[Samba] Remote linux auth vs samba4: winbind or nslcd + openldap.

Marc Muehlfeld samba at marc-muehlfeld.de
Thu Aug 15 11:27:52 MDT 2013

Hello Andres,

Am 15.08.2013 18:45, schrieb Andres Tello Abrego:
> I want to achieve the Holy Gria of 1 source of users and password, for
> both, linux and windows machines, but I'm lost in documentation.
> So far I know:
> samba4 cann't use openldap as backend.


> samba4 ldap doesn't really is a full ldap.

What do you mean by "is not a full ldap"?

> samba4 provides uid/gid mapping using winbind or nlscd

Samba AD provides the backend, where the accounts are stored. To get the 
users to your local *nix system, you can use winbind, nslcd or sssd.

> Can I impelement "remote winbind" at remote linux client machines?

What is "remote winbind"?

> Do I need to setup a openldap proxy?

I would only use an openldap proxy to AD in my DMZ, because this 
prevents me from having a Samba AD installation there with all that open 
ports and Winbind on all DMZ machines.

> If I setup an openldap proxy, should I use winbind or nslcd?

If you get your information from AD via a LDAP proxy, I guess the only 
solution are LDAP based tools like nslcd. I think Winbind can't access 
through an LDAP proxy, because it uses more than LDAP to talk to the DC 
(rpc or whatever).

> openldap now uses automatic configuration, any clue to implement the
> openldap proxy with this type?

Automatic configuration?

Here I placed e. g. a solution for an openLDAP proxy and examples for 
how to connect other services:

I guess it's really time, to finish my Winbind/Nslcd/SSSD page for the 
different methods to get the directory users to the local system. This 
questions are comming up very often meanwhile :-) I already started a 
while ago. I'll try to find some time to finish and publish it next week.


More information about the samba mailing list