[Samba] Samba4 DC, Auth on linux side

Thomas Simmons twsnnva at gmail.com
Tue Feb 19 04:56:35 MST 2013

Hello Chris,

It's pretty simple to add posix attributes via ADUC - there is a "UNIX
Attributes" tab. The hardest part for me is remembering to go into that tab
and enable it when I create new users :) If you already have these
attributes with your S3 domain, classicupgrade will migrate them. With S3,
I used plain LDAP auth for all of my *nix systems, and for things like
Apache, OpenVPN (by way of a custom auth script), Request Tracker, etc...
We also have several in-house apps that were written to use LDAP. I decided
to stay with LDAP authentication for the time being, since it only required
a few config edits, though I will likely deploy new systems using winbind.

On Mon, Feb 18, 2013 at 4:57 PM, Chris Fischer <chris_f at gmx.net> wrote:

> Hi all,
> i'm searching the web up and down for a while now.
> I had set up an Samba4 AD from debian packages successfully. Now the goal
> is, like S3 with LDAP, to use this AD for linux purposes.
> At first for auth, later to bind postfix and other services to read the
> directory. (When tests are successfull, i will migrate an existing
> S3/OpenLDAP to S4s Active Directory.
> Now it is difficult for me to find best practises for my project.
> - Should I add posix attributes to my Domain Users and how to use this
> approach in an easy way with ADUC or other tools and read them with nslcd.
> or
> - Should I use nslcd without posix attributes and configure some mappings
> like creating uidNumber from the SID
> or
> - should I use WINBIND for auth. But I have found discussions about
> different winbind behavior depending on S4 is used as DC or member server
> in AD. In production mode, there will be the need to have linux auth on the
> DC and one member server (NAS). So it would nice to get the same behavior
> on both servers.
> Thanks for your advice.
> Chris Fischer
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba>

More information about the samba mailing list