[Samba] integrating samba with pam

Guido Lorenzutti guido at lorenzutti.com.ar
Sat Jul 1 17:19:13 UTC 2017 

  

On Sat, 1 Jul 2017 16:30:25 +0100, Rowland Penny via samba wrote:


> On Sat, 01 Jul 2017 11:48:21 -0300
> Guido Lorenzutti via samba
wrote:
> 
>> Hi there! I been using samba3 with ldap for years, and now
im about to move to samba4 to leave the slapd.
> 
> I take it you mean
that you use Samba as an AD DC

Exactly.

>> I didnt try yet to migrate
the directory from samba3 to samba4. But i did setup a new domain and
everything looks ok. My doubt is related to the configuration of the
computers with linux so that they can take advantage of the users and
passwords of ldap. But also, groups that are unix exclusive.
> 
> It
doesn't work that way, you create groups in AD and then make them
> Unix
groups as well.
> 
>> I didnt find a way to create groups that in samba3
where only unix: smbgroupadd group (withouth the -a) Is this possible?
>

> No, not unless you create a new NT4-style domain and I strongly
urge
> you not go down this path, they are things of the past and
Microsoft
> seems to be trying to make it harder and harder to use
them.

We used to hide some information from our windows group, to make
acls only in unix groups. But well.. i think we can start sharing that
info with the domain groups.

  Also, i dont want to install winbind in
every workstation to authenticate against samba4. How ca

> ok. 
> 
>
Why do you want to do this ?
> The way the Samba code is now written, it
needs winbind installed, so
> you might as well use it.
> 
> See here
for more info on setting up a Unix domain member:
> 
>
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
[2]
> 
> Rowland
> 
> I read that to join a squid proxy to the domain.
But its a pain to have to install winbind on every unix I have just to
be able to use the same credentials that the samba domain. Before
samba4, i was able to use ldap. Samba4 has a ldap like service. There
should be a way to use that
 an ldapsearch, for example. And of course,
pam_ldap. 

  

Links:
------
[1] mailto:samba at lists.samba.org
[2]
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

More information about the samba mailing list