[Samba] samba as an ldap server

Stefan Kania stefan at kania-online.de
Thu May 22 23:48:18 MDT 2014 

Here is an example for the global-section of smb.conf from a client.
[global]
       workgroup = example
       realm = EXAMPLE.NET
       security = ADS
       winbind separator = +
       winbind enum users = yes
       winbind enum groups = yes
       winbind use default domain = yes
       winbind refresh tickets = Yes
       template shell = /bin/bash
       idmap config * : range = 1000000 - 1999999
       idmap config EXAMPLE : backend = rid
       idmap config EXAMPLE : range =  1000000 - 1999999

Then copy krb5.conf to your client, install libpam-heimdal change 
/etc/nsswitch.conf to:
passwd compat winbind
group  compat winbind
shadow compat winbind

Then you should see your users with wbinfo and getent.


Am 22.05.2014 21:37, schrieb David Bear:
> Thank you Stefan. We are interested in using samba as the 'store' for
> all usernames/passwords for authentication with services like radius.
> Google apps will also use an ldap server for auth. So I am interested
> in hearing from anyone that has used Samba in this manner.
> 
> On Thu, May 22, 2014 at 10:18 AM, Stefan Kania
> <stefan at kania-online.de> wrote:
> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> 
>> Am 22.05.14 17:12, schrieb David Bear:
>> 
>>> We would like to use samba 4.x as our ADDC and also as an ldap
>>> source for authentication. Google apps can use an ldap server as
>> a
>>> source for users and groups. There seems to be plenty of use of
>> AD
>>> as a ldap server for this purpose. I wanted to check to see if
>>> anyone has used samba 4 running as an ADDC as an authentication
>>> server for other services that can consume ldap.
>>> 
>> Of course you can use Samba AD for authentication for
>> Linux-clients.
>> Just configure winbind, join the domain and install libpam-heimdal
>> then you can use Kerberos-authentication
>> 
>> - --
>> Stefan Kania
>> 
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>> [1]
>> 
>> iEYEARECAAYFAlN+MWIACgkQ2JOGcNAHDTb7nQCgpDsuMFwHAUrentljAy4xXms2
>> egoAn2uaSIF3xUFd0ncYHEF8Sjhzrja2
>> =FrgS
>> -----END PGP SIGNATURE-----
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba [2]
> 
> --
> 
> David Bear
> mobile: (602) 903-6476
> 
> 
> 
> Links:
> ------
> [1] http://www.enigmail.net/
> [2] https://lists.samba.org/mailman/options/samba

More information about the samba mailing list