[Samba] samba as an ldap server
Gaiseric Vandal
gaiseric.vandal at gmail.com
Thu May 22 13:43:43 MDT 2014
On 05/22/14 13:18, Stefan Kania wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Am 22.05.14 17:12, schrieb David Bear:
>> We would like to use samba 4.x as our ADDC and also as an ldap
>> source for authentication. Google apps can use an ldap server as a
>> source for users and groups. There seems to be plenty of use of AD
>> as a ldap server for this purpose. I wanted to check to see if
>> anyone has used samba 4 running as an ADDC as an authentication
>> server for other services that can consume ldap.
>>
> Of course you can use Samba AD for authentication for Linux-clients.
> Just configure winbind, join the domain and install libpam-heimdal
> then you can use Kerberos-authentication
>
>
> - --
> Stefan Kania
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlN+MWIACgkQ2JOGcNAHDTb7nQCgpDsuMFwHAUrentljAy4xXms2
> egoAn2uaSIF3xUFd0ncYHEF8Sjhzrja2
> =FrgS
> -----END PGP SIGNATURE-----
Kerberos aside, my understanding is that Samba 4 LDAP is rfc2307 and
posix compatible? Wouldn't you be able to to use an LDAP editor and
add the following attributes for each user?
objectClass = posixUser
uid
uidNumber
gidNumber
gecos
homeDirectory
userPassword
Even if you do use Kerberos for authentication, wouldn't you still
need LDAP for group and autofs information. Kerberos would at least
avoid the password sycn issue.
I am still running Samba 3 with LDAP for Fedora Linux and Solaris
machines. Fedora and Solaris both have kerberos client support-
but they use MIT Kerberos. Or from the client perspective, is there
a difference between MIT and Heimdal?
More information about the samba
mailing list