[Samba] External Authentication

Vex Mage dosmage at gmail.com
Fri Apr 12 18:44:02 UTC 2019

That is correct. I'm not adverse to using AD. I've used real AD in many
environments in the past and to be honest the Samba4 AD seems to work
really well. I just need to have all my users from our central LDAP. The
passwords would need to match so that students, faculty and staff can use
the existing campus wide tools. Thank you.

On Fri, Apr 12, 2019 at 11:27 AM Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Fri, 12 Apr 2019 11:04:58 -0700
> Vex Mage <dosmage at gmail.com> wrote:
> > I apologize but that is what I meant by black box. The Samba3 server
> > is our server. It connects to the LDAP that is out of my control and
> > extends the users' entries to the Windows desktops.
> >
> > If it's easier to visualize we're getting LDAP as a service from the
> > central campus IT department. It is then on us to provide services our
> > school needs to our students, faculty and staff. They have no concern
> > about Samba3 or Samba4. We're just using their LDAP server.
> >
> > Samba4 can't use this LDAP service in AD and I understand the
> > complexities of the extensions AD has put on to its LDAP however;
> > without the ability to auto discover users and groups it's a
> > management burden for me to implement some form of continuous sync to
> > massage data from the central campus LDAP to Samba4. I can contrive
> > methods and fortunately Marco has given me a great lead but it still
> > seems overly complex.
> >
> > This is why I was looking into auto discovery / auto creation of
> > users and groups via an external authentication request. At least
> > then the users would exist if they successfully authenticated.
> > Obviously that's not a completely reasonable solution either.
> >
> > Another contrived solution I've been mulling around is using the meta
> > backend in OpenLDAP and creating a combined view of Samba4 with
> > central campus LDAP. The issue here is that I don't yet know whether
> > OpenLDAP would be able to query Samba4, stitch together the output of
> > the LDAP servers, let alone configure Samba4 to use it instead of
> > directly connecting to its backend.
> >
> > The final solution I can figure is to setup Windows desktops joined
> > Samba4 with a trust to FreeIPA and a replication mechanism between
> > FreeIPA and campus LDAP. At my previous employer I have already got
> > Windows to authenticate through to FreeIPA but that still leaves me
> > with the FreeIPA to LDAP conundrum.
> >
> >
> Lets see if I have this right, you are not adverse to using AD, you
> just want to have all the users and groups that are in your central
> ldap in your <whatever it is>
> Do the passwords have to match ?
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba


More information about the samba mailing list