[Samba] Ldap Users only?
Christ Schlacta
lists at aarcane.org
Sun Dec 19 20:27:34 MST 2010
firstly, I'd like to apologize, somehow we ended up off-list.
my setup looks like this:
Density: Massive file storage
rebirth: Media server (most files come from density, but it has a share
for local files, too)
faithful: backup server (handles backups from density, rebirth, and
other systems) smb shares are used for laptops and desktops
(a bunch of laptops and desktops): Joining these systems to the domain
is inconvenient, awkward, and not going to happen because we have a
small family household, and most of them are non-techie.
the trick is, each time we change a password on a laptop or desktop, we
have to change the corresponding passwords on all the systems. since
each user only uses 1-2 laptops and a desktop (my wife and I have a
laptop and netbook each), that's simple. Changing the server passwords
requires logging into 3 servers over ssh, typing their old and new
passwords, then changing their samba passwords.
I want to store all the usernames and passwords for the servers in the
ldap directory, so that users can update their passwords once.
as I stated above, joining the end user systems to a domain is
UNACCEPTABLE, and with one of the servers set to be master browser, I
can set all of the systems to join the "workgroup" aarcane.info, and all
the systems show up on the network view in windows 7 (and windows XP,
and linux, and mac also.).
All I can find is howtos on using samba as an ldap-backed domain controller.
thanks, again, tms3 and everyone else for any help.
On 12/19/2010 18:20, tms3 at tms3.com wrote:
>
>
>
> On Sunday 19/12/2010 at 5:54 pm, Christ Schlacta wrote:
>> actually, it's because we have a few samba servers here, it's just a
>> home,
> Honestly, I have a lab/cloud at home. I can't for the life of me even
> contemplate running them with out full Samba/LDAP domain mode...well,
> I've converted over to Samba4 since August, but it is by far the
> easiest way to manage things.
>> but different machines use samba for different reasons. as such,
>> it's a pain in the butt to have to change passwords on all systems.
>> I'm aware that we'd need to have matching unix accounts, and the plan
>> is to use 10K+ UIDs for samba users to make logging into the shell a
>> simple matter as well. What's bugging me at the moment, is that in
>> workgroup mode, it uses the HOSTNAME
> HOSTNAME is a NETBios name, and it is based on that whole host of
> protocols/services. It has NOTHING to do with DNS names, or machine
> names.
>> for the domain name.. but there are several different hosts.. can I
>> just use the workgroup name and have it work? will it be smart
>> enough to say "I'm not in domain mode, so the domain doesn't matter,"
>> or will I need to add a user for each host, thus mitigating any benefit?
> It would perhaps be better if you laid out what you have and are
> doing. I'm having a tough time understanding what you are
> doing/having issues with.
>>
>>
>> On 12/19/2010 17:37, tms3 at tms3.com wrote:
>>
>>
>>
>>
>> On Sunday 19/12/2010 at 5:02 pm, Christ Schlacta wrote:
>>
>> X-SpamDetect-Info: ------------- Start ASpam results
>> ---------------
>> X-SpamDetect-Info: This message may be spam. This message
>> BODY has been altered to show you the spam information
>> X-SpamDetect: ***: 3.8 sd=3.8 [96]12%-6.0(Accept Orbs)
>> [212]87%5.6(!46,60) [129]44%-0.0(from_return_nomatch)
>> [27]46%-0.0(X-LangGuess:English)
>> X-SpamDetect-Info: ------------- End ASpam results
>> -----------------
>>
>> how to do only users from ldap?
>>
>> Same way as domain mode...I'm assuming for workstation users to
>> have access to smb shares????
>>
>> You don't need to add machines to the domain, though why you
>> wouldn't want to I don't know. Then you need to have pam
>> authentication of something in ldap. smbldap tools make password
>> syncronization easy.
>>
>> i'm not running in domain mode, I'd
>> just like to be able to have the same username and password
>> for users
>> from ldap. there are no machines, and nothing else, just
>> users and
>> groups. all the guides I find have machines in ldap too, and
>> require
>> domain mode, I'm not sure which pieces need tobe changed.
>> --
>> To unsubscribe from this list go to the following URL and
>> read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>>
>
>
More information about the samba
mailing list