[Samba] Re: Samba 3.0.25b as a domain member to a Samba PDC
Jamrock
news_jamrock at yahoo.com
Sun Mar 30 16:07:27 GMT 2008
"Greg Zartman" <greg at leiinc.com> wrote in message
news:47EC4BDC.6010600 at leiinc.com...
> I've been using Samba for about 7 years of so, but have hit a hurdle I
> just can't seem to figure out.
>
> I want to setup samba domain member servers to be members of a samba
> 3.0.25 (NT4 type) domain. No windbind, LDAP, or any other of the more
> complex authentication mechanism. This is the same functionality going
> way back to Samba 2.2, or so. In fact, I successfully did this on samba
> 2.2, but simply can't get it to work on samba 3. I've been hammering
> away for two days and
I would recommend having a look at Chapter 7 in "Samba by Example". The
book is available at www.samba.org.
Here are a few points to keep in mind.
A user cannot access a Linux machine unless he is authenticated by the
machine.
A samba user account is mapped to a Linux user account. The security and
authentication of the Samba account is related to security and
authentication of the related Linux user account.
Linux has several options for authenticating users. These include the
/etc/file, Winbind and LDAP. With LDAP you basically configure Linux to use
LDAP as an additional means of authentication. The LDAP database can be
stored locally on the Linux box or on another Linux box.
For your Samba users to authenticate against the Linux member server, the
member server must have a means of authenticating the Linux account to which
they are associated.
With LDAP, you can configure Linux to authenticate against the same LDAP
database that the domain controller uses. That way, you have a single sign
on.
LDAP and Winbind are the best options to achieve your goal. If you don't
want to use them, you must create a user account for each user on the Linux
member server.
To automate the process and let it happen automatically, you can use an "add
user script" in the member server's smb.conf file. Basically this script
will add a user once he is authenticated by the domain controller.
The following article shows one option of automating the process. This is
how I used to do it back in the Samba 2.x days.
http://www.samag.com/documents/s=7666/sam0211e/0211e.htm
More information about the samba
mailing list