[Samba] Single sign on nivana
Dale Schroeder
dale at BriannasSaladDressing.com
Wed Jun 1 12:04:06 MDT 2011
Dermot,
What Louis describes does indeed allow for single sign on. The non-PDC
systems are no longer member servers in the truest sense, but rather,
all become BDC's (security = user).
If you do not wish to install ldap on all systems, then the options are
to use winbind, or to use nss-ldap and pam-ldap instead. Either will
allow for single sign on as true member servers (security = DOMAIN) to
authenticate against the PDC. The former is well documented; the latter
is much harder to find.
Dale
On 06/01/2011 10:21 AM, Dermot wrote:
> Thanks but I am not sure that I have made myself clear.
>
> I want to remove Windows NT from my production environment. I would
> like to use Samba as the PDC with ldap backend and some replication.
> So far in tests this all works EG, Window7 and WinXP can authenticate.
>
> I have one more thing I would like to achieve. I want files on the
> Samba member server to be owned by the domain user without having to
> add each domain user locally to the member server's /etc/passwd file.
>
> I don't think the articles you have suggested address how to do that.
> Dp.
>
>
>
>
> On 1 June 2011 12:37, L.P.H. van Belle<belle at bazuin.nl> wrote:
>> Wel setup ldap with replication.
>> I have this setup and i use syncrepl for ldap replication.
>> This is working for 5 years now.
>> I manage my users and groups with the NT4 user manager.
>>
>>
>> Look here.
>> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html
>> I use this setup : PDC -> LDAP master server, BDC -> LDAP slave server.
>> My ldap slave is readonly.
>>
>> I use debian OS.
>> look here for a nice example
>> http://www.server-world.info/en/note?os=Debian_6.0&p=samba&f=6
>> and look hier
>> http://fr33co.wordpress.com/2009/02/19/replicacion-ldap-con-syncrepl-en-debian-lenny/
>> if you need other language put it in a translator ;-)
>>
>> Good luck.
>>
>> Louis
>>
>>
>>> -----Oorspronkelijk bericht-----
>>> Van: paikkos at googlemail.com
>>> [mailto:samba-bounces at lists.samba.org] Namens Dermot
>>> Verzonden: 2011-06-01 13:04
>>> Aan: samba at lists.samba.org
>>> Onderwerp: [Samba] Single sign on nivana
>>>
>>> Hi,
>>>
>>> I have Samba 3.5.6 that is running as a PDC for testing purposes. In
>>> my production environment I still use a NT4 domain and all the samba
>>> member server use domain security. One of the irritations I have with
>>> the Samba members set-up is that I have to add the users to the local
>>> server so that files created by a domain user are owned by them and
>>> not the guest account. Ideally I would like to add the users to the
>>> PDC alone and then if a domain user creates a file on a member server,
>>> when I viewed those file, either from a windows machine or from a
>>> shell on the member server, I could see who they belong to. I'm sure
>>> that there is a means of doing this, but I get gleam it from the docs.
>>> Can anyone advise me on the configuration I would need?
>>>
>>> Thank you,
>>> Dermot.
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
More information about the samba
mailing list