[Samba] Support for Linux Authentication with Samba4's Internal LDAP Server

Andrew Martin amartin at xes-inc.com
Tue Aug 28 16:13:03 MDT 2012


Andrew, 


Thanks for the clarification. Is there a list of the attributes Samba4 will maintain, so I can determine which ones I'll have to manually update? 


Andrew 

----- Original Message -----

From: "Andrew Bartlett" <abartlet at samba.org> 
To: "Andrew Martin" <amartin at xes-inc.com> 
Cc: samba at lists.samba.org 
Sent: Tuesday, August 28, 2012 3:32:31 AM 
Subject: Re: [Samba] Support for Linux Authentication with Samba4's Internal LDAP Server 

On Mon, 2012-08-27 at 16:42 -0500, Andrew Martin wrote: 
> Hello, 
> 
> 
> This topic has been touched on in the past, but I'd like to ask for 
> additional clarification on the structure of the internal LDAP server 
> that Samba4 provides. I currently am using OpenLDAP for authenticating 
> Linux servers and a number of web-based services. I also use Samba 3 
> for presenting shares to Windows users, but it maintains a separate 
> password database. I would like to migrate to a single sign-on, 
> ideally using Samba4. I use the inetOrgPerson schema for users 
> ( http://www.andrew.cmu.edu/user/dd26/ldap.akbkhome.com/objectclass/ 
> inet OrgPerson.html ) and the posixGroup schema for groups 
> ( http://www.andrew.cmu.edu/user/dd26/ldap.akbkhome.com/objectclass/posixGroup.html ). Does the internal LDAP server in Samba4 support these schemas? I don't mind writing some scripts to manually populate/update additional fields as needed, but need to know that services which expect a regular LDAP server would be able to utilize the Samba4 one? 

You should be able to use both of those, and do a simple bind against 
Samba4 for password validation. You can even avoid using a DN for the 
simple bind, we also accept user at realm and domain\user as the 'DN'. 

Andrew Bartlett 

-- 
Andrew Bartlett http://samba.org/~abartlet/ 
Authentication Developer, Samba Team http://samba.org 




More information about the samba mailing list