[Samba] Member server with LDAP backend?
Simon Oliver
s.oliver at umist.ac.uk
Thu Apr 22 13:12:33 GMT 2004
On my new samba file server I want to use security=domain, authenticating
against an NT4 PDC. The file server will also server nfs requests to my
UNIX clients.
Current UNIX accounts exist in LDAP (objectClass=posixAccount).
Current NT accounts live in NT domain.
All UNIX users have an associated account in the NT domain (same username).
Few NT users have UNIX accounts.
I have setup nfs on the new server so the UNIX users can use the new file
store already.
Initially I want to allow the UNIX users access to the server from M$
Windows machines via Samba using domain security and LDAP backends - I want
to avoid using sambapasswd and tdbsam. It seems to me that the UNIX LDAP
objects just need the sambaSamAccount objectClass attributes filling in
using the existing NT account details - which is the best tool for this job:
smbpasswd
pdbedit
net user add
net vampire
Do I also need an idmap LDAP backend?
Once this is up and running I want to give all the NT users access to the
filestore - but I don't want them all to have UNIX access. I suppose I just
give them a shell of /dev/null so that they can't login. Again, which tool
is the best to create the appropriate LDAP entries?
Eventually I will migrate the NT domain to 100% samba. I plan to convert
the new samba server to the PDC for the domain and add a second BDC, which
will have a replica LDAP service running on it.
Help/advice/examples much appreciated.
--
Simon Oliver
More information about the samba
mailing list