[Samba] basic LDAP authentication to Samba share from existin g directory

Brent Busby brent at jfi.uchicago.edu
Thu Jun 30 08:24:08 MDT 2011

On Thu, 30 Jun 2011, Hoover, Tony wrote:

> We use pGINA (www.pgina.org) to authenticate windows user logins via 
> ldaps:// against the university directory.  Don't know if that will 
> fit your model, but it works for us.

We've used that too, though it has a couple of disadvantages:

- It seems to be only semi-stable.  (More often than not when we've 
tried it, the Windows machine needs to be rebooted after every logon 

- Last time I tried it, it wouldn't work on Windows 7 (though from 
looking at their site, that may be corrected now).

- It requires us to put an alternative logon manager on the system, 
which is fine for machines owned by our institute, but many of our 
Windows machines are owned by their users, and they may not want pGina 
on their systems.

Thanks for the reminder about pGina though -- it at least gives more 
options to think about.  It's too bad Samba itself doesn't seem to be 
able to use UNIX passwords in LDAP to authenticate a user without 
resorting to expecting only cleartext passwords from clients.

+ Brent A. Busby	 +	The New JFI Computing Web Site:
+ Sr. UNIX Systems Admin +	http://jficomputing.uchicago.edu/
+ University of Chicago	 +
+ Physical Sciences Div. +	For problem reports and requests:
+ James Franck Institute +	email:	sysadmin at jfi.uchicago.edu

More information about the samba mailing list