[Samba] integrating samba with pam
rpenny at samba.org
Sat Jul 1 15:30:25 UTC 2017
On Sat, 01 Jul 2017 11:48:21 -0300
Guido Lorenzutti via samba <samba at lists.samba.org> wrote:
> Hi there!
> I been using samba3 with ldap for years, and now im
> about to move to samba4 to leave the slapd.
I take it you mean that you use Samba as an AD DC
> I didnt try yet to migrate
> the directory from samba3 to samba4. But i did setup a new domain and
> everything looks ok.
> My doubt is related to the configuration of the
> computers with linux so that they can take advantage of the users and
> passwords of ldap. But also, groups that are unix exclusive.
It doesn't work that way, you create groups in AD and then make them
Unix groups as well.
> I didnt
> find a way to create groups that in samba3 where only unix:
> smbgroupadd group
> (withouth the -a)
> Is this possible?
No, not unless you create a new NT4-style domain and I strongly urge
you not go down this path, they are things of the past and Microsoft
seems to be trying to make it harder and harder to use them.
> Also, i
> dont want to install winbind in every workstation to authenticate
> against samba4. How can i configure pam_ldap and nslcd to validate my
> users and groups? I did install kerberos and everything seems ok.
Why do you want to do this ?
The way the Samba code is now written, it needs winbind installed, so
you might as well use it.
See here for more info on setting up a Unix domain member:
More information about the samba