PAM,LDAP,TNG,HEAD
gcarter at valinux.com
gcarter at valinux.com
Thu Oct 19 21:31:15 GMT 2000
Torsten Curdt wrote:
>
> In our Intranet we use samba 2.0.6 as PDC for quite a while now.
> Works great.
> But know we need samba as PDC for W2000 and auth against a LDAP
> server (rfc2307). These stuff came to my mind.
>
> 1. using samba 2.0.7 as fileserver auth against another
> samba TNG 2.6 which only holds the profiles and auth
> against the LDAP server.
If anyone wants to use or ask questions about SAMBA_TNG,
you should post to the tng lists at http://lists.samba-tng.org/
I'm afraid the Samba team will not be able to offer much help.
Also be aware that LDAP support was always experimental
and is being reworked in the 2.2 release for general
comsumption. Some thing will change.
> 2. using samba 2.0.7 as fileserver and auth against PAM
> (which auth with pam_ldap/nss_ldap against the LDAP server)
> and samba TNG 2.6 holds the profiles and auth against
> the other samba.
> negative: need to disable encrypted passwords for PAM
>
> I heard the 2.2 branch now already can join a domain. So a
> all in one sollution might not be far away. But I don't know
> about the LDAP support (especially the schema). I know TNG
> was supposed to support rfc2307.
The RFC2307 schema is not really relavent to
Windows client. We are planning on using the AD schema.
Since you will need to validate a username upon lookup,
Samba will need to do a getpwnam(). This of course could be
piped to LDAP via nss_ldap. But Samba's LDAP backend
will not replace the standard UNIX getpwxxx() calls.
Cheers, jerry
----------------------------------------------------------------------
/\ Gerald (Jerry) Carter Professional Services
\/ http://www.valinux.com/ VA Linux Systems gcarter at valinux.com
http://www.samba.org/ SAMBA Team jerry at samba.org
http://www.plainjoe.org/ jerry at plainjoe.org
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba-ntdom
mailing list