[Samba] Linux SSO with samba4?

Bernd Markgraf bernd.markgraf at med.ovgu.de
Tue Jul 17 14:19:46 MDT 2012

Hi Quinn,

here's short summary what I did to make Linux use S4's LDAP/Kerberos.
I'm running Oracle Enterprise Linux on our boxes, so I'm not sure how
different that is from Ubuntu. I tried Suse before but that was quite a
OEL asks where user accounts come from when the setup runs after
installation. I entered all information about the LDAP bits there as
well as the Kerberos server, realm and so forth.
At this point this setup does not yet work. I then used the samba3 bits
from OEL to join the client to the S4 domain. This creates the service
principals for the client on the DC. Once the client has joined the
domain I used 'net ads keytab create' to dump the clients keytab from
the DC into a file. This keytab enables the use of kerberized
authentication. Last thing to do is to set passwd, group and shadow to
use ldap in /etc/nsswitch.conf
After that everything is in place and ready for use. I had no need to
utilize anything not provided by OEL. Packages of interest are nss_ldap,
openldap and openldap-clients (names most likely differ on Ubuntu).

Prerequisite for this setup is the proper LDAP schema (rfc2307) to
include all the Unix related information. I don't think I had to modify
the default mapping on the clients. 

Again - I don't know much about Ubuntu. But I would guess as a end
user/desktop oriented distribution things might be a little harder. 
I could provide the config files with the LDAP/Kerberos client settings.

Hope that helps,

More information about the samba mailing list