[Samba] Samba file server using ldap backend without AD or PDC?
Brian Gold
bgold at simons-rock.edu
Fri Nov 30 07:42:31 MST 2012
On 2012-11-30 9:22 am, Gaiseric Vandal wrote:
> Can you clarify one thing - why are you using the sambaNTPassword in
> openldap if openldap is not currently used samba authentication? I
> would have thought that you would use the standard password field.
We are using the standard userPassword field for most things, but for
radius authentication via PEAP/MSCHAPv2, we needed to use
sambaNTPassword instead.
> I use Samba 3.x DC's with an ldap back end. I also use the ldap
> backend for unix authentication as well as authentication to various
> other systems that support LDAP authentication. If you are
> using
> one or more BDC's you really do have to use an LDAP back end. But
> there is no reason why member server's can use an LDAP backend.
> If the underlying unix account for each samba account is in
> /etc/passwd and not LDAP, you should consolidate it all into LDAP.
We currently don't want to deploy a PDC or BDC if we don't need to. All
we want to do is have a file server that can authenticate using the
username/password stored in openldap.
> Do the sambaNTPassword (and other samba attributes) in LDAP match
> those in the tdb backend? You may find you want to blast away the
> existing sambaNTPassword entries in LDAP before you migrate the TDB
> data to LDAP.
No, our current Samba file server has a totally separate set of
passwords. When we transition over to this new Samba file server, we
will be having all our users use their openldap password instead. We do
not want to sync their existing tdb passwords over to LDAP.
More information about the samba
mailing list