[Samba] Active Directory clients in DMZ

Rowland Penny rowlandpenny241155 at gmail.com
Sat Aug 29 18:27:37 UTC 2015

On 29/08/15 19:09, Marc Muehlfeld wrote:
> Hello,
> Am 28.08.2015 um 21:03 schrieb shacky:
>> I read the document at
>> https://wiki.samba.org/index.php/OpenLDAP_as_proxy_to_AD#Authentication_against_AD_through_openLDAP_proxy
>> and it tells about an OpenLDAP proxy to authenticate some external
>> services through it, but I need to join some Windows clients so I
>> think I cannot use it, can I?
>> So could you advise me what a best practice could be?
> If you have to join DMZ machines, the openLDAP proxy won't work, because
> it would just provide access to underlaying LDAP. However it is not able
> to understand setting e. g. AD permissions or other things the classic
> LDAP don't have.
> Regards,
> Marc

Microsoft has a doc for this, but being microsoft they don't call it a 
DMZ, it's a 'perimeter network'

see: http://www.microsoft.com/en-us/download/details.aspx?id=3957#tm


More information about the samba mailing list