[Samba] Samba Server inside AD Realm
richard at net-solutions.net.nz
Mon Oct 11 00:31:54 GMT 2004
This one has been puzzling me for quite a while now. I have been able to
set up Samba 3 as an NT4 DC replacement, using the passdb backend. For
other applications, I have run Samba and Winbind alongside a Windows
Server 2003 Domain Controller and used distributed authentication across
the two platforms.
What I would like to do now is to use Samba in what is effectively a
BDC-type role. I have read a few resources, in particular the Samba
Howto Collection, which mention that this is not possible. However, I'm
not giving up hope yet.
If I am running Winbind successfully, I can set a Windows domain
user/group as the owner of a file.
If I add POSIX ACL support, then I also gain the ability to extend
permissions in a Windows-ish manner.
What's missing, then, is an authentication medium. In short, the Samba
passdb backend is the hurdle. Am I correct in this assumption? If so,
then why can we not run Samba in backend-less mode? As the user database
is already distributed across onto the Samba server (by correct setup of
winbind) I don't see why we need another backend at all. Sure, grab the
username and password from the clients, but PAM-ify the authentication
medium so we use the database already in existence.
Is it possible to run Samba in this mode?
Hoping someone can help. I may be totally ambitious too, I realise :)
More information about the samba