[Samba] samba to samba via LDAP

jeff jeffw at sulross.edu
Wed Dec 18 21:30:01 GMT 2002


Hi all,

I have lots of samba servers and want them to all authenticate against a 
single password file which will be a LDAP database. 

Where I want to be:

Login to a domain called "FROST" that passes the username:passwd to a domain 
called "ACR" which checks LDAP.

Where I'm at:  

I can login (from a W2K machine) to a test server called LIBIT which uses LDAP 
beautifully (after long hours/days of profanity).  I can also join/login to 
the samba domains called ACR (anytime) and FROST (if I change passwd server 
and security settings to a stand alone).

I have 2 samba servers I'm testing out with the goal of passing 
passwords...the servers are FROST and the authenticating server is called 
ACR.  I know that the login:passwd pair is being passed from FROST to ACR. 

The command I tested this with is:

smbclient -L smbfrost -U jeffw
#smbclient -L <netbios name> -U <user>

btw, jeffw has a valid unix account on frost, but is not in the smbpasswd 
file.

I then see a list of shares on the FROST domain.

So, my question is this.  Can I have a domain called "FROST" which a W2K/XP 
machine can join/login to while doing all authenticating against a samba 
server called "ACR"?  

Does any of this make sense?

Here are condensed/cleaned smb.conf files:

--- Begin Frost smb.conf file ----
[global]
        workgroup = frost
        netbios name = smbfrost
        server string = Samba Frostbite
        encrypt passwords = yes
        null passwords = no
        log file = /var/log/samba/log.%m
        max log size = 150
        name resolve order = lmhost host wins bcast
        domain logons = yes
        os level = 30
        preferred master = yes
        domain master = no
        security = server
        password server = ACRC
        hosts allow =

--- End Frost smb.conf file ----

--- Begin ACR smb.conf file ---
[global]
        netbios name = ACRC
        workgroup = ACR
        server string = ACRC Server
        domain master = yes
        browseable = Yes
        logon path = \\%N\profiles\%U\profile
        name resolve order = lmhost host wins bcast
        null passwords = Yes
        encrypt passwords = Yes
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false 
-M %u
        short preserve case = no
        wins support = true
        max log size = 50
        logon script = %u.bat
        writable = yes
        security = user
        domain logons = yes
        max disk size = 50000
        local master = yes
        log file = /var/log/samba/log.%m
        os level = 64
	locking = no
--- End ACR smb.conf file ---


any help would be wonderful....unless your a RTFM person because I wouldn't 
have gotten this far if I hadn't.

thanks

-- 
Jeff

"Maybe I'll make a deal with my boss..."Boss", I'll say, "Let's upgrade to 
Linux on all campus computers and I'll pay for the licensing out of my own 
pocket."



More information about the samba mailing list