[Samba] Samba share authentication using SSSD

Danilo Mussolini danilo at mdotti.com
Sat Jun 7 22:54:15 MDT 2014

I got this working here by nslcd.

We have several standalone file Samba servers here (not as DC or member
server) using LDAP as a backend. Access to the shares authenticate with
users from he LDAP database.


On Sat, Jun 7, 2014 at 10:57 PM, Andrew Bartlett <abartlet at samba.org> wrote:

> On Fri, 2014-06-06 at 10:36 -0700, John Hixson wrote:
> > Hi,
> >
> > Here is my desired configuration:
> >
> > An external LDAP server, Samba 4.1.8 (not configured as a member server
> > or as a domain controller), and SSSD configured with the external LDAP
> > server. Authentication locally and via ssh works fine using pam_sss.so.
> > When attempting to authenticate a share on windows using an LDAP users
> > credentials, the request fails with NT_STATUS_ACCESS_DENIED. I'd like to
> > do this without configuring samba at all to use LDAP, is this possible?
> By what process do you expect Samba to obtain the NT password hash, or
> to forward the NTLM response, what what would do the NTLM calculation to
> verify it?
> Andrew Bartlett
> --
> Andrew Bartlett                       http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT
> http://catalyst.net.nz/services/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list