[Samba] Re: LDAP+Samba only posixaccount possible?

Jamrock news_jamrock at yahoo.com
Sat Aug 12 14:03:34 GMT 2006

"Juha-Matti Ung" <jung at mail.suomi.net> wrote in message
news:fa3effca478.44dc84f4 at suomi.net...
> Hi!Is it possible to get the samba authenticate a user and map to his
homedirectory only using posixaccount or are there some attributes that
windows absolutely require like in the samba-objectclasses?Any configuration
examples if this is possible.I have been experimenting with pam.d/samba
using pam_ldap.so module, but no success so far.Currently I have setup the
server so it can authenticate a ssh user from ldap, using posixaccount
attributes. and that works great.Thanks
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

Not as far as I know.  Windows networking needs Windows specific
authentication information.  At the same time any user on a Linux box needs
Linux specific authentication (posix).

Samba essentially creates a Windows user and  a Linux user with the same
user ID.  The accounts are mapped to each other.

Some will argue that it is one account, but for all intents and purposes it
is two accounts.  The process is more obvious when you look at the creation
of Windows groups.  The Windows group maps to a Linux group.

When I set up my first domain controller, I did not use the smbldap add user
script.  I used standard Linux useradd commands.

When I added a user via User Manager for Domains, it created the Windows
information in the ldap directory and the Linux information in the
/etc/passwd file.  User authentication worked quite well.

When I started using the smbldap scripts, both the Windows info. and the
Linux info were stored in ldap.

Since the Windows user account is mapped to the Linux user account, any
security/access restrictions you place on the Linux account will apply to
the Windows account.  In other words, you can set user access to shares
using Linux and the Windows account will be restricted.

So to answer your question, if you only use posix values, you are missing
half of the equation.

More information about the samba mailing list