[Samba] Authenticating other services against AD - PAM and Postgres - dedicated user

Jakub Kulesza jakkul at gmail.com
Thu Mar 5 01:54:53 MST 2015


I've got a samba4 pdc, fileserver and whatnot running now for a few months,
a number of users logs in there daily, everyone seems quite happy about it

I've migrated my environment from samba3 NTdomain, where I had LDAP backend
for users and I used that to authenticate other services against it: like
pam on other servers and postgres DBs. I have succesully managed to do this
as well using Samba4 and this howto:
chapter openLDAP proxy to AD. But I had to leave administrator credentials
on the server for the PAM and PAM on Postgres to work.

Question: what is your recommendation on creating a samba user, that is
only allowed to list users and groups for the sole purpose of connecting
through OpenLDAP proxy to PAM?

Jakub Kulesza

More information about the samba mailing list