[Samba] Setting up Samba and CentOS 6.2 IPA

Gaiseric Vandal gaiseric.vandal at gmail.com
Fri May 11 08:04:53 MDT 2012

I have a similar enviroment.

Samba should be sufficient.  There are actually two "problems" to
solve.  The first is how do you have a unified "unix" account back end. 
The 2nd is how do you have unified "windows" back end.

Samba as a  domain controller will provide the unified windows
backend.   (Presume you are familiar with the "domain" concept in windows.)

There are two approaches for the unix logins.

The same machine can also be used as  NIS or LDAP server to provide
centralized unix accounts (and other info) for the linux systems.  (I
used to use NIS, converted to LDAP.  )  unix and samba use different
password schemes so you don't have a single password field.  But you can
configure samba to change the appropriate unix passwords whenever a
windows user changes his password, so effectively they can appear to be
the same to the user.

Alternately, you can configure linux clients to use winbind for
authentication, which means that your linux/unix logins use your windows
password.  I have not done this.    I think this is more appropriate
when you have a true Windows server as your PDC.


You can configure LDAP to handle both the backend stuff for samba and
unix accounts.  Each account will have an ldap and unix password field,
as well as various fields for other samba and unix attributes. 

I use Sun (Oracle) Directory Server-  which had already been implemented
for another project, so it made sense to leverage that for unix account
support and samba support.  (Plus it plays nice with Solaris
clients.)     But openldap or other servers should be fine.   If you
have a "packaged" authentication solution with an LDAP backend, that may
be the easiest.   Samba will have a schema file to add to whatever LDAP
server to allow you to extend the schema.  it really helps if you can
have a graphical tool to manage the LDAP data.  I use Apache Directory
Studio (the Sun management tools are lacking.)   

LDAP can be kind of tricky for unix authentication -  RHEL 5, Fedora
Core 11 thru 14 require the use of an ldap proxy account.   Cent OS 6.2
will probably be the same.   If you are using autofs that is also a
little tricky.   

On 05/11/12 08:59, Cliff Nieuwenhuis wrote:
> I have a small network with mixed OS's -- some Linux (mix of distros,
> Ubuntu, PCLinuxOS, CentOS) and some Windows (XP and Win7).  I'm
> replacing my server and have installed CentOS 6.2 on it.  There are no
> Windows servers on the network.
> I'd like to have the server manage user accounts and passwords.
> Ideally, I'd be able to log in to any computer on my network with the
> same username and password.  Furthermore, I'd like to access to the
> server's Samba shares to be based on the 'centralized' user account.
> Is Samba (alone) sufficient to accomplish this, or do I need to also
> set up NIS or IPA or something else?  If Samba is sufficient, what
> security mode is recommended?  
> I did look at IPA and it seems to address my centralized user account
> management, but I haven't found a clear discussion on how it can be
> used with Samba, or which should be set up first -- Samba or IPA.
> I also looked at NIS, but the information I found was all several years
> old so I have concerns that it may not be the correct choice.
> I'd really appreciate thoughts and comments.  I'm not looking for
> detailed instructions, but rather some advice on the overall plan.  
> Sincerely,

More information about the samba mailing list