[Samba] Samba PDC + LDAP without local Unix accounts?
Flatfender
flatfender at gmail.com
Thu Jan 20 14:30:46 GMT 2005
Related to this topic, I haven't followed the developments in
Samba/FreeBSD for 6 months or so. Does Samba 3.0.10/FreeBSD 5.3 work
with LDAP/NSSwitch/Winbind. I know at one point the getgrent/getpwent
stuff didn't work so you couldn't enumerate native windows groups.
Has all this been fixed? I would like to begin building a new samba
box but don't want to waste my time on this combination to find out it
still doesn't work
Thank you,
Matt Pusateri
On Wed, 19 Jan 2005 22:05:56 -0500, Adam Tauno Williams
<awilliam at whitemice.org> wrote:
> > We are trying to use Samba 3.0.10 running on FreeBSD 5.3 to replace a legacy
> > NT4 PDC. Our goal is to use LDAP to centralize all user information and
> > authentication on the network. To that end, we've set up Samba to use LDAP for
> > authentication of all the Windows users. This is working, but Samba seems to
> > require that all Windows account have a matching Unix account as well.
>
> YES
>
> > This would be fine, except that all of the user profile directories and Samba
> > shares are hosted on a separate machine, making the Unix accounts superfluous.
> > (As far as I know.) If at all possible, we'd like to avoid having to maintain
> > user accounts on both the LDAP server and the Samba PDC. I had entertained the
> > idea of using an LDAP PAM module simulate the Unix accounts, but this is
> > looking more and more like the wrong way to go about it as PAM seems tied
> > strictly to authentication and Samba already handles that part.
>
> Your confusing PAM and NSS.
>
> > So to summarize, I'd like to know if a Samba PDC can be authenticate users via
> > an LDAP backand without having to contain local Unix accounts for those users
> > as well.
>
> You need to have a 'Unix' account; but your using LDAP, so it doesn't
> need to be 'local'.
>
> > I confess to not being a Windows or Samba guru, but I have read a lot
> > of documentation and none of it has shed any light on this particular problem.
> > If there's an easy and obvious way to do this, it has eluded me.
>
> NSS, you probably don't need PAM.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list