[Samba] Samba with legacy LDAP
lundman at gmo.jp
Wed Apr 22 06:42:53 GMT 2009
Standard ISP hosting with virtual users here. So we already have an
existing system setup, based around OpenLDAP data for customer
information. Currently for WWW hosting, users have FTP access. But FTP
seems to be a hurdle for certain users, so I was thinking about also
offering SMB access in parallel with FTP, so they could just MAP a drive
letter to their WWW area.
Currently the LDAP has user data in "qmail" and POSIX style schema,
which seems to be fairly common. (uidNumber, gidNumber, gecos,
homeDirectory etc). Currently passwords are stored in plain-text.
1) Can I make Samba lookup uid,gid,homeDirectory from LDAP directly? The
new privacy-laws do not allow us to use PAM for the customers as a
whole. I expected to be able to specify LDAP search filter, and a map
between our LDAP attributes and those Samba expects (which appear to
mostly overlap though). But this appears to have been removed?
2) Can I use the plain-text passwords directly, and avoid having to
store nt and lm passwords?
Since with FTP you login as "ftpuser at example.com" with appropriate
password, I was hoping that users could connect to our samba server,
authenticating as "ftpuser at example.com" and same password. It would then
set the share path to the users homeDirectory
(/export/cust14/com/e/x/example/ftpuser/) and use their uid, gid.
Are there other reasons why this could not be done? Anyone already done
something similar? Any pit-falls?
Jorgen Lundman | <lundman at lundman.net>
Unix Administrator | +81 (0)3 -5456-2687 ext 1017 (work)
Shibuya-ku, Tokyo | +81 (0)90-5578-8500 (cell)
Japan | +81 (0)3 -3375-1767 (home)
More information about the samba