ldap and active directory configuration

Fri Jul 2 05:28:57 MDT 2010

Ah...I see what you are trying to do...

The problem is passwords: you need some way to store the Windows
passwords for the users; which are different than the Linux passwords.

Are you storing passwords on your eDirectory or not?  eDirectory has
Samba extensions, etc, and there is documentation on how to do it
(http://www.novell.com/coolsolutions/appnote/11788.html).  If all you
need from eDirectory is whether the account is still active or not,
you can either extend eDirectory to support Samba, or you can set up
Samba with the LDAP backend as a separate server, and write a script
that queries eDirectory for account status once a day, updating your
Samba's LDAP, activating and deactivating accounts as needed.  I once
had a similar situation where my script went the other way, disabling
users from our "other systems" once they were deactivated in Samba.

Those are just some thoughts...it might help if you detailed your
current setup to the mailing list (existing directories, dependencies,
etc)...if your payroll system simply sends out LDAP queries, it might
be faster to use OpenLDAP and replace eDirectory.

On Fri, Jul 2, 2010 at 6:09 AM, Malcolm Bodger
<M.Bodger at westminster.ac.uk> wrote:
> Hi Scott,
>
> Thanks for this. I've gone through the documents for configuring LDAP and it
> appears to want to make samba a domain controller on a new ldap database.
> All our users authenticate to our existing edirectory, which is updated by a
> feed from our payroll system. I want to authenticate our existing users to
> our ldap(edirectory) to access the samba share. I don't want to create an
> admin user for samba. The ubuntu box already authenticates users to our ldap
> server. Is there no easy way to do this?
>
> Thanks.
> Regards,
> Malcolm.
>
> This e-mail and its attachments are intended for the above named only and
> may be confidential. If they have come to you in error you must not copy or
> show them to anyone, nor should you take any action based on them, other
> than to notify the error by replying to the sender.
>
> ________________________________
> From: Scott Grizzard [mailto:scott at scottgrizzard.com]
> Sent: Thu 01/07/2010 13:14
> To: Malcolm Bodger
> Cc: samba-technical at lists.samba.org
> Subject: Re: ldap and active directory configuration
>
> Google "ubuntu samba domain member server".  Also, you migtht want to use
> OpenSuse instaed...it is a bit more intuitive for Windows power users than
> Ubuntu, and easier to integrate into a Windows domain.
>
> ------
> Scott Grizzard
> http://www.scottgrizzard.net/
>
> On Jul 1, 2010 6:35 AM, "Malcolm Bodger" <M.Bodger at westminster.ac.uk> wrote:
>
> Hi,
>
> I'm new to this list, so this is my first email.
>
> I've installed Samba on a Ubuntu server and I want to share a file system,
> but I don't want the filesystem to be public, I need users to authenticate
> to access the shared file system.
>
> My Ubuntu server is configured to accept user logins authenticating to our
> LDAP server, so I thought this would be easy - how wrong can one be.
> So, can anyone tell me how to get samba to authenticate users to ldap,
> without making changes to the ldap server?
>
> Or, would it be easier to user Active Directory?
>
> Thanks,
> Malcolm.
>
>
>
> This e-mail and its attachments are intended for the above named only and
> may be confidential. If they have come to you in error you must not copy or
> show them to anyone, nor should you take any action based on them, other
> than to notify the error by replying to the sender.
>
>
>
> --
> The University of Westminster is a charity and a company limited by
> guarantee.  Registration number: 977818 England.  Registered Office:
> 309 Regent Street, London W1B 2UW, UK.
>
> The University of Westminster is a charity and a company
> limited by guarantee. Registration number: 977818 England.
> Registered Office: 309 Regent Street, London W1B 2UW.
>

----
Scott Grizzard
Scott at ScottGrizzard.net
http://www.ScottGrizzard.net/