LDAP.
All the doc I could find so far is about creating a LDAP service from
scratch which is not my case.
My questions are:
- in slapd configuration, what are the minimum accesses (ACL) that
should be granted to the various attributes of samba schema? By
default my LDAP server is quite protected and allows no access to
any attribute, unless specified otherwise.
I could find:
## allow the "ldap admin dn" access, but deny everyone else
access to attrs=SambaLMPassword,SambaNTPassword
by dn="cn=Samba Admin,ou=People,dc=quenya,dc=org" write
by * none
But what about the other attributes?
- I have my users database existing in LDAP, how can I add Samba
support? I understand that I should modify the objectClass of each
user to include sambaSamAccount, but then each user must also have
an attribute sambaSID. How can I generate that attribute?
- Is there a way to implement filter on the list of users? Nss_ldap,
pam_ldap for example allow to configure an optional filter, so only
the users with the correct attribute will have access to a specific
service (I separate the users that can log to their Unix account
onto the machine from the suers that can use a specific service on
that machine). Is there a similar filter with Samba or should I
differenciate with the use/unuse of objectClass sambaSamAccount?
- All what I read so far mention updating the sambaLMPassword and
sambaNTPassword with the command smbpasswd. I already have a set of
tools that I use to manage the users account (and that synchronize
account/password on many systems (database, radius, etc)), what can
I use to manage sambaLM/NTPassword within my local tools?
Best regards,
Olivier
More information about the samba
mailing list