[Samba] Re: Using ldap for permissions/authenication
carlos.efr at mail.telepac.pt
Tue May 10 18:46:05 GMT 2005
Jennifer Fountain wrote:
> Hi all:
> I am currently using Active Directories (via openldap client) to
> authenicate my linux clients and would like to have samba use AD (ldap -
> not winbind) as well. I really haven't seen any documentation on how to
> implement, however. Does anyone have any information regarding ldap and
> samba (redhat rpm)?
If you are already using LDAP to authenticate against Active Directory
(/etc/ldap.conf or /etc/libnss-ldap.conf already configured), then there
isn't much to do on the Samba side. Samba will see the users as if they
You will have to install kerberos (either MIT or Heimdal - configuring
/etc/krb5.conf not needed) and use an smb.conf with a global section
somewhat like this:
workgroup = EXAMPLE
realm = EXAMPLE.REALM.COM
server string = My Server
security = ADS
password server = *
local master = No
invalid users = root
read only = No
Then do an "net ads join -U Administrator" to join the box to the domain.
There is no need to have winbind running (and it shouldn't).
The only snag with this setup is that permissions (on the file/folder
"security" tab) will show as "YOURSAMBASERVER\user" instead of
"DOMAIN\user", but that's only cosmetic as it works just fine (I guess
it behaves somewhat like if a trust was in place with the samba server).
More information about the samba