[Samba] LDAP + Samba + Windows2003

Nick Sharp nick.sharp at valex.com.au
Wed Dec 10 03:01:26 GMT 2008


If you don't want samba to be the pdc, you can use winbindd to join it to
the windows domain and I am pretty sure authentication requests are via the
domain PDC (whichever way it's configured)

We have a secondary samba machine, which does just this, but against a
samba/ldap pdc. The secondary (with winbindd) has no configuration for ldap
in smb.conf but users authenticate against their domain credentials.

man windbindd

Nick Sharp

e nick.sharp at valex.com.au
p 08 8373 5522

-----Original Message-----
From: samba-bounces+nick.sharp=valex.com.au at lists.samba.org
[mailto:samba-bounces+nick.sharp=valex.com.au at lists.samba.org] On Behalf Of
FC Mario Patty
Sent: Wednesday, December 10, 2008 12:39 PM
To: samba
Subject: Re: [Samba] LDAP + Samba + Windows2003

Hi John,

I'm not an expert in this field (you can see I've thrown a lot of questions
into this mailing list), but I think if you just want to use ldap as
linux/samba password backend, then you don't have to build a PDC. In my case
it's just happen that my domain PDC installed into the same server that I
use as my openLDAP server either, but to let my other samba server to
authenticate against the openLDAP server, it's the pam_ldap and
nsswitch.conf + ldap.conf that matter (if you use RedHat, the authconfig
command and 'smbpasswd -w LDAP-ADMIN-PASSWORD-HERE will handle this for
you). Another prove is my samba server workgroups differs from that of my

Other point, if you want samba to authenticate against the ldap server, you
do need sambaSamAccount. Posix only affects linux or unix authentication.
And with your Windows 2003, linux samba PDC doesn't have to join your
Windows server domain if you just want them authenticating against the ldap
server. It's your windows pcs/servers that have to join samba PDC before you
can authenticate against it. But if what you meant was windows to
authenticate straight to ldap, I've never heard it before (in my case, it's
the PDC that confirms the authentication to the ldap as its password backend
- windows machines don't do that them-selves).

Well, that's my little thought. But still I don't want to misslead you.
Samba or Linux Gurus, please correct this. :)


On Tue, Dec 9, 2008 at 9:29 PM, Allgood, John <jallgood at ohl.com> wrote:

> Hello All
> I am new to the list and have some questions. I want to setup ldap to
> authenticate for Samba and Windows 2003 server. I have done a lot of
> research and everything seems to indicate that I will need to setup
> Samba to be a PDC and have it join the Windows 2003 server domain and
> build samba with a ldap backend. Is there another way to do this so as I
> will not have to setup samba to be a PDC. I have already setup my ldap
> server using posix types accounts. Is this different that the Samba
> accounts.
> Thanks
> John Allgood
> Senior Systems Administrator
> Turbo, division of OHL
> 2251 Jesse Jewell Pky. NE
> Gainesville, GA 30507
> tel: (678) 989-3051  fax: (770) 531-7878
> jallgood at ohl.com
> www.ohl.com
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list