[Samba] Samba PDC + LDAP without local Unix accounts?
Adam Tauno Williams
awilliam at whitemice.org
Thu Jan 20 03:05:56 GMT 2005
> We are trying to use Samba 3.0.10 running on FreeBSD 5.3 to replace a legacy
> NT4 PDC. Our goal is to use LDAP to centralize all user information and
> authentication on the network. To that end, we've set up Samba to use LDAP for
> authentication of all the Windows users. This is working, but Samba seems to
> require that all Windows account have a matching Unix account as well.
> This would be fine, except that all of the user profile directories and Samba
> shares are hosted on a separate machine, making the Unix accounts superfluous.
> (As far as I know.) If at all possible, we'd like to avoid having to maintain
> user accounts on both the LDAP server and the Samba PDC. I had entertained the
> idea of using an LDAP PAM module simulate the Unix accounts, but this is
> looking more and more like the wrong way to go about it as PAM seems tied
> strictly to authentication and Samba already handles that part.
Your confusing PAM and NSS.
> So to summarize, I'd like to know if a Samba PDC can be authenticate users via
> an LDAP backand without having to contain local Unix accounts for those users
> as well.
You need to have a 'Unix' account; but your using LDAP, so it doesn't
need to be 'local'.
> I confess to not being a Windows or Samba guru, but I have read a lot
> of documentation and none of it has shed any light on this particular problem.
> If there's an easy and obvious way to do this, it has eluded me.
NSS, you probably don't need PAM.
More information about the samba