[Samba] Windows->LDAP->Samba

Tue Nov 15 22:04:05 GMT 2005

On Tue, 2005-11-15 at 12:23 -0800, Mont Rothstein wrote:
> I am hoping someone can tell me if I am trying something that can't be done.
> 
> What I would like to be able to do is setup a Linux file server that Windows
> users can use, including the use of ACLs. AFIK this should not be a problem.
> 
> The way I would like to go about doing this is what may be a problem.
> 
> I would like to be able to add a user to the Directory Server (Fedora) and
> only via interaction with the Directory Server enable the user to access the
> Linux file server via Samba. The Samba server would simply be a file server,
> not a PDC. Everything I have found thus far seems to require that I manually
> create a Unix account for each user, and then add the Unix user to Samba and
> LDAP.
> 
> Is the way I want to do this not possible, or am I simply reading the wrong
> docs/being a foolish noobie?
> 
> I should also note that I am not tied to Fedora Directory Server if OpenLDAP
> can do this but Fedora can't.
> 
> If anyone can confirm that I can/can not do what I want I would greatly
> appreciate it.
----
You make it really difficult to answer this because your questions focus
only on the Posix side and what we are dealing with is Windows
authentication and access to resources and obviously we need to account
for Windows expectations for the Windows client to have a usable
experience.

LDAP can be a bunch of different things because it is a piece of putty
to be shaped however you choose - the various implementations may or may
not be limiting factors.

Samba's expectations is that it ties a Windows authentication (generally
a password hash and SID) to a Posix Account (a shell valid or not and a
home directory) and the combination is used to evaluate access to
resources. The beauty of open source is that the tools are there for you
to modify as you see fit but you must always keep in mind that it's
easier to swim in the direction of the tides.

If your question is Fedora Directory Server or openldap, I simply can't
answer that because I only have used openldap - perhaps some others can.
I can tell you that for the most part, data can be migrated between the
two (possibly with some editing but knowledge of perl/sed etc. can make
that a much easier task) and that the knowledge of one ldap server will
certainly leverage against learning the other.

The only way for you to actually answer your question is to jump in
because your question is a bit too general on all things windows and all
things ldap to give you a specific answer.

Craig

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.