[Samba] Samba PDC + LDAP without local Unix accounts?

Flatfender flatfender at gmail.com
Thu Jan 20 14:30:46 GMT 2005

Related to this topic,  I haven't followed the developments in
Samba/FreeBSD for 6 months or so.  Does Samba 3.0.10/FreeBSD 5.3 work
with LDAP/NSSwitch/Winbind.  I know at one point the getgrent/getpwent
stuff didn't work so you couldn't enumerate native windows groups. 
Has all this been fixed?  I would like to begin building a new samba
box but don't want to waste my time on this combination to find out it
still doesn't work

Thank you,

Matt Pusateri

On Wed, 19 Jan 2005 22:05:56 -0500, Adam Tauno Williams
<awilliam at whitemice.org> wrote:
> > We are trying to use Samba 3.0.10 running on FreeBSD 5.3 to replace a legacy
> > NT4 PDC. Our goal is to use LDAP to centralize all user information and
> > authentication on the network. To that end, we've set up Samba to use LDAP for
> > authentication of all the Windows users. This is working, but Samba seems to
> > require that all Windows account have a matching Unix account as well.
> > This would be fine, except that all of the user profile directories and Samba
> > shares are hosted on a separate machine, making the Unix accounts superfluous.
> > (As far as I know.) If at all possible, we'd like to avoid having to maintain
> > user accounts on both the LDAP server and the Samba PDC. I had entertained the
> > idea of using an LDAP PAM module simulate the Unix accounts, but this is
> > looking more and more like the wrong way to go about it as PAM seems tied
> > strictly to authentication and Samba already handles that part.
> Your confusing PAM and NSS.
> > So to summarize, I'd like to know if a Samba PDC can be authenticate users via
> > an LDAP backand without having to contain local Unix accounts for those users
> > as well.
> You need to have a 'Unix' account;  but your using LDAP, so it doesn't
> need to be 'local'.
> > I confess to not being a Windows or Samba guru, but I have read a lot
> > of documentation and none of it has shed any light on this particular problem.
> > If there's an easy and obvious way to do this, it has eluded me.
> NSS, you probably don't need PAM.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list