[Samba] Delegate Samba4 user authentication to an external LDAP server

Mario Pio Russo mariopiorusso at ie.ibm.com
Tue Mar 3 07:50:47 MST 2015 

Good Day All

first of all thank you for this mailing list, it's really great, as great
is Samba :D

I have a question regarding Samba4  and the possibility to delegate
authentication to an external LDAP server using Cyrus SASL.

Basically I have already successfully implemented an authentication
delegation from an OpenLdap server (on CentOs) to another LDAP server (on
AIX) via cyrus SASL. I've done steps similar to what described here:

http://gauvain.pocentek.net/node/42

and all worked fine.

now I want to replicate the same operation on a Samba4 AD domain (on Ubuntu
10.4). The final goal is that users on the Samba4 domain do not need a new
password for it, but they can use the one of the centralized , external
openldap (AIX). I know that Samba4 uses its own internal ldap server, which
is not OpenLdap anymore, so now I hav ethe following questions:

- has any of you ever tried something similar?
- in order to Delegate authentication from OpenLdap to LDAP, I had to
install and use a specific cycrus-sasl plugin on my  CentOs server:
"cyrus-sasl-ldap.x86_64 : LDAP auxprop support for Cyrus SASL"; this does
not seem to be present for samba4, but only from openldap; do you know if I
still need this? is Cyrus-SASL support is already included in samba4?
according to the cyrus-SASL official web page there is no mention of
Samba4: http://asg.web.cmu.edu/sasl/sasl-projects.html
- I need to change the "password" attribute of each user and make it look
similar to this {SASL}username at externalldap.com , how can I modify that
attribute?

thanks in advance, any help is welcome!!


___________________________________________________________________________________________

Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1
815 2236, eMail: mariopiorusso at ie.ibm.com
IBM Ireland Product Distribution Limited registered in Ireland with number
92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin 4

(Embedded image moved to file: pic52094.gif)

More information about the samba mailing list