[Samba] Samba4 as a "plain LDAP" server?
SMC
smc+samba at dogphilosophy.net
Tue Mar 16 10:42:15 MDT 2010
On Monday 15 March 2010 22:42:41 Mike wrote:
> I may well be insane, but as soon as I read your question, I thought
> "how novel" and now want to find out the answer, myself.
Well, not necessarily novel if I reword my question as "Would I still have to
maintain two separate authentication databases if I want to use Samba4 with
some non-Microsoft clients that don't have Samba installed?"
For example, can Samba4 work with mail or web servers that can authenticate
via "LDAP", or simple Linux workstations that I don't necessarily want to
implement and maintain full-scale "ActiveDirectory(tm)"-mode authentication
for?
The need to maintain two separate authentication databases has been my biggest
annoyance with Samba (I realize this isn't the fault of Samba but rather a
consequence of Microsoft's "special" password-hashing method). That means
if you don't use Samba every time you change your password, you end up with
your normal password and your Windows/Samba password out of sync.
If Samba4's internal LDAP server also handles basic POSIX account attributes,
then using Samba4 as the "LDAP authentication server" for everything finally
solves that problem (doesn't it?). Otherwise, the only option would be using
the OpenLDAP backend and we're back to maintaining two separate sets of
authentication data and requiring Samba on the clients for any password
changes.
I haven't found any documentation so far that indicates either way whether
this works. For obvious reasons, the existing Samba4 documentation seems to
be almost exclusively about controlling Microsoft Windows clients.
If it's a case of "it SHOULD work but nobody's tested it yet", I'd be quite
willing to help with the testing...
More information about the samba
mailing list