[Samba] LDAP + Samba + Windows2003

FC Mario Patty fcmario76 at gmail.com
Wed Dec 10 02:09:11 GMT 2008 

Hi John,

I'm not an expert in this field (you can see I've thrown a lot of questions
into this mailing list), but I think if you just want to use ldap as
linux/samba password backend, then you don't have to build a PDC. In my case
it's just happen that my domain PDC installed into the same server that I
use as my openLDAP server either, but to let my other samba server to
authenticate against the openLDAP server, it's the pam_ldap and
nsswitch.conf + ldap.conf that matter (if you use RedHat, the authconfig
command and 'smbpasswd -w LDAP-ADMIN-PASSWORD-HERE will handle this for
you). Another prove is my samba server workgroups differs from that of my
PDC.

Other point, if you want samba to authenticate against the ldap server, you
do need sambaSamAccount. Posix only affects linux or unix authentication.
And with your Windows 2003, linux samba PDC doesn't have to join your
Windows server domain if you just want them authenticating against the ldap
server. It's your windows pcs/servers that have to join samba PDC before you
can authenticate against it. But if what you meant was windows to
authenticate straight to ldap, I've never heard it before (in my case, it's
the PDC that confirms the authentication to the ldap as its password backend
- windows machines don't do that them-selves).

Well, that's my little thought. But still I don't want to misslead you.
Samba or Linux Gurus, please correct this. :)

Cheers,




On Tue, Dec 9, 2008 at 9:29 PM, Allgood, John <jallgood at ohl.com> wrote:

> Hello All
>
>
>
> I am new to the list and have some questions. I want to setup ldap to
> authenticate for Samba and Windows 2003 server. I have done a lot of
> research and everything seems to indicate that I will need to setup
> Samba to be a PDC and have it join the Windows 2003 server domain and
> build samba with a ldap backend. Is there another way to do this so as I
> will not have to setup samba to be a PDC. I have already setup my ldap
> server using posix types accounts. Is this different that the Samba
> accounts.
>
>
>
> Thanks
>
>
>
> John Allgood
> Senior Systems Administrator
> Turbo, division of OHL
> 2251 Jesse Jewell Pky. NE
> Gainesville, GA 30507
> tel: (678) 989-3051  fax: (770) 531-7878
> jallgood at ohl.com
>
> www.ohl.com
>
>

More information about the samba mailing list