[Samba] Delegate Samba4 user authentication to an external LDAP server
abartlet at samba.org
Tue Mar 10 12:02:02 MDT 2015
On Tue, 2015-03-10 at 10:46 +0000, Mario Pio Russo wrote:
> thanks for your answer, I cannot do the reverse authentication
> unfortunately. Everything has to work as I have described. Furthermore I
> cannot change my external trust authority for authentication. From this
> thread it looks like the only option is to use local password for the
> Samba4 domain users, which add some complexity when managing IDs (and above
> all passwords), as a single user might have different ids/password in the
> Samba4 domain and the LDAP one.
> I've read few other threads about using OplenLdap as backend of Samba4 AD
> DC, seemingly there was a project to integrate OpenLdap within Samba4 AD
> DC, do you know if there is any progress in that direction?
Even if it were to succeed, it wouldn't help you, as it still requires
Samba to hold the passwords. It is about changing the DB engine, not
the authentication model.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba