[Samba] Remote linux auth vs samba4: winbind or nslcd + openldap.
Marc Muehlfeld
samba at marc-muehlfeld.de
Thu Aug 15 11:27:52 MDT 2013
Hello Andres,
Am 15.08.2013 18:45, schrieb Andres Tello Abrego:
> I want to achieve the Holy Gria of 1 source of users and password, for
> both, linux and windows machines, but I'm lost in documentation.
> So far I know:
> samba4 cann't use openldap as backend.
Right.
> samba4 ldap doesn't really is a full ldap.
What do you mean by "is not a full ldap"?
> samba4 provides uid/gid mapping using winbind or nlscd
Samba AD provides the backend, where the accounts are stored. To get the
users to your local *nix system, you can use winbind, nslcd or sssd.
> Can I impelement "remote winbind" at remote linux client machines?
What is "remote winbind"?
> Do I need to setup a openldap proxy?
I would only use an openldap proxy to AD in my DMZ, because this
prevents me from having a Samba AD installation there with all that open
ports and Winbind on all DMZ machines.
> If I setup an openldap proxy, should I use winbind or nslcd?
If you get your information from AD via a LDAP proxy, I guess the only
solution are LDAP based tools like nslcd. I think Winbind can't access
through an LDAP proxy, because it uses more than LDAP to talk to the DC
(rpc or whatever).
> openldap now uses automatic configuration, any clue to implement the
> openldap proxy with this type?
Automatic configuration?
Here I placed e. g. a solution for an openLDAP proxy and examples for
how to connect other services:
https://wiki.samba.org/index.php/Authenticating_other_services_against_AD
I guess it's really time, to finish my Winbind/Nslcd/SSSD page for the
different methods to get the directory users to the local system. This
questions are comming up very often meanwhile :-) I already started a
while ago. I'll try to find some time to finish and publish it next week.
Regards,
Marc
More information about the samba
mailing list