[Samba] Common Authentication Scheme

[Beau Hunter]

On 3/26/03 22:17, "stscanlan" <stscanlan at hphs.org> wrote:

> Has anybody out there had luck with LDAP or similar to enable users to share
> a common logon database for Windows 2000 and Linux. Microsoft and Linux
> supposedly allow authentication using LDAP, Kerberos and alternative schemes
> to their native databases ie /etc/shadow/passwd and the SAM.
> 
> Any help with this would be greatly appreciated.
> 
> Steve S.

You can set up your linux box to import users via LDAP.  You will need to
make some changes to your AD schema, such as adding attributes for UniqueID,
mounts (typcially vfs, vfsopts, and vfsdir).  I have had problems getting a
clean group management system working, but the best work around I could
figure out is by adding MemberUID, userlist, and gid attributes to the AD
schema as well.  Unfortunately, this means adding users on the PDC to a
particular group does not add them on the Unix side, instead you have to
manually go in on the windows box using ADSI Edit, (or from the client side
using Domain admin privileges and cli tools) and manually add in the gid's
to each user name.  It's a pain, but it works.  There seems to be a serious
dearth of information on this.  Once you have LDAP authentication up and
running, then you can easily set up SMB pass through authentication with no
need for winbindd, though I've had some problems using secure passwords on
this.

Hope this helps,
Beau





-- 
Beau Hunter
Technical Consultant
Wedgetail Consulting
www.wedgetailtechs.com