[Samba] Samba PDC + LDAP without local Unix accounts?

Charles Ulrich charles at idealso.com
Thu Jan 20 02:43:55 GMT 2005


We are trying to use Samba 3.0.10 running on FreeBSD 5.3 to replace a legacy
NT4 PDC. Our goal is to use LDAP to centralize all user information and
authentication on the network. To that end, we've set up Samba to use LDAP for
authentication of all the Windows users. This is working, but Samba seems to
require that all Windows account have a matching Unix account as well.

This would be fine, except that all of the user profile directories and Samba
shares are hosted on a separate machine, making the Unix accounts superfluous.
(As far as I know.) If at all possible, we'd like to avoid having to maintain
user accounts on both the LDAP server and the Samba PDC. I had entertained the
idea of using an LDAP PAM module simulate the Unix accounts, but this is
looking more and more like the wrong way to go about it as PAM seems tied
strictly to authentication and Samba already handles that part.

So to summarize, I'd like to know if a Samba PDC can be authenticate users via
an LDAP backand without having to contain local Unix accounts for those users
as well. I confess to not being a Windows or Samba guru, but I have read a lot
of documentation and none of it has shed any light on this particular problem.
If there's an easy and obvious way to do this, it has eluded me.

Thanks in advance for taking the time to respond.

Charles Ulrich
Ideal Solution, LLC - http://www.idealso.com

More information about the samba mailing list