[Samba] OpenSSH auth in SAMBA4 LDAP
samba at marc-muehlfeld.de
Mon Aug 26 02:43:06 MDT 2013
Am 25.08.2013 22:26, schrieb Bruno Vane:
> Yes I read these sections, but I want something different. Users will
> join on AD domain (Samba 4) and will connect to an "entry" SSH server,
> and from this server they can access other SSH servers on the network.
> All SSH servers are configured with /etc/hosts.allow to allow SSH
> connections only from this "entry" SSH server. This Ubuntu servers
> running SSH will not join in the AD domain, only users of the network.
> Is this possible?
I think this shouldn't matter. You can configure the "entry" host with
nslcd to retrieve the account information via LDAP from AD and pam_ldap
to authenticate against AD (without necessity to join the machine to the
Then you have the other hosts. These you can authenticate on the same
way, if they are not joined to the domain, or you join them and the
authentication is done through winbind.
For the nslcd you can use the following config (you must create an bind
account in your domain for that first):
#Mappings for Active Directory
map passwd uid sAMAccountName
map passwd homeDirectory unixHomeDirectory
map passwd gecos displayName
map passwd gidNumber primaryGroupID
map shadow uid sAMAccountName
map shadow shadowLastChange pwdLastSet
map group uniqueMember member
# Local account, nslcd runs under
# LDAP server settings
# Account in AD that is used from Nslcd to bind to the directory
pam_ldap config you find here:
More information about the samba