[Samba] Samba4 Integration With Google

Andrew Bartlett abartlet at samba.org
Sun Jan 20 16:36:45 MST 2013 

On Sat, 2013-01-19 at 19:02 -0300, Ciro Iriarte wrote:
> 2013/1/16 Varoujan Avanessians <vavanessians at accoes.com>
> 
> > Hello everone,
> >
> > In my Company we are going through a network redesign and Planning to
> > retire our Novel edirectory, and Novel Servers and replace them with Samba4
> > (Over 150 Servers). We have setup a Samba4 test environment which seems to
> > be working well so far. We are an organization with multiple locations and
> > over 1200 users, we are also very heavy users of google apps. I have couple
> > of questions that I need help with.
> >
> > 1- Is it possible to Integrate samba4 with Google Apps for Single sign-on,
> > I know google has and application that Integrates Microsoft Active
> > Directory with Google Apps, so I assume it should be possible with Samba4
> > too. Has anyone tried and used this feature with success?
> >
> > 2- We already have over 1200 accounts on Google. Is there a way to Import
> > these user accounts into samba4?
> >
> > I would really appreciate any help in this matter and welcome any
> > additional suggestions that you may have for a Project of this magnitude.
> >
> > --
> > *Varouj (V.J.) Avanessians | Sr. Linux Sys Administrator | ACCO Engineered
> > Systems*
> > 6265 San Fernando Rd | Glendale, California | 91201- 2214
> > (818)-730-5846 Mobile | (818)-244-6571 Main*
> > *
> >
> >
> Well, having and LDAP directory as your Samba backend could help. GApps has
> an LDAP sync tool, the only downside is that it needs the password to be
> hashed with SHA1 or MD5 without salt (less secure).

The two issues with this is the Samba 4.0 as an AD DC does not support
an external LDAP backend, only the integrated one we provide.  So,
syncing would be against the internal LDAP server, which is fine.

The bigger issue is that the password hash types just don't match, as
far as I know.  We would need to modify Samba to store (somewhere,
perhaps we can use the userPassword attribute) this hashed password . 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba mailing list