[Samba] question concerning ldapsam:editposix and winbind
Adam Williams
awilliam at mdah.state.ms.us
Wed Jan 16 18:26:00 GMT 2008
yes, linux distros require nss_ldap and pam_ldap to authenticate linux
shell accounts against ldap. if you are using fedora/centos you can use
authconfig and select ldap and put in the required info. and you'll
need to add ldap to the passwd: shadow: and group: entries in
/etc/nsswitch.conf
authconfig will configure /etc/ldap.conf and edd the required ldap
attributes to /etc/pam.d/system-auth
not sure about freebsd but it shouldn't be too different. (famous last
words!)
to convert your existing /etc/passwd users to ldap, you can use the PADL
migration tools.
Andrew Richey wrote:
> Well, it looks like I would have to use pam_ldap and nss_ldap to make
> this work. Or so I think... Wondering if all the Linux distros
> require these too, to authenticate off of ldap.
>
> Andrew Richey wrote:
>> Hey guys,
>>
>> I've gotten my samba + openldap running quite well, minus one problem
>> (that I know about). I've read over plenty of documentation, the
>> official and other wiki's and such. I believe I have winbind working
>> correctly, so I assume I won't have to use external scripts to add
>> groups/users/etc..
>>
>> But isn't there something one must do in order for their OS (in my
>> case FreeBSD 6.2) to use my ldap server instead of /etc/passwd and
>> /etc/group files? I'm unable to change the Administrator users
>> password because I have no Unix account for it, and I assume it's
>> looking for that in /etc/passwd. On the same token, I can add
>> another user who already exists in my /etc/password (the local user
>> I added during the installation of FreeBSD). And it shows up
>> sucsessfully in my ldap server.
>>
>> At first I was thinking that the ...
>>
>> ldapsam:trusted= yes
>> ldapsam:editposix= yes
>>
>> ..handled this issue, via winbind. But that might be a
>> misunderstanding on my part. Anyone have any ideas?
More information about the samba
mailing list