[Samba] Single sign on nivana

Dermot paikkos at googlemail.com
Thu Jun 2 02:32:16 MDT 2011


Given that I have currently have 6 member servers, I think that amount
of ldap replication would be over-kill. I was considering one ldap
slave. I will consult the Docs that Louis pointed me to and look at
the winbind config.

Thanks,
Dp.


On 1 June 2011 19:04, Dale Schroeder <dale at briannassaladdressing.com> wrote:
> Dermot,
>
> What Louis describes does indeed allow for single sign on.  The non-PDC
> systems are no longer member servers in the truest sense, but rather, all
> become BDC's (security = user).
>
> If you do not wish to install ldap on all systems, then the options are to
> use winbind, or to use nss-ldap and pam-ldap instead.  Either will allow for
> single sign on as true member servers (security = DOMAIN) to authenticate
> against the PDC.  The former is well documented; the latter is much harder
> to find.
>
> Dale
>
>
> On 06/01/2011 10:21 AM, Dermot wrote:
>>
>> Thanks but I am not sure that I have made myself clear.
>>
>> I want to remove Windows NT from my production environment. I would
>> like to use Samba as the PDC with ldap backend and some replication.
>> So far in tests this all works EG, Window7 and WinXP can authenticate.
>>
>> I have one more thing I would like to achieve. I want files on the
>> Samba member server to be owned by the domain user without having to
>> add each domain user locally to the member server's /etc/passwd file.
>>
>> I don't think the articles you have suggested address how to do that.
>> Dp.
>>
>>
>>
>>
>> On 1 June 2011 12:37, L.P.H. van Belle<belle at bazuin.nl>  wrote:
>>>
>>> Wel setup ldap with replication.
>>> I have this setup and i use syncrepl for ldap replication.
>>> This is working for 5 years now.
>>> I manage my users and groups with the NT4 user manager.
>>>
>>>
>>> Look here.
>>> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html
>>> I use this setup : PDC ->  LDAP master server, BDC ->  LDAP slave server.
>>> My ldap slave is readonly.
>>>
>>> I use debian OS.
>>> look here for a nice example
>>> http://www.server-world.info/en/note?os=Debian_6.0&p=samba&f=6
>>> and look hier
>>>
>>> http://fr33co.wordpress.com/2009/02/19/replicacion-ldap-con-syncrepl-en-debian-lenny/
>>> if you need other language put it in a translator ;-)
>>>
>>> Good luck.
>>>
>>> Louis
>>>
>>>
>>>> -----Oorspronkelijk bericht-----
>>>> Van: paikkos at googlemail.com
>>>> [mailto:samba-bounces at lists.samba.org] Namens Dermot
>>>> Verzonden: 2011-06-01 13:04
>>>> Aan: samba at lists.samba.org
>>>> Onderwerp: [Samba] Single sign on nivana
>>>>
>>>> Hi,
>>>>
>>>> I have Samba 3.5.6 that is running as a PDC for testing purposes. In
>>>> my production environment I still use a NT4 domain and all the samba
>>>> member server use domain security. One of the irritations I have with
>>>> the Samba members set-up is that I have to add the users to the local
>>>> server so that files created by a domain user are owned by them and
>>>> not the guest account. Ideally I would like to add the users to the
>>>> PDC alone and then if a domain user creates a file on a member server,
>>>> when I viewed those file, either from a windows machine or from a
>>>> shell on the member server, I could see who they belong to. I'm sure
>>>> that there is a means of doing this, but I get gleam it from the docs.
>>>> Can anyone advise me on the configuration I would need?
>>>>
>>>> Thank you,
>>>> Dermot.
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>
>>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>


More information about the samba mailing list