[Samba] Windows->LDAP->Samba

Craig White craigwhite at azapple.com
Tue Nov 15 22:45:44 GMT 2005

On Tue, 2005-11-15 at 14:30 -0800, Mont Rothstein wrote:
> Sorry for being so vague, I was tring not to be :-)
> I actually dived in days ago and I am swiming in docs, books, manuals,
> and webpages.
> Part of my challenge is that I'm not ever sure of what questions to
> ask.
> Jeff's reply has helped (thanks Jeff).  Looking up ldap authentication
> has brought me to pages I hadn't seen yet.  I'm not sure which ones I
> want yet, but it is a start.
> I wish are had specific technical questions to ask, I really do.
> I have an LDAP server up and running as well as Samba.  The two may or
> may not be integrated correctly together.
> I believe my next step is to get a windows machine to authenticate to
> the Linux server via LDAP, without having to create a Unix account for
> the user.
> The step after that will be to see if ACLs work.
> If/when I get those two then I think I'll have what I need.
> If you know any good pages on authenticting a windows client to a non-
> PDC Linux Directory Server, I would love to see them.
> Thank you for taking the time to ponder my troubles.
1 - an LDAP user (more accurately I think, a DN) would have both the
objectclasses and attributes relevant for all of the required resources
so your concept of not having to create a Linux account is absurd. If
you don't want the users to have home directories or profiles, there are
ways around that.

# ldapsearch -x -h localhost -D 'uid=craig,ou=People,dc=azapple,dc=com'
-W '(uid=craig)'
Enter LDAP Password:
# extended LDIF
# LDAPv3
# base <> with scope sub
# filter: (uid=craig)
# requesting: ALL

# craig, People, azapple.com
dn: uid=craig,ou=People,dc=azapple,dc=com
shadowLastChange: 12340
sambaLMPassword: NOT-RELEVANT
sambaNTPassword: NOT-RELEVANT
sn: White
givenName: Craig
sambaPwdCanChange: 1091395680
sambaPwdMustChange: 2147483647
sambaPwdLastSet: 1091395680
labeledURI: http://linuxserver/horde/kronolith/fb.php?c=craig
shadowMax: 99999
sambaProfilePath: \\srv1\profiles\craig
sambaLogonScript: logon.bat
cn: Craig White
uidNumber: 500
shadowWarning: 7
sambaPrimaryGroupSID: S-1-5-21-1123456789-0123456789-0123456790-513
sambaAcctFlags: [U          ]
gecos: Craig White
userPassword:: NOT-RELEVANT
mail: craigwhite at azapple.com
uid: craig
sambaHomePath: \\srv1\homes\craig
homeDirectory: /home/craig
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: top
objectClass: calEntry
gidNumber: 500
sambaDomainName: AZAPPLE
sambaSID: S-1-5-21-1123456789-0123456789-0123456790-1000
sambaHomeDrive: h:
calFBURL: http://srv1/horde/kronolith/fb.php?c=craig
loginShell: /bin/bash

keep working


PS - a plug for Gerry's book...

LDAP System Administration by Gerald Carter - getting a little old now,
but still a great book for getting your feet off the ground with ldap

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the samba mailing list