[Samba] Re: Simple LDAP backend question
novosirj at umdnj.edu
Fri Jan 4 05:15:33 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
> "Ryan Novosielski" <novosirj at umdnj.edu> wrote in message
> news:477D2C28.7070705 at umdnj.edu...
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> Is it required to use LDAP for both POSIX/UNIX accounts and for Samba,
>> or can one move only the smbpasswd file to LDAP without impacting the
>> standard UNIX passwd file at all?
> Interesting question. Just a little background info. so we are all on the
> same page.
> Each Samba user must have a Linux (POSIX) account in order to access the
> Linux machine. It must also have some Samba (Windows) information for it to
> work as a Windows domain controller.
> If you use the smbldap tools to manage the addition and deletion of users,
> they will add the POSIX and the Samba user info to the LDAP directory. This
> will happen because your add user script in the smb.conf file will point to
> the relevant smbldap add user script.
> You would typically configure the /etc/nsswitch.conf file to tell the Linux
> machine to look for user names and passwords in the LDAP directory. That
> way the user does not need to exist in the /etc/passwd file.
> So far so good.
> I understand from what you are saying that you want to
> separate the POSIX (Linux) information from the Samba information. You want
> to keep the POSIX information in the /etc/passwd file and the Samba
> information in the LDAP directory. Each user's authentication information
> will be stored in both locations.
> To do this you should not use the add user script from the smbldap tools.
> Instead use the standard Linux "add user" command in a script to add the
> user. I have done this in the past. It adds Samba info. to LDAP and
> creates the user account in the /etc/passwd file.
> Your smb.conf file should look something like
> add user script = /usr/sbin/useradd -m '%u'
> add machine script = /usr/sbin/useradd -M '%u'
> add group script = /usr/sbin/groupadd '%g'
> Typically I use the User Manager for Domains to add and delete users. Not
> sure how things will work with other tools.
> I guess you can use the smbldap tools to populate the LDAP database with the
> standard Windows users and groups but use the Linux commands in the add user
> I haven't tried this since the early versions of Samba 3.x. Let me know how
> it works out.
Sounds rather much like what I'm looking for. I really don't use the add
user/group script right now anyway, just add machine.
What is seems like you're saying is that I can migrate all of the stuff
from /etc/passwd to LDAP and then just never change nsswitch for UNIX
and only make Samba use the ldap, and setting the parameters as above.
---- _ _ _ _ ___ _ _ _
|Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II
|$&| |__| | | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba