[Samba] Using Samba with LDAP and SSL
Sam Hart
hart at physics.arizona.edu
Fri Oct 10 16:47:31 GMT 2003
* On 03-10-10, Jamrock wrote:
> I have been reading up on SSL and LDAP.
>
> I have read how to create the CA and how to sign certificates.
>
> When using Outlook Express, LDAP and SSL, we need to import the certificate
> so that Outlook Express can verify the authenticity of the LDAP server.
>
> What does my Samba setup need to allow the Windows workstation to contact
> the LDAP server over SSL?
Well, as far as Samba is concerned, it isn't required for your Windows
workstation to contact the LDAP server. Things like OE can just connect
their Address Books directly to the LDAP directory. They just need
to supply adequate directory credentials. One thing that should be noted
about encryption is that Windows doesn't support StartTLS, but does
support LDAPS.
Where it makes sense to start talking about Samba+LDAP is in three areas
(okay, there's probably more, but these are the most common):
* LDAP stores SAMBA's authentication info (SAMBA is a DC of some sort,
and Windows machines connect to it). So LDAP would store
usernames, LM/NT passwords, etc. You'd use the sambaAccount schema
in this case.
* LDAP stores SAMBA printer information (SAMBA provides printer
shares and LDAP stores that printer info).
* LDAP provides a gateway between SAMBA and some Windows-based
domain. (Here, LDAP would integrate with AD or something.
AFAIK, this is increasingly redundant now that SAMBA 3.0 is out).
Again, there's more situations, but these seem to be the most common (at
least, these are the ones most of my students are interested in). Which
brings me to my shameless plug, if you're in the Tucson, AZ area I do
technically teach a class on all this (contact me off list ;-)
--
Sam Hart
University/Work addr. <hart at physics.arizona.edu>
Personal addr. <criswell at geekcomix.com>
Alternative <criswell at tux4kids.net>
end
More information about the samba
mailing list