[Samba] Ldap Users only?

Christ Schlacta lists at aarcane.org
Sun Dec 19 20:27:34 MST 2010


firstly, I'd like to apologize, somehow we ended up off-list.

my setup looks like this:
Density: Massive file storage
rebirth: Media server (most files come from density, but it has a share 
for local files, too)
faithful: backup server (handles backups from density, rebirth, and 
other systems)  smb shares are used for laptops and desktops
(a bunch of laptops and desktops): Joining these systems to the domain 
is inconvenient, awkward, and not going to happen because we have a 
small family household, and most of them are non-techie.

the trick is, each time we change a password on a laptop or desktop, we 
have to change the corresponding passwords on all the systems.  since 
each user only uses 1-2 laptops and a desktop (my wife and I have a 
laptop and netbook each), that's simple.  Changing the server passwords 
requires logging into 3 servers over ssh, typing their old and new 
passwords, then changing their samba passwords.
I want to store all the usernames and passwords for the servers in the 
ldap directory, so that users can update their passwords once.
as I stated above, joining the end user systems to a domain is 
UNACCEPTABLE, and with one of the servers set to be master browser, I 
can set all of the systems to join the "workgroup" aarcane.info, and all 
the systems show up on the network view in windows 7 (and windows XP, 
and linux, and mac also.).

All I can find is howtos on using samba as an ldap-backed domain controller.
thanks, again, tms3 and everyone else for any help.

On 12/19/2010 18:20, tms3 at tms3.com wrote:
>
>
>
> On Sunday 19/12/2010 at 5:54 pm, Christ Schlacta wrote:
>> actually, it's because we have a few samba servers here, it's just a 
>> home,
> Honestly, I have a lab/cloud at home.  I can't for the life of me even 
> contemplate running them with out full Samba/LDAP domain mode...well, 
> I've converted over to Samba4 since August, but it is by far the 
> easiest way to manage things.
>> but different machines use samba for different reasons.  as such, 
>> it's a pain in the butt to have to change passwords on all systems.  
>> I'm aware that we'd need to have matching unix accounts, and the plan 
>> is to use 10K+ UIDs for samba users to make logging into the shell a 
>> simple matter as well.  What's bugging me at the moment, is that in 
>> workgroup mode, it uses the HOSTNAME
> HOSTNAME is a NETBios name, and it is based on that whole host of 
> protocols/services.  It has NOTHING to do with DNS names, or machine 
> names.
>> for the domain name..  but there are several different hosts..  can I 
>> just use the workgroup name and have it work?  will it be smart 
>> enough to say "I'm not in domain mode, so the domain doesn't matter," 
>> or will I need to add a user for each host, thus mitigating any benefit?
> It would perhaps be better if you laid out what you have and are 
> doing.  I'm having a tough time understanding what you are 
> doing/having issues with.
>>
>>
>> On 12/19/2010 17:37, tms3 at tms3.com wrote:
>>
>>
>>
>>
>>     On Sunday 19/12/2010 at 5:02 pm, Christ Schlacta wrote:
>>
>>         X-SpamDetect-Info: ------------- Start ASpam results
>>         ---------------
>>         X-SpamDetect-Info: This message may be spam. This message
>>         BODY has been altered to show you the spam information
>>         X-SpamDetect: ***: 3.8 sd=3.8 [96]12%-6.0(Accept Orbs)
>>         [212]87%5.6(!46,60) [129]44%-0.0(from_return_nomatch)
>>         [27]46%-0.0(X-LangGuess:English)
>>         X-SpamDetect-Info: ------------- End ASpam results
>>         -----------------
>>
>>         how to do only users from ldap?
>>
>>     Same way as domain mode...I'm assuming for workstation users to
>>     have access to smb shares????
>>
>>     You don't need to add machines to the domain, though why you
>>     wouldn't want to I don't know.  Then you need to have pam
>>     authentication of something in ldap. smbldap tools make password
>>     syncronization easy.
>>
>>         i'm not running in domain mode, I'd
>>         just like to be able to have the same username and password
>>         for users
>>         from ldap. there are no machines, and nothing else, just
>>         users and
>>         groups. all the guides I find have machines in ldap too, and
>>         require
>>         domain mode, I'm not sure which pieces need tobe changed.
>>         -- 
>>         To unsubscribe from this list go to the following URL and
>>         read the
>>         instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>>
>
>



More information about the samba mailing list