[Samba] OpenSSH auth in SAMBA4 LDAP
samba at marc-muehlfeld.de
Mon Aug 26 16:24:12 MDT 2013
Am 27.08.2013 00:11, schrieb Luca Olivetti:
> The problem is, how do I get the posix information into samba4? With
> samba 3 I could manage users and groups with ldap account manager and
> they got both samba and posix attributes.
I have a windows workstation at work. There I use ADUC. Everything I
need to administrate users/groups, etc. And if you delegate permissions
you don't have to work with an domain administrator account the whole day.
ADUC has for me some advantages:
- I can administrate all accounts in a nice clear GUI (I know that linux
admins shouldn't say that :-))
- I don't have to track the last UID/GID I give, because it's stored in
AD and ADUC automatically incements.
- I can delegate permissions down to attribute level to other
departments (like human resources for changing phone numbers, etc.)
- and some more
> Another nice thing is that I
> could script the creation of home directory, mailbox, etc.
> I though that samba 4 allowed me to do the same, but with windows
> administrative client (ADUC?)
Maybe this can be a solution for you:
>> If you don't want to manage them in AD, you can use winbind or sssd. But
>> there you have other requirements (machine joined to domain, kerberos,
> I'd like to avoid winbind if at all possible
In Samba 4 you don't need to have the users local. You can completely
skip ldap/winbind/whatever. Permission changing can be done from windows
Only if you don't want to see only UIDs/GIDs on the filesystem or other
services require them, you need a way to get the users/groups mapped.
More information about the samba