[Samba] LDAP + Samba + Windows2003

[Allgood, John]

Greetings

My goal is to create a single sign on system so that all the user
accounts can be managed from one point. I already have all the users in
ldap posix and have several machines authenticating against it. Now I
have Windows 2003 server and Samba that I need to tie into ldap and was
not sure how best to accomplish this. My confusion is over posix versus
samba sam accounts could someone clarify that for me.

Thanks

-----Original Message-----
From: samba-bounces+jallgood=ohl.com at lists.samba.org
[mailto:samba-bounces+jallgood=ohl.com at lists.samba.org] On Behalf Of FC
Mario Patty
Sent: Tuesday, December 09, 2008 9:09 PM
To: samba
Subject: Re: [Samba] LDAP + Samba + Windows2003

Hi John,

I'm not an expert in this field (you can see I've thrown a lot of
questions
into this mailing list), but I think if you just want to use ldap as
linux/samba password backend, then you don't have to build a PDC. In my
case
it's just happen that my domain PDC installed into the same server that
I
use as my openLDAP server either, but to let my other samba server to
authenticate against the openLDAP server, it's the pam_ldap and
nsswitch.conf + ldap.conf that matter (if you use RedHat, the authconfig
command and 'smbpasswd -w LDAP-ADMIN-PASSWORD-HERE will handle this for
you). Another prove is my samba server workgroups differs from that of
my
PDC.

Other point, if you want samba to authenticate against the ldap server,
you
do need sambaSamAccount. Posix only affects linux or unix
authentication.
And with your Windows 2003, linux samba PDC doesn't have to join your
Windows server domain if you just want them authenticating against the
ldap
server. It's your windows pcs/servers that have to join samba PDC before
you
can authenticate against it. But if what you meant was windows to
authenticate straight to ldap, I've never heard it before (in my case,
it's
the PDC that confirms the authentication to the ldap as its password
backend
- windows machines don't do that them-selves).

Well, that's my little thought. But still I don't want to misslead you.
Samba or Linux Gurus, please correct this. :)

Cheers,




On Tue, Dec 9, 2008 at 9:29 PM, Allgood, John <jallgood at ohl.com> wrote:

> Hello All
>
>
>
> I am new to the list and have some questions. I want to setup ldap to
> authenticate for Samba and Windows 2003 server. I have done a lot of
> research and everything seems to indicate that I will need to setup
> Samba to be a PDC and have it join the Windows 2003 server domain and
> build samba with a ldap backend. Is there another way to do this so as
I
> will not have to setup samba to be a PDC. I have already setup my ldap
> server using posix types accounts. Is this different that the Samba
> accounts.
>
>
>
> Thanks
>
>
>
> John Allgood
> Senior Systems Administrator
> Turbo, division of OHL
> 2251 Jesse Jewell Pky. NE
> Gainesville, GA 30507
> tel: (678) 989-3051  fax: (770) 531-7878
> jallgood at ohl.com
>
> www.ohl.com
>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba