[Samba] Configuring Linux openldap ldapsearch client-side tool to authenticate against a Samba AD server
Rowland Penny
rpenny at samba.org
Tue Apr 25 21:10:53 UTC 2023
On 25/04/2023 21:40, John R. Graham via samba wrote:
> Hi, Rowland. There is no openldap server. I'm working on achieving
> single sign on for both Linux and Windows machines against a new Samba
> AD server. I'm not against authenticating; I'm just ignorant on how to
> go about that. Single sign on is, I understand, provided "out of the
> box" for Windows clients once the AD server is properly set up. The
> eventual goal on the Linux side would be to use pam_ldap or SSSD to
> communicate with the Samba AD LDAP server to achieve the same thing. My
> initial thought was to do this /without/ installing the Samba client
> side tools on every Linux box. If that's a bad decision, please feel
> free to wave me off.
>
> In trying to get things working incrementally, I was trying to use the
> openldap-provided ldapsearch tool to query Samba AD for user
> information. Clearly I need to set up ldapsearch to authenticate with
> Samba AD. Hopefully you can just point me to some documentation now that
> I have (hopefully) less ambiguously explained myself.
>
> - John
>
>
I still don't fully understand just what you are trying to achieve, to
get any method to work, your Linux machine really needs to join the domain.
If you don't require shares, don't run the Samba smbd daemon, just run
winbind. The problem is mapping AD users as Linux users, by using
winbind you make the AD users appear as Linux users without creating
them on the Linux box. If you do use the Samba tools, you can install
the ldb tools (ldbsearch etc), these can use the machine password for
most searches.
Rowland
More information about the samba
mailing list