[Samba] Windows->LDAP->Samba

Mont Rothstein mont.rothstein at gmail.com
Tue Nov 15 22:30:52 GMT 2005

Sorry for being so vague, I was tring not to be :-)

I actually dived in days ago and I am swiming in docs, books, manuals, and

Part of my challenge is that I'm not ever sure of what questions to ask.

Jeff's reply has helped (thanks Jeff). Looking up ldap authentication has
brought me to pages I hadn't seen yet. I'm not sure which ones I want yet,
but it is a start.

I wish are had specific technical questions to ask, I really do.

I have an LDAP server up and running as well as Samba. The two may or may
not be integrated correctly together.

I believe my next step is to get a windows machine to authenticate to the
Linux server via LDAP, without having to create a Unix account for the user.

The step after that will be to see if ACLs work.

If/when I get those two then I think I'll have what I need.

If you know any good pages on authenticting a windows client to a non-PDC
Linux Directory Server, I would love to see them.

Thank you for taking the time to ponder my troubles.


On 11/15/05, Craig White <craigwhite at azapple.com> wrote:
> On Tue, 2005-11-15 at 12:23 -0800, Mont Rothstein wrote:
> > I am hoping someone can tell me if I am trying something that can't be
> done.
> >
> > What I would like to be able to do is setup a Linux file server that
> Windows
> > users can use, including the use of ACLs. AFIK this should not be a
> problem.
> >
> > The way I would like to go about doing this is what may be a problem.
> >
> > I would like to be able to add a user to the Directory Server (Fedora)
> and
> > only via interaction with the Directory Server enable the user to access
> the
> > Linux file server via Samba. The Samba server would simply be a file
> server,
> > not a PDC. Everything I have found thus far seems to require that I
> manually
> > create a Unix account for each user, and then add the Unix user to Samba
> and
> > LDAP.
> >
> > Is the way I want to do this not possible, or am I simply reading the
> wrong
> > docs/being a foolish noobie?
> >
> > I should also note that I am not tied to Fedora Directory Server if
> OpenLDAP
> > can do this but Fedora can't.
> >
> > If anyone can confirm that I can/can not do what I want I would greatly
> > appreciate it.
> ----
> You make it really difficult to answer this because your questions focus
> only on the Posix side and what we are dealing with is Windows
> authentication and access to resources and obviously we need to account
> for Windows expectations for the Windows client to have a usable
> experience.
> LDAP can be a bunch of different things because it is a piece of putty
> to be shaped however you choose - the various implementations may or may
> not be limiting factors.
> Samba's expectations is that it ties a Windows authentication (generally
> a password hash and SID) to a Posix Account (a shell valid or not and a
> home directory) and the combination is used to evaluate access to
> resources. The beauty of open source is that the tools are there for you
> to modify as you see fit but you must always keep in mind that it's
> easier to swim in the direction of the tides.
> If your question is Fedora Directory Server or openldap, I simply can't
> answer that because I only have used openldap - perhaps some others can.
> I can tell you that for the most part, data can be migrated between the
> two (possibly with some editing but knowledge of perl/sed etc. can make
> that a much easier task) and that the knowledge of one ldap server will
> certainly leverage against learning the other.
> The only way for you to actually answer your question is to jump in
> because your question is a bit too general on all things windows and all
> things ldap to give you a specific answer.
> Craig
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list