[Samba] multiple passdb backends: ldaps for users, everything
else locally?
Paul Gienger
pgienger at ae-solutions.com
Mon Jun 21 13:36:57 GMT 2004
Marc Petitmermet wrote:
> dear list members
>
> is it possible to only have the users authenticate against an external
> ldap server and everything else managed locally on the samba server?
> the problem is that i only can authenticate against the central ldap
> but not write to it. this means that samba "root" as well as all
> machine accounts have to be managed locally and the users' homes
> information is retrieved by nis.
In your situation, you can't modify the users' entries in LDAP to add
the samba information either I would guess. For this type of a
situation, use either the password file (is the option smbpasswd?) or
tdbsam. You don't need to specify that ldap is involved at all. This
is the same way that a single workstation has user entries in the passwd
file and then samba maintains its own user information file.
>
> in the manual page of smb.conf i read the following:
>
> "Multiple backends can be specified, separated by spaces. The backends
> will be searched in the order they are specified. New users are always
> added to the first backend specified."
>
> now, when i define the passdb backends as following in this order does
> my intention work?
>
> passdb backend = tdbsam ldapsam:ldaps://ldaps01.domain.com
>
> "root" is defined locally in tdbsam, all users in ldap. machines are
> also added locally.
>
> regards,
> marc
>
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc. Cell: 701-306-6254
Information Systems Consultant Fax: 701-281-1322
URL: www.ae-solutions.com mailto:pgienger at ae-solutions.com
More information about the samba
mailing list