[Samba] basic LDAP authentication to Samba share from existin g directory
brent at jfi.uchicago.edu
Thu Jun 30 08:24:08 MDT 2011
On Thu, 30 Jun 2011, Hoover, Tony wrote:
> We use pGINA (www.pgina.org) to authenticate windows user logins via
> ldaps:// against the university directory. Don't know if that will
> fit your model, but it works for us.
We've used that too, though it has a couple of disadvantages:
- It seems to be only semi-stable. (More often than not when we've
tried it, the Windows machine needs to be rebooted after every logon
- Last time I tried it, it wouldn't work on Windows 7 (though from
looking at their site, that may be corrected now).
- It requires us to put an alternative logon manager on the system,
which is fine for machines owned by our institute, but many of our
Windows machines are owned by their users, and they may not want pGina
on their systems.
Thanks for the reminder about pGina though -- it at least gives more
options to think about. It's too bad Samba itself doesn't seem to be
able to use UNIX passwords in LDAP to authenticate a user without
resorting to expecting only cleartext passwords from clients.
+ Brent A. Busby + The New JFI Computing Web Site:
+ Sr. UNIX Systems Admin + http://jficomputing.uchicago.edu/
+ University of Chicago +
+ Physical Sciences Div. + For problem reports and requests:
+ James Franck Institute + email: sysadmin at jfi.uchicago.edu
More information about the samba