[Samba] Re: Using ldap for permissions/authenication

Carlos Rodrigues carlos.efr at mail.telepac.pt
Tue May 10 18:46:05 GMT 2005

Jennifer Fountain wrote:
> Hi all:
> I am currently using Active Directories (via openldap client) to
> authenicate my linux clients and would like to have samba use AD (ldap -
> not winbind) as well.  I really haven't seen any documentation on how to
> implement, however.  Does anyone have any information regarding ldap and
> samba (redhat rpm)?

If you are already using LDAP to authenticate against Active Directory 
(/etc/ldap.conf or /etc/libnss-ldap.conf already configured), then there 
isn't much to do on the Samba side. Samba will see the users as if they 
were local.

You will have to install kerberos (either MIT or Heimdal - configuring 
/etc/krb5.conf not needed) and use an smb.conf with a global section 
somewhat like this:

         workgroup = EXAMPLE
         realm = EXAMPLE.REALM.COM
         server string = My Server
         security = ADS
         password server = *
         local master = No
         invalid users = root
         read only = No

Then do an "net ads join -U Administrator" to join the box to the domain.

There is no need to have winbind running (and it shouldn't).

The only snag with this setup is that permissions (on the file/folder 
"security" tab) will show as "YOURSAMBASERVER\user" instead of 
"DOMAIN\user", but that's only cosmetic as it works just fine (I guess 
it behaves somewhat like if a trust was in place with the samba server).

Carlos Rodrigues

More information about the samba mailing list