[Samba] Authenticate Samba with an LDAP w/o the schema

LiPi - lipixx at gmail.com
Sun Nov 29 09:59:00 MST 2009


It's not possible because Windows doesn't use a uid for the authentication.
It uses an user identificator called sambaSID, and in order to log into
windows throught an LDAP server, you need to be in a Samba Domain. A Samba
Domain also have a sambaSID. The last 3 numbers of a user sambaSID identify
wich kind of user it is, administrator, machine, normal usr, etc.
Furthermore a machine which is in a samba Domain needs also a samba account
with a sambaSID. All the sambaAccounts for users, machines, administrators,
groups, and so on, need some special attributes like the password. The
password is encrypted in a different way than unix passwords, the attribute
is called sambaNTPassword or sambaLMPassword dependings of the windows
version.

So, you can't make your windows login to a LDAP without "setting" your LDAP
server.

The other question is if you only use samba shares. If you want to give
access to ldap users only.. I think that the only way that you have is to
create some scripts to manage these, but it's not a very elegant solution.
Getting the ldap users every x time, and smbpasswd to the new ones...

The best solution is to make an include to the slapd.conf to the samba
schema.. but if you doesn't own the server I think that the only way you
have is to "think".

LiPi

2009/11/28 Fabrizio Reale <fabrizio.reale at redomino.com>

> Hi all,
> I'd like to authenticate my fresh Samba installation against an LDAP server
> without the Samba schema. Obviously I cannot touch it.
>
> So I'd like to use LDAP just for the authentication without getting
> the UID and the other parameters from it.
> I can use the same UID, home folder and so on for all the users, the only
> important thing is to provide access only to the LDAP users.
>
> Is it possible?
>
> Thank you,
> Fabrizio
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list