[Samba] Member server with LDAP backend?

Simon Oliver s.oliver at umist.ac.uk
Thu Apr 22 13:12:33 GMT 2004

On my new samba file server I want to use security=domain, authenticating
against an NT4 PDC.  The file server will also server nfs requests to my
UNIX clients.

Current UNIX accounts exist in LDAP (objectClass=posixAccount).
Current NT accounts live in NT domain.
All UNIX users have an associated account in the NT domain (same username).
Few NT users have UNIX accounts.

I have setup nfs on the new server so the UNIX users can use the new file
store already.  

Initially I want to allow the UNIX users access to the server from M$
Windows machines via Samba using domain security and LDAP backends -  I want
to avoid using sambapasswd and tdbsam.  It seems to me that the UNIX LDAP
objects just need the sambaSamAccount objectClass attributes filling in
using the existing NT account details - which is the best tool for this job:

net user add
net vampire

Do I also need an idmap LDAP backend?

Once this is up and running I want to give all the NT users access to the
filestore - but I don't want them all to have UNIX access.  I suppose I just
give them a shell of /dev/null so that they can't login.  Again, which tool
is the best to create the appropriate LDAP entries?

Eventually I will migrate the NT domain to 100% samba.  I plan to convert
the new samba server to the PDC for the domain and add a second BDC, which
will have a replica LDAP service running on it.

Help/advice/examples much appreciated.

  Simon Oliver


More information about the samba mailing list