[Samba] Single sign on nivana

Dale Schroeder dale at BriannasSaladDressing.com
Wed Jun 1 12:04:06 MDT 2011


What Louis describes does indeed allow for single sign on.  The non-PDC 
systems are no longer member servers in the truest sense, but rather, 
all become BDC's (security = user).

If you do not wish to install ldap on all systems, then the options are 
to use winbind, or to use nss-ldap and pam-ldap instead.  Either will 
allow for single sign on as true member servers (security = DOMAIN) to 
authenticate against the PDC.  The former is well documented; the latter 
is much harder to find.


On 06/01/2011 10:21 AM, Dermot wrote:
> Thanks but I am not sure that I have made myself clear.
> I want to remove Windows NT from my production environment. I would
> like to use Samba as the PDC with ldap backend and some replication.
> So far in tests this all works EG, Window7 and WinXP can authenticate.
> I have one more thing I would like to achieve. I want files on the
> Samba member server to be owned by the domain user without having to
> add each domain user locally to the member server's /etc/passwd file.
> I don't think the articles you have suggested address how to do that.
> Dp.
> On 1 June 2011 12:37, L.P.H. van Belle<belle at bazuin.nl>  wrote:
>> Wel setup ldap with replication.
>> I have this setup and i use syncrepl for ldap replication.
>> This is working for 5 years now.
>> I manage my users and groups with the NT4 user manager.
>> Look here.
>> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html
>> I use this setup : PDC ->  LDAP master server, BDC ->  LDAP slave server.
>> My ldap slave is readonly.
>> I use debian OS.
>> look here for a nice example
>> http://www.server-world.info/en/note?os=Debian_6.0&p=samba&f=6
>> and look hier
>> http://fr33co.wordpress.com/2009/02/19/replicacion-ldap-con-syncrepl-en-debian-lenny/
>> if you need other language put it in a translator ;-)
>> Good luck.
>> Louis
>>> -----Oorspronkelijk bericht-----
>>> Van: paikkos at googlemail.com
>>> [mailto:samba-bounces at lists.samba.org] Namens Dermot
>>> Verzonden: 2011-06-01 13:04
>>> Aan: samba at lists.samba.org
>>> Onderwerp: [Samba] Single sign on nivana
>>> Hi,
>>> I have Samba 3.5.6 that is running as a PDC for testing purposes. In
>>> my production environment I still use a NT4 domain and all the samba
>>> member server use domain security. One of the irritations I have with
>>> the Samba members set-up is that I have to add the users to the local
>>> server so that files created by a domain user are owned by them and
>>> not the guest account. Ideally I would like to add the users to the
>>> PDC alone and then if a domain user creates a file on a member server,
>>> when I viewed those file, either from a windows machine or from a
>>> shell on the member server, I could see who they belong to. I'm sure
>>> that there is a means of doing this, but I get gleam it from the docs.
>>> Can anyone advise me on the configuration I would need?
>>> Thank you,
>>> Dermot.
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list