[Samba] Samba with legacy LDAP
Jorgen Lundman
lundman at gmo.jp
Thu Apr 23 00:16:41 GMT 2009
Thanks for your reply,
> Connecting to SMB/CIFS over the internet tends to be extremely slow. I'm
> not sure why that should be the case, but having played with direct
> access over the internet vs over a VPN, the internet one is
> substantially slower (to the point of being practically unusable). That
> might be less of an issue if you are their ISP.
That we are. Bandwidth in Japan is pretty good. But even then, I get the
feeling some users would be happy with slow but "easier" means of
accessing their content. But I guess that depends on just how bad it is,
but naturally I am setting up a proof-of-concept on the test system first.
> Mapping a drive could also cause problems. In the past I have had issues
> with very long delays opening My Computer when network drives are slow
> to respond. I've just tried to replicate this issue and it doesn't
> appear to be a problem in Vista but I have certainly seen it with some
> versions of XP.
This is true, I experienced this in my past. But perhaps not a permanent
mapping, if there was a icon the could double click or similar, to
temporarily set up the drive. I will keep that in mind.
> I hesitate to say that storing passwords in plain-text is "good", but in
> this case it will greatly simplify things. You will need to add the
> samba schema.
I know, I know.. in the past, there was no choice with some software.
CHAP/SAUTH etc, needed it. Recently, most software can do auth-bind on a
leaf for testing which is much better.
There is no way around adding Samba schema? Not that is a big deal, but
curious. Can I perhaps ask samba to merely query a script for
authentication and retrieval of uid/gid/homeDirectory? If so, I could
(temporarily) work around the schema.
> Samba is able to talk to LDAP directly and fully understands the fields
> in the POSIX schema, there are plenty of OSs supported by Samba that
> don't use PAM (Slackware, AIX, probably the various BSDs).
Ok so it will get the attributes without PAM, but the schema and
attribute-names are hard-coded.
> Not without having to make changes to how the client PCs will
> authenticate, so pretty much "no". However since you have the passwords
> in plaintext it isn't too much of a hassle to generate the hashes.
Perhaps I should ignore LDAP and simply add a smbpasswd user and test it
first.
Lund
--
Jorgen Lundman | <lundman at lundman.net>
Unix Administrator | +81 (0)3 -5456-2687 ext 1017 (work)
Shibuya-ku, Tokyo | +81 (0)90-5578-8500 (cell)
Japan | +81 (0)3 -3375-1767 (home)
More information about the samba
mailing list