Samba4 Alpha 15 as LDAP server authentication for other services
xeros at irc.pl
Wed Feb 16 06:17:18 MST 2011
I'm planning to use Samba Alpha 15 not only for Active Directory but
extend it's schema for use it's backend for other services like:
- switches that have option for LDAP (getting MAC addresses of machines
and set them to VLANs),
- UTM that has both LDAP and AD options (here it would be both users and
machines for network access),
- network printers with LDAP or AD usage options (for binding access to
specific users, not important to have that),
- network scanners with LDAP usage option (not sure if I need it),
- Postfix and Cyrus as mail server (authenticate users and get/set their
e-mail adresses) [top priority],
- Squid proxy server (access for AD users, to track sites visited by
- ejabberd Jabber server (users and passwords) [top priority],
- Bind9 DNS server (network names for workstations and site domain, site
domain might be outside in typical bind config and delegation files)
- DHCP server (MACs for machines and some options for network boot, might
be outside of AD in case of problems(?))
As for AD, I'll have PCs with Windows XP and Windows 7 workstations and I
- GPO [top priority]
- roaming profiles with registry, Desktop, Documents, application settings
keept on server, without storing files on workstation disks, [top
- only network printers, no need to share printers by workstations or
server, [top priority for using network printers by direct connections to
their IPs at 9100 port]
- block USB storage driver for workstations
- enforce proxy settings
I have few Linux servers and workstations, too that I might connect to
LDAP of Samba4, but that's not a priority now.
I've read wiki info about different backends like OpenLDAP or Fedora_DS
and it's restrictions...
But what about Samba4 builtin LDAP backend? Would such configuration work
now on it?
How does builtin LDAP backend now behave when extending it's schema for
Can I achieve it with Samba4 at current state?
As for password for other services, it's not necessary to use Samba4
AD paswords, such passwords might be created at profile creating using
scripts, but only need to bind them to AD users objects.
And only [top priority] options are really needed, I can drop other
options in case of problems implementing them.
More information about the samba-technical