[Samba] Authenticate Samba with an LDAP w/o the schema
Fabrizio Reale
fabrizio.reale at redomino.com
Tue Dec 1 06:36:53 MST 2009
Hi,
Kevin Keane wrote:
> There are a few ways you could do it, but none of them are good.
I asked it because I do it with other tools like Plone.
And they just need to use use the LDAP bind service.
>
> Basically, the principle has to be that because you can't touch the LDAP
> server, you have to use user name/passwords for authentication. The
> situation is fundamentally the same as if you had your users listed in
> /etc/passwd, so all the same techniques should still work (albeit with
> modifications).
>
> Here are the options. Sorry I can't provide details, only outlines to get
> you started.
>
> - Turn off CHAP and use plain text passwords. VERY bad idea, but it should
> work. You will probably have to configure PAM to authenticate against the
> LDAP server - I'm not quite sure exactly how to do that.
>
> - Use smbpasswd to store the Samba passwords, and use Samba's various
> mechanisms to keep the passwords in sync between LDAP and smbpasswd.
>
> - What kind of LDAP server is it? It may offer some other mechanism that
> you can use. For instance, Active Directory would work easily by having
> your Samba server join the AD domain.
It is the LDAP of a Zimbra groupware.
I'd like to simply verify that the user is real (bind to the LDAP) and then
I can use a fake linux user for the UID and the permissions.
Thank you,
Fabrizio
More information about the samba
mailing list