[Samba] Samba authentication/authorization via LDAP

Dwight Tovey dwight at dtovey.net
Sun Jun 27 17:03:12 GMT 2004

Hello all

I'm trying once again to get a Samba server set up on a Slackware Linux
system for a small office (much less than 100 users).  There will be
multiple domains on this system (say foo.com, bar.com, ...) with the users
scattered between these domains.  We want to use LDAP to authenticate the
users and provide authorization info.  There are no Windows domain
controllers available.  All client machines are either NT2000 or Windows
XP.  No users will ever log in to the Linux box, and we don't even want to
create /etc/passwd entries for them (all user info should be maintained in

Do I need to use nss_ldap?  Doesn't that module only provide a means for
the system to find user info in LDAP when the user logs in to Linux? 
Since that will never happen, I shouldn't need it?

Same thing for PAM?

What about winbind?  I read in the archives that it is only needed to
provide a mapping between SID and UID.  If we store UID info directly in
LDAP, do we need to run winbind at all?

How should I handle the multiple domains issue?  I see where the
samba.schema has 'sambaDomainName'.  How is that used when the user logs
in?  In other words, how does 'user1 at foo.com' specifiy his login on his
Windows machine?  Does he just enter 'user1' and the system assigns him to
'foo.com'?  Is there any way for a user to be a member of multiple

Can a user be a member of multiple groups?  Say 'accounting' and
'marketing' in bar.com?  I'll save cross-domain groups for some other

Thanks for any help.
Dwight N. Tovey
email: dwight at dtovey.net
web: http://www.dtovey.net/~dwight
Heard about the new restaurant on the moon?  Great food but no atmosphere.

More information about the samba mailing list