[Samba] Windows->LDAP->Samba

Craig White craigwhite at azapple.com
Tue Nov 15 22:45:44 GMT 2005 

On Tue, 2005-11-15 at 14:30 -0800, Mont Rothstein wrote:
> Sorry for being so vague, I was tring not to be :-)
> 
> I actually dived in days ago and I am swiming in docs, books, manuals,
> and webpages.
> 
> Part of my challenge is that I'm not ever sure of what questions to
> ask.
> 
> Jeff's reply has helped (thanks Jeff).  Looking up ldap authentication
> has brought me to pages I hadn't seen yet.  I'm not sure which ones I
> want yet, but it is a start.
> 
> I wish are had specific technical questions to ask, I really do.
> 
> I have an LDAP server up and running as well as Samba.  The two may or
> may not be integrated correctly together.
> 
> I believe my next step is to get a windows machine to authenticate to
> the Linux server via LDAP, without having to create a Unix account for
> the user.
> 
> The step after that will be to see if ACLs work.
> 
> If/when I get those two then I think I'll have what I need.
> 
> If you know any good pages on authenticting a windows client to a non-
> PDC Linux Directory Server, I would love to see them.
> 
> Thank you for taking the time to ponder my troubles.
> 
----
1 - an LDAP user (more accurately I think, a DN) would have both the
objectclasses and attributes relevant for all of the required resources
so your concept of not having to create a Linux account is absurd. If
you don't want the users to have home directories or profiles, there are
ways around that.

# ldapsearch -x -h localhost -D 'uid=craig,ou=People,dc=azapple,dc=com'
-W '(uid=craig)'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (uid=craig)
# requesting: ALL
#

# craig, People, azapple.com
dn: uid=craig,ou=People,dc=azapple,dc=com
shadowLastChange: 12340
sambaLMPassword: NOT-RELEVANT
sambaNTPassword: NOT-RELEVANT
sn: White
givenName: Craig
sambaPwdCanChange: 1091395680
sambaPwdMustChange: 2147483647
sambaPwdLastSet: 1091395680
labeledURI: http://linuxserver/horde/kronolith/fb.php?c=craig
shadowMax: 99999
sambaProfilePath: \\srv1\profiles\craig
sambaLogonScript: logon.bat
cn: Craig White
uidNumber: 500
shadowWarning: 7
sambaPrimaryGroupSID: S-1-5-21-1123456789-0123456789-0123456790-513
sambaAcctFlags: [U          ]
gecos: Craig White
userPassword:: NOT-RELEVANT
mail: craigwhite at azapple.com
uid: craig
sambaHomePath: \\srv1\homes\craig
homeDirectory: /home/craig
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: top
objectClass: calEntry
gidNumber: 500
sambaDomainName: AZAPPLE
sambaSID: S-1-5-21-1123456789-0123456789-0123456790-1000
sambaHomeDrive: h:
calFBURL: http://srv1/horde/kronolith/fb.php?c=craig
loginShell: /bin/bash

keep working

Craig

PS - a plug for Gerry's book...

LDAP System Administration by Gerald Carter - getting a little old now,
but still a great book for getting your feet off the ground with ldap


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the samba mailing list