[Samba] Authenticate Samba with an LDAP w/o the schema

Kevin Keane subscription at kkeane.com
Sun Nov 29 13:01:50 MST 2009

There are a few ways you could do it, but none of them are good.

Basically, the principle has to be that because you can't touch the LDAP server, you have to use user name/passwords for authentication. The situation is fundamentally the same as if you had your users listed in /etc/passwd, so all the same techniques should still work (albeit with modifications).

Here are the options. Sorry I can't provide details, only outlines to get you started.

- Turn off CHAP and use plain text passwords. VERY bad idea, but it should work. You will probably have to configure PAM to authenticate against the LDAP server - I'm not quite sure exactly how to do that.

- Use smbpasswd to store the Samba passwords, and use Samba's various mechanisms to keep the passwords in sync between LDAP and smbpasswd.

- What kind of LDAP server is it? It may offer some other mechanism that you can use. For instance, Active Directory would work easily by having your Samba server join the AD domain.

> -----Original Message-----
> From: samba-bounces at lists.samba.org [mailto:samba-
> bounces at lists.samba.org] On Behalf Of Fabrizio Reale
> Sent: Saturday, November 28, 2009 8:22 AM
> To: samba at lists.samba.org
> Subject: [Samba] Authenticate Samba with an LDAP w/o the schema
> Hi all,
> I'd like to authenticate my fresh Samba installation against an LDAP
> server
> without the Samba schema. Obviously I cannot touch it.
> So I'd like to use LDAP just for the authentication without getting
> the UID and the other parameters from it.
> I can use the same UID, home folder and so on for all the users, the
> only
> important thing is to provide access only to the LDAP users.
> Is it possible?
> Thank you,
> Fabrizio
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list