[Samba] integrating samba with pam
guido at lorenzutti.com.ar
Sat Jul 1 21:21:08 UTC 2017
On Sat, 1 Jul 2017 19:27:09 +0100, Rowland Penny via samba wrote:
> On Sat, 01 Jul 2017 14:19:13 -0300
> Guido Lorenzutti wrote:
We used to hide some information from our windows group, to make acls
only in unix groups. But well.. i think we can start sharing that info
with the domain groups.
> You can do something very similar by using
ACLs, create groups in AD,
> add RFC2307 attributes and add your Unix
users to the groups. You can
> then make only members of these Unix
groups be allowed access to a
>>> I read that to join
a squid proxy to the domain.
>> But its a pain to have to install
winbind on every unix I have just to be able to use the same credentials
that the samba domain. Before samba4, i was able to use ldap. Samba4 has
a ldap like service. There should be a way to use that an ldapsearch,
for example. And of course, pam_ldap.
> You need to speak to Louis
van Belle about squid, he is the expert.
Everything its ok with the
squid for the time being... im using kerberos only.
I don't understand
your problem with winbind, if you do use nslcd, you
will have to
configure smb.conf, the nslcd conf file and run k5start to
kerberos refreshes tickets. If yo> er with nslcd ? Just what does nslcd
give you that winbind doesn't ? I should also point out that nslcd isn't
supported by Samba.
> I have several barebone systems with the
minimum of hardrive, ram, and utilities on the SO. Everything works
great only with nslcd and pam_ldap and I have the same users and
passwords that the Samba3+OpenLDAP DC.
> Now in Samba4 it seems that
its required to have winbind runnin
ient and obviously a lot of
The nslcd uses ldap queries to have all the users,
groups, etc, talking directly to the ldap server. If samba4 has a ldap
like server, he has to had a way to query the service, to avoid using
winbind on eeevery client.
Well, for what you said, I must start to
try to give it a go to winbind and hope it dosent need too much ram to
What do you want to authenticate to Samba ?
 mailto:guido at lorenzutti.com.ar
More information about the samba