[Samba] Using Samba4 AD to authenticate users of other Linux services (SSH, Mail, etc.)
MI
mi.lists at alma.ch
Fri Jul 8 09:03:23 UTC 2016
Thanks.
pam-ldap is what I have now (libpam-ldapd 0.9.4-3+deb8u1) and which worked with openldap.
I do have UIDs/GIDs, which seem to have been preserved in the classicupgrade:
# ldbsearch -H ldap://localhost -U Administrator -b
"CN=Users,DC=ad,DC=mydomain,DC=tld" ...
# record 75
dn: CN=tobias,CN=Users,DC=ad,DC=mydomain,DC=tld
cn: tobias
name: tobias
sAMAccountName: tobias
displayName: Tobias Xyz
uidNumber: 1038
objectClass: top
objectClass: posixAccount
objectClass: person
objectClass: organizationalPerson
objectClass: user
unixHomeDirectory: /home/tobias
gidNumber: 513
Maybe I only need some simple settings somewhere to use the Samba4 LDAP instead of
openldap?
-------- Original Message --------
>> For Samba4 AD, I see mentions of pam-winbind, pam-sss, sssd, kerberos, and
>> don't
>> quite understand which of these I actually need.
> Its your party... and,., you forgot pam-ldap ;-)
>
> You need to set UID/GIDs on the users and groups.
> And you need to make sure these users have a home dir.
>
> I choose kerberos for my linux auth.
> Per example for ssh, if you install ssh-krb5 in debian,
> you can use the AD-AC users to login on the linux systems.
> Look here : https://wiki.samba.org/index.php/User_Documentation
> Bit on the bottem there are some examples.
> Like : https://wiki.samba.org/index.php/OpenSSH_Single_sign-on
> If you run pam-auth-update you can see the pam selected things.
>
> Hope this helps you a bit.
>
> Greetz,
>
> Louis
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens MI
>> Verzonden: donderdag 7 juli 2016 22:07
>> Aan: Samba List
>> Onderwerp: [Samba] Using Samba4 AD to authenticate users of other Linux
>> services (SSH, Mail, etc.)
>>
>> I'm confused about how to authenticate users of other Unix services with
>> Samba4 AD.
>>
>> After trying the classic upgrade on a test server, I can use smbclient.
>> However,
>> "getent passwd" doesn't show the users, and I'm not sure what I have to do
>> now.
>>
>> On the live machines, I have openldap, pam-ldapd and nslcd running to
>> authenticate
>> users of Samba 3 as well as ssh, postfix, dovecot, apache, mediawiki,
>> postgresql, etc.
>>
>> For Samba4 AD, I see mentions of pam-winbind, pam-sss, sssd, kerberos, and
>> don't
>> quite understand which of these I actually need.
>>
>> The point is to use the Samba4 AD-DC to authenticate users for the other
>> Linux
>> services, including on other machines which may not be running Samba.
>> Particularly
>> for SSH and mail.
>>
>> All the Linux machines run Debian 8.
>>
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list