[Samba] Question on approach to authenticate Linux against Samba4
mueller at tropenklinik.de
Mon Jul 29 00:27:03 MDT 2013
So first of all winbind is the fastest and easiest solution with samba 4:
Just be sure winbind is loaded in your samba4 smb.conf. So winbind can read
then do a ldconfig -v | grep winbind
If the result is ex:
duplicate hwcap 1 nosegneg
libnss_winbind.so -> libnss_winbind.so.2
You have to link libnss_winbind this way ex.:
ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib64/libnss_winbind.so
ln -s /lib64/libnss_winbind.so /lib64/libnss_winbind.so.2
In your nsswitch.conf:
passwd: files winbind
group: files winbind
now you get all your ads members and groups with getent passwd and group.
EDV Daniel Müller
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von dahopkins at comcast.net
Gesendet: Donnerstag, 25. Juli 2013 18:59
An: samba at lists.samba.org
Betreff: [Samba] Question on approach to authenticate Linux against Samba4
This is in a test environment: Also, it is wordy, but I'm hoping it explains
I am migrating from a custom LDAP+Samba3 authentication solution to Samba4.
I have used the classicupgrade option to pull off the data from the existing
ldap server to populate the samba4 database. I've installed AD DS and Server
for NIS tools on a Windows 2008 server that is connected to the Samba4 DC as
a member server. All the information appears to be correct, including the
Unix uid and group memberships, and the unixHomedirectory.
Now I need to authenticate a Linux system against the Samba4 DC and I need
to have the unixHomedirectory used. There is a lot of older information on
the net on how to authenticate. I'd prefer to not be required to install
samba4 on these other Linux systems which a lot of these approaches seem to
require. These linux systems are running LTSP so I have 50+ users logged in
at any given time. I currently NFS mount home directories for the linux
systems from a central fileserver. Home directories are of the pattern
I've tested the Windows logins. I have an issue with mapped drives to the
fileservers but I expected this since the fileservers don't exist on the
test network. I expect this issue to be resolved once the fileservers are
upgraded to samba4 and joined as member servers.
which I think will work, The ldbsearch works but before embarking further on
this approach, I have some concerns.
1) will the unixHomedirectory be honored?
2) will I be able to easily add users so that the unix settings will be
properly configured? I currently use the IDEALX smbldap tools. Being able to
script account creation is very important to me .. adding 200+ user accounts
manually each year is not very appealing. ;)
3) Will the scripting tools be able to automatically assign a unique uid for
each unix account. Current approach uses NextFreeUnixID but this does not
exist in the Samba4 database (the ldap entry is shown below )
I have read through the recent thread on winbind and honestly I am not sure
that I want to pursue either winbind or sssd if it is possible to use
nss_pam_ldap which seems closest to the current approach.
Thank you for your patience and taking the time to read the above.
To unsubscribe from this list go to the following URL and read the
More information about the samba