[Samba] Remote linux auth vs samba4: winbind or nslcd + openldap.

Andres Tello Abrego criptos at mobil.aullox.com
Thu Aug 15 11:38:21 MDT 2013


How can I help :) maybe you can pass whatever you have written, tip me to
mabe, use sssd....

What I refer to remote winbind is that. currently I have
1box with AD, I want to use that same box, that same users, to client
linux... winbind worked as a charm, but I only have authentication to the
machine with the AD...




2013/8/15 Marc Muehlfeld <samba at marc-muehlfeld.de>

> Hello Andres,
>
> Am 15.08.2013 18:45, schrieb Andres Tello Abrego:
>
>  I want to achieve the Holy Gria of 1 source of users and password, for
>> both, linux and windows machines, but I'm lost in documentation.
>> So far I know:
>> samba4 cann't use openldap as backend.
>>
>
> Right.
>
>
>
>  samba4 ldap doesn't really is a full ldap.
>>
>
> What do you mean by "is not a full ldap"?
>
>
>
>  samba4 provides uid/gid mapping using winbind or nlscd
>>
>
> Samba AD provides the backend, where the accounts are stored. To get the
> users to your local *nix system, you can use winbind, nslcd or sssd.
>
>
>
>
>  Can I impelement "remote winbind" at remote linux client machines?
>>
>
> What is "remote winbind"?
>
>
>
>
>  Do I need to setup a openldap proxy?
>>
>
> I would only use an openldap proxy to AD in my DMZ, because this prevents
> me from having a Samba AD installation there with all that open ports and
> Winbind on all DMZ machines.
>
>
>
>
>  If I setup an openldap proxy, should I use winbind or nslcd?
>>
>
> If you get your information from AD via a LDAP proxy, I guess the only
> solution are LDAP based tools like nslcd. I think Winbind can't access
> through an LDAP proxy, because it uses more than LDAP to talk to the DC
> (rpc or whatever).
>
>
>
>
>  openldap now uses automatic configuration, any clue to implement the
>> openldap proxy with this type?
>>
>
> Automatic configuration?
>
>
>
>
>
>
> Here I placed e. g. a solution for an openLDAP proxy and examples for how
> to connect other services:
> https://wiki.samba.org/index.**php/Authenticating_other_**
> services_against_AD<https://wiki.samba.org/index.php/Authenticating_other_services_against_AD>
>
>
>
>
>
> I guess it's really time, to finish my Winbind/Nslcd/SSSD page for the
> different methods to get the directory users to the local system. This
> questions are comming up very often meanwhile :-) I already started a while
> ago. I'll try to find some time to finish and publish it next week.
>
>
> Regards,
> Marc
>


More information about the samba mailing list