[Samba] samba as an ldap server
Rowland Penny
rowlandpenny at googlemail.com
Thu May 22 13:52:56 MDT 2014
On 22/05/14 20:43, Gaiseric Vandal wrote:
> On 05/22/14 13:18, Stefan Kania wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Am 22.05.14 17:12, schrieb David Bear:
>>> We would like to use samba 4.x as our ADDC and also as an ldap
>>> source for authentication. Google apps can use an ldap server as a
>>> source for users and groups. There seems to be plenty of use of AD
>>> as a ldap server for this purpose. I wanted to check to see if
>>> anyone has used samba 4 running as an ADDC as an authentication
>>> server for other services that can consume ldap.
>>>
>> Of course you can use Samba AD for authentication for Linux-clients.
>> Just configure winbind, join the domain and install libpam-heimdal
>> then you can use Kerberos-authentication
>>
>>
>> - -- Stefan Kania
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>>
>> iEYEARECAAYFAlN+MWIACgkQ2JOGcNAHDTb7nQCgpDsuMFwHAUrentljAy4xXms2
>> egoAn2uaSIF3xUFd0ncYHEF8Sjhzrja2
>> =FrgS
>> -----END PGP SIGNATURE-----
>
>
>
> Kerberos aside, my understanding is that Samba 4 LDAP is rfc2307 and
> posix compatible? Wouldn't you be able to to use an LDAP editor
> and add the following attributes for each user?
>
> objectClass = posixUser
> uid
> uidNumber
> gidNumber
> gecos
> homeDirectory
> userPassword
Yes, this is possible, but I think you meant posixAccount instead of
posixUser, but either way it shouldn't be added as not required.
>
>
>
> Even if you do use Kerberos for authentication, wouldn't you still
> need LDAP for group and autofs information. Kerberos would at least
> avoid the password sycn issue.
>
AD has groups and you can extend the AD schema for autofs
Rowland
> I am still running Samba 3 with LDAP for Fedora Linux and Solaris
> machines. Fedora and Solaris both have kerberos client support-
> but they use MIT Kerberos. Or from the client perspective, is
> there a difference between MIT and Heimdal?
>
>
>
>
>
>
More information about the samba
mailing list